If eveyone is aware that Dreamgrid has a Trojan in it. Why is it the download and installer on Outworldz is still there. Why hasn't that version been updated without the Trojan. ?

Fred is right, the antivirus program has a false positive based on a signature search string.
1000:014b ; XREFS First: 1000:00e1 Number : 1
1000:014b loc_0000014b:
1000:014b 43 inc bx
1000:014c 48 dec ax
1000:014d 49 dec cx
1000:014e 54 push sp
1000:014f 45 inc bp
1000:0150 43 inc bx
1000:0151 54 push sp
1000:0152 55 push bp
1000:0153 52 push dx
1000:0154 45 inc bp
1000:0155 253d3d and ax, 3d3dh
1000:0158 7838 js loc_00000192
1000:015a 362028 and ss:[bx+si], ch

Everything I produce is digitally signed by Microsoft Authenticode and will not run if a single bit changes. No other Opensim system takes security this seriously.

Just to clear up some misconceptions here: A fork is not someone adding anything to someone else's code. It's someone copying it. Adding would be a "push". Only Ubit Umarov (our #1 core dev) and I have permissions to push to DreamGrid.

There are no changes to this code since it was originally added last January. Anyone who understands git can see this. Or just look at https://github.com/Outworldz/DreamWorld/tree/V4/MSFT_Runti... The code inside is easily examined and scanneable by just extracting the EXE using any zip tool.

The version we run is from Jan 13, 2021. It has not been changed since then. Nothing else about anyone else's code is relevant.
The only time it was installed on any machine was shortly after that, when you first updated. It runs once, and never runs again, so you can delete it.

I'll report it to ClamAV. The hash of my version is 123468e5b29d797a0f7e09fe6736d26df8c9c13007aa3f579913726228bb2990. This is digitally signed by Authenticode so has a different signature than the original. Poorly written virus scanners may flag this as potentially malicious.

In the recent past, scanners from Microsoft, Norton and one have reported various bits of DreamGrid and Opensim as malicious based on behaviour rules. After all, Opensim downloads all kinds of unknown data stuff from hundreds of suspicious locations. DreamGrid does too.
All my code is protected from malicious people changing it by encrypted digital signature using the Outworldz Authenticode certificate.

On another note, anyone running an AV on Opensim\bin in real time needs to add an exclusion to the files in certain folders, or Opensim\bin. If you do not, you may end up with corrupted assets due to record locking. Opensim needs exclusing access to its assets and caches.

A bigger problem is older versions of Opensim, which directly allow anyone to read the hard disk and network shares. 0.8.2.1 grids and early 0.9.0 grids should be avoided.
https://www.virustotal.com/gui/file/123468e5b29d797a0f7e09...

I guess Fred has his work cut out for him... we haven't had any issues. (grid unannounced) What version is this virus in?

Yep and it's a new virus not detected by most antivirus including windows defender, norton, mcaffee, etc etc...

The file in question is the Microsoft Visual C++ Redistributable Runtimes bundled in a third-party, all-in-one "repack" as it's called. I guess it's necessary for running certain applications written in C++, although this should only be necessary for development.

What it does is automatically install the most current versions of whichever MSVC++ redistributables you need, at least the most current at the time the respective version of the repack was released. For instead of downloading the most current versions from Microsoft, it has everything included.

It's hosted on Github (https://github.com/abbodi1406/vcredist). But it isn't open-source. It's a mostly closed-source *.exe binary blob that could contain just about anything without anyone knowing. There is no source code publicly available at all, so you don't know what actually happens behind the scenes without reverse-engineering the whole thing. That's right, someone actually creates binary blobs on their home machine and uploads these to Github. Granted, it's a kind of executable 7-Zip archive, but still, that isn't what Github is there for. Also, it's licensed under "I can't be fucking bothered to deal with license shit, go do with my shit whatever the fuck you want, I don't fucking care".

Even the Readme doesn't spit out what exactly this application does and how exactly it works. I'd assume that it can be deleted after running it and installing what you need because it's only a means of installation automation, but I'm not sure whether that's actually the case.

As it's a binary blob, you can't check its contents on Github itself. You have to download it onto your machine and unpack it for that. So anyone could fork the Github repository, download the binary blob, unpack it, spike it with malware such as the aforementioned Win.Adware, add the new files and replace the modified files in the original *.exe and re-upload it. Github won't notice what exactly happened. Nobody will notice unless they download the spiked binary blob. And then it could pretty well be too late already.

So my guess is that someone has done just that (there are 163 forks currently: https://github.com/abbodi1406/vcredist/network/members). And that whoever slipped you the repack (Was it the DreamGrid installer? And why did it park it under C:\Users?) has downloaded it from the first place that popped up on Google without even knowing what Github (or Git or version management in general) is and how it works instead of looking up the actual maintainer.

I removed the virus from dreamgrid, and downloaded the file directly from microsoft. Dreamgrid is now running VERY smoothly and all the strange problems I was having went away. Yes I scanned the file I downloaded from microsoft and it was NOT positive for the trojan. All I can guess is the AIO came from a 3rd party other than microsoft, or... Microsoft made a goof up with that particular package.

I dont understand people... we are here on opensim to build and have fun... what kind of genius-asshole figures a way to virus us here... for what purpose ??

Jiangmin chinese antivirus confirms it as Trojan.Blocker.rce