WARNING: Virus on board DJI Assistant 2 download from DJI

I downloaded DJI Assistant 2 from DJI this morning, and installed it. It did what I expected it to do (I've used it on another computer before).

This evening, Norton Security caught a very serious virus hiding within a file named "visionstarter2.exe" in the DJI product directory! See the attached screen shots.


     

Wow. How bad is that!

David A.

No virus. This is just Norton.

Um. No. I don't think so. And I'm sure as hell not taking that risk. It wouldn't be the first time a company has released an infected download.

It is a so called "false positive". There is no virus.

David, may I know which version is your DJI Assistant 2 and did you download it from DJI Official website? Looking forward to your feedback.

fans356367d4 Posted at 2018-2-27 00:38
Um. No. I don't think so. And I'm sure as hell not taking that risk. It wouldn't be the first time a company has released an infected download.

This was first spotted a few weeks ago with one or two virus killers wrongly reporting it, just Norton giving a false positive.

I run mcafee with latest updates and it gives no notification of any problems. Make sure Norton has latest .dat files, I believe that helped a few.

It is also a generic find by norton. Check file on virustotal and take "risk" or don't.

Get rid of that symantec crap...

Norton is garbage.

https://forum.dji.com/thread-128071-1-1.html

https://forum.dji.com/thread-130377-1-1.html

https://forum.dji.com/thread-130016-1-1.html

https://forum.dji.com/thread-128660-1-1.html


... and so on ...


And, the most important one https://forum.dji.com/forum.php? ... &fromuid=940640

DJI Thor Posted at 2018-2-27 01:47
David, may I know which version is your DJI Assistant 2 and did you download it from DJI Official website? Looking forward to your feedback.

I also downloaded your latest version of assistant 2 from you website. The virus has trashed my laptop.
A support email was sent Saturday- there was no reply concerning the problem. The virus w
Was seen by Windows 10 defender but it was too late. When the computer was restarted it showed an “updatiing your computer” message and then went to a blue screen boot error. It has wiped out my config files, regbackup and to date I haven’t been able to fine my data files. I will download Windows 10 ISO onto a usb stick and try to reload the operating system

I've had problems with Nortons in the past.  Switched to McAfee's for a while.  Had some get through there.  Using Windows Defender and Malwarebytes.  Never had a problem with my system since then.  Scanned daily and just ran a scan a few seconds ago to make sure.  All clean on 5.5 TB of hard drives.   Including Assistant.  

Thanks for the heads up on the virus. Was just about ready to download. Will wait another day to see if any one else has a problem before I update.

I downloaded assistant 2 on Saturday. I got hit by the virus - it was seen by Windows defender but wasn’t stopped. After the Download completed I restarted my laptop and it now has a blue screen - fail to boot.
It has trashed my confiig files and erased my regbackup. For those neh sayers out there. THERE IS A VIRUS. No false positive.  No kidding around. Tech support was notified Saturday and Thor was told on this forum today. Please download with caution

fansbd4bbeea Posted at 2018-3-8 06:42
I also downloaded your latest version of assistant 2 from you website. The virus has trashed my laptop.
A support email was sent Saturday- there was no reply concerning the problem. The virus w
Was seen by Windows 10 defender but it was too late. When the computer was restarted it showed an “updatiing your computer” message and then went to a blue screen boot error. It has wiped out my config files, regbackup and to date I haven’t been able to fine my data files. I will download Windows 10 ISO onto a usb stick and try to reload the operating system

Couldn’t tell you what version since my laptop is dead. It was on the DJI website. I went to the Mavic air menu and downloaded it from the software tab

DJI Thor Posted at 2018-2-27 01:47
David, may I know which version is your DJI Assistant 2 and did you download it from DJI Official website? Looking forward to your feedback.

I have uninstalled the program, so I don't know.

rantanlan Posted at 2018-2-27 06:50
Get rid of that symantec crap...

Excellent coaching from a terse but doubtlessly expert stranger on the Internet. I always take that sort of advice; hasn't failed me yxbz... xertas iisdfw!

I would rather have the virus than Norton any day.

However, there is no virus in said file.

fans356367d4 Posted at 2018-3-8 13:11
I have uninstalled the program, so I don't know.

Okay, if it is possible, take a look next time. And please feel free let me know if there is anything else I can do, I would love to help.

fansbd4bbeea Posted at 2018-3-8 06:42
I also downloaded your latest version of assistant 2 from you website. The virus has trashed my laptop.
A support email was sent Saturday- there was no reply concerning the problem. The virus w
Was seen by Windows 10 defender but it was too late. When the computer was restarted it showed an “updatiing your computer” message and then went to a blue screen boot error. It has wiped out my config files, regbackup and to date I haven’t been able to fine my data files. I will download Windows 10 ISO onto a usb stick and try to reload the operating system

Are you able to reload the system already? If you would like, we have a beta version for you to try. Let me know if you are interested.

DJI Thor Posted at 2018-3-8 22:48
Are you able to reload the system already? If you would like, we have a beta version for you to try. Let me know if you are interested.

It will be several days before I can get up and running . I have to reinstall Windows 10. At this time it appears that the virus has deleted all of my apps and data. I’m hoping I can retrieve what’s lost.

Interesting, I checked the same directory in your post above and I don't even have a file called VisionStarter2.exe.  I do have the file VisionStarter.exe. Seems as though this may be an incorrect file.

Bob Brown Posted at 2018-3-8 17:59
I would rather have the virus than Norton any day.

However, there is no virus in said file.

Very astute observation! One of the most popular and respected security suites is DEFINITELY worse than any virus! What was I thinking?

Li'l Bertie Posted at 2018-3-9 08:35
Very astute observation! One of the most popular and respected security suites is DEFINITELY worse than any virus! What was I thinking?

Better get your info from other locations, The last time Norton made a populair and respected suit was Norton Commander, and that was in 1984...

Just me but, I find it strange that a company would ask you to ignore a long standing virus protection suit. And disable driver signing to install the software you need to keep their product up to date. Norton is just the messenger.  I don't like blaming the messenger.

Thudd Posted at 2018-3-26 03:32
Just me but, I find it strange that a company would ask you to ignore a long standing virus protection suit. And disable driver signing to install the software you need to keep their product up to date. Norton is just the messenger.  I don't like blaming the messenger.

You are absolutely right. DJI doesn't have their stuff together with the unsigned drivers and DJI Assistant malfunctioning. It is however Norton which gives a false positive message, you can't blame DJI for that, nor for DJI saying to ignore the message, because Norton doesn't have their stuff together either.

Hi all,

it's not only Norton...
Today Windows 10 Defender found a "Trojan:Win32/Bitrep.A" within the "DGI Assistant 2 for Mavic 2.0.0.exe" (downloaded from the official DJI site). I also submitted the Installation file directly to Microsoft for online analysis - and the online scan confirmed the Trojan!


You can imagine that I have an extremely bad feeling about this…

What are your experiences with this installer?

Thanks and greetings!

few questions:

1. did you download the assist app from DJi directly (this website)?   
2. did you compare the MD5 sumcheck to make sure no man-in-the-middle attack going on?  d

3. did you try scanning it with malwarebytes for a second opinion incase of false positives?

norton is pretty sh**t with actually protecting you..   if your running windows 10 i suggest a combo of built-in windows defender + malwarebytes over pretty much anything right now.. specially norton and mcaffee.  i hope it was free and you didnt buy into it..

funnznbichler Posted at 2018-8-26 23:52
Hi all,

it's not only Norton...

And hi again,

strange: now (some minutes later) during an online re-scan, the same online scanner tells me there is *no* virus:


So it was a false positive? Again?

Greetings!

funnznbichler Posted at 2018-8-27 00:02
And hi again,

strange: now (some minutes later) during an online re-scan, the same online scanner tells me there is *no* virus:

redownload it and then scan new download.. windows defender can be extremely aggressive and without prompts, warnings or indications it can remove files trying to protect itself..

that being said, dji is a company based in china, and chinese government demands backdoors and monitoring software to be installed into things for their own people.. maybe there is somethign in the app they wasnt ment to be for distribution outside china?

There is no virus-Norton is the worst you can buy period!  I only use ESET It is bullet proof. Norton is worth less

funnznbichler Posted at 2018-8-26 23:52
Hi all,

it's not only Norton...

Windows defender is just as worthless as Norton

Not a virus, its just Norton.  Which is a resource hogging, inaccurate pile of junk.

funnznbichler Posted at 2018-8-26 23:52
Hi all,

it's not only Norton...

Yes, it is a false positive again. Happens frequently with new software that is not yet registered as safe in the various anti virus programs databases.

For everyone saying false positive no, as another user with a laptop above said, it also 'F'd' my laptop, 100% the only thing I installed, i'm always very particular about not downloading anything that could be not right,

The c h i n e s e do exactly this. love my drone but trust dji no, multiple things on my laptop stopped working including antivirus protection had to roll it all back and its obviously changed things in the registry as some programmes still don't start although now windows actually acknowledges this when i try to open them

I can count how many things I've installed on my laptop this year on my left hand... this programme is the issue

and btw of course i only download from official websites

Bitdefender 2019 Just discovered it on my computer. It's always been this way.

Gen:Trojan.Heur.PM.2

Li'l Bertie Posted at 2018-3-9 08:35
Very astute observation! One of the most popular and respected security suites is DEFINITELY worse than any virus! What was I thinking?

I tell ya what... YOU use Norton and me and my users will use real AV software. (Eset and T-Micro are great!) I recommend only AV that works against all threats!  I have over 2 decades in the IT industry and I can tell you this, Symantec/Norton embeds itself so deep into the OS it is almost like a virus itself. History of false-positives, BSOD issue and overall the biggest bloated pile of heaping non-av malware available. I could continue on... but since you "know your stuff" I will let you learn the hard way. (best way to learn!)

Hey and really... Good Luck to you! ;)

G_Sig Posted at 2018-2-27 00:26
No virus. This is just Norton.

Well my McAfee Anti-Virus is indicating also that it has quarantined the file because it is a Threat with JTi/Suspect.196612!ecb07ad92c27 what ever this is that I don´t know.

I never got this message before, it started after downloading a few days ago the latest Assistant 2 ver V2.0.10

Any news on this or help much appreciated.