MiniVIC . . . may have a problem

Have you uninstalled the previous 1.4.6 MVCI driver?

Vincent

 

Good point. I haven't.

 

Bob or friendly_jacek, i have the same issue (chineese cable with 1.4.1 firmware for NHW11) and cannot find cables with latest firmware.
Can you send me links to cables which you buyed.
Thanks for reply.

 

Bob, did you order the mini vci or the XHorse cable from IMMOKM?

I too ordered off Amazon but received a 1.4.1 cable. It fails the cable test on the CAN, L+K signals. I'm debating if I should return it and try my luck else where.

What am I missing out on with a 1.4.1 cable and are all MVCI clones on 1.4.1? (ie. only XHorse is 2.0.1)?

Thank you.

 

Thanks, I will see if I am able to return the cable to Amazon seller and order from IMMOKM.

 

So... this is the cable I want to buy?

New MINI VCI for TOYOTA TIS Techstream V8.30.021 16Pin cable

And is it true that I need Windows XP to use this? Anyone have any luck running it in an emulated environment (WINE)?

 

I recently bought this mini VCI model on Amazon:

Here is the vendor's actual website, which is also an alternate place to buy this:
Toyota Mini VCI TIS Techstream J2534 OBD2 Diagnostic Scanner

This will work with Windows 7, 32 bit OS without requiring any special tricks. However my McAfee antivirus SW reports that the MVCI32.dll file is a trojan. That file is needed to establish communication with the vehicle, so I have to take the file out of "quarantine" when using Techstream and turn off the McAfee file scanning capability, then put the file back into quarantine and turn McAfee back on, when not using that application.

I am using a MacBook Pro with Boot Camp 4 and Windows 7 Home Premium, 32 bit OS. I tried using Windows 7 Home Premium 64 bit OS along with the hack described in the 4Runner forum, but found that the registry hack did not work for me. I had a problem similar to that described by the poster Simbot in the string below.
(Solution) Mini VCI + Toyota TIS Techstream 8.x on Windows 7/8 64-bit. - Toyota 4Runner Forum - Largest 4Runner Forum

I tested this on my 2006 HiHy and 2004 Prius. It automatically recognized both except that it thinks my 2004 is an 2005. That is easily corrected with the drop down menu.

The cable check utility shows all lines to be green except number 5, the L line. So this result is better than that described in the 4Runner forum string.

 

Over the weekend, I sent an email to the customer service dept of the vendor who sold the mini VCI, to complain about the trojan file, but (not surprisingly) have not received a response. I am wondering whether other users of mini VCI can check to see whether they have MVCI32.dll installed on their computers. If you find this file, does your antivirus software have a problem with it?

If your AV software believes your file is clean, I'd appreciate it if you could contact me via PM. I'd like to receive a clean copy of the software via email so that I don't have to worry about having a trojan file on my system. Thanks!

 

There's a site I use which checks an uploaded file (max size 64MB) against about 40 antivirus databases, and shows the results from each one. This might help identify if the DLL file is really a Trojan.

VirusTotal - Free Online Virus, Malware and URL Scanner

 

Thank you. That site shows that 6 out of 45 antivirus databases believe that the "MVCI Driver for Toyota" file contains a Trojan. MVCI Driver for Toyota produces the MVCI32.dll file among others.

I'm a bit unclear about the potential impact of this Trojan.

AntivirusResultUpdate
Ikarus Trojan.Win32.Spy 20130312
Kingsoft VIRUS_UNKNOWN 20130311
Norman Suspicious.D2!genr 20130312
Panda Trj/Thed.A 20130312
Symantec WS.Reputation.1 20130312
TrendMicro-HouseCall TROJ_GEN.R47H1E2
20130312

 

I think some of the antivirus programs are ultra-conservative and flag as potential malware anything they don't recognize. For example, here's what Symantec says about their result:

"WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories."

 

I submitted the actual MVCI32.dll file (which is a hidden file) and got these results. 10 out of 47 antivirus databases say that file is a virus including McAfee (which I already knew).

In my computer, the hidden file is located at C:\Program Files\XHorse Electronics\MVCI Driver for TOYOTA TIS\

AntivirusResultUpdate
Agnitum Suspicious!SA 20131020
AntiVir TR/Crypt.XPACK.Gen 20131021
Bkav W32.Cloda4a.Trojan.61e1 20131021
Comodo MalCrypt.Indus! 20131021
Ikarus Trojan.Win32.Turkojan 20131021
Kingsoft Win32.Malware.Heur_Generic.B.(kcloud) 20130829
McAfee Artemis!72EA5ACD1F5C 20131021
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20131021
Norman Suspicious_Gen4.ESSAQ 20131021
Panda Trj/Thed.A
20131021

 

I'm definitely not an expert on malware (pretty good on Unix/Linux systems, though), but those "generic" and "suspicious" results really mean "we have no idea what this is". And "heuristic" just means "stuff that looks somewhat like this has sometimes been malware".

If you haven't seen any ill effects from periodically taking the DLL file out of quarantine, it's most likely safe. But old PCs are cheap, and what I do is keep one with no connection to my network or the internet just for running suspicious programs. I have an antivirus program on it which lets me execute programs step by step, with approval required at each step so I can see what it's doing. And if the machine gets infected I can just wipe it and start over with a clean install of Windows.

For the mini VCI software an old XP laptop would be ideal.

 

Hi Patrick,

I've checked my older driver against virustotal.com today, it says this file was first analysed by VirusTotal on 2011-09-27 03:46:58 UTC and it found 6/47. Someone must have submitted this file before as this is the 1st time I'm checking. I did a reanalyse and it found 3/47.

AntivirusResultUpdate
Antiy-AVL Trojan/Win32.TGeneric 20140308
K7AntiVirus Trojan ( 0034218c1 ) 20140307
Norman Suspicious.D2!genr 20140307

I looked at your analysis report and all the dates are 20130211~12 so it is not the latest scan using the latest updates. Please do a reanalysis to see if any difference.

Vincent

 

Hi Vincent,

Well, whether the results are 3 out of 47, or 10 out of 47 - it bothers me that any of the AV SW packages think that a trojan is in the file. Since I use McAfee, and that SW definitely thinks that MVCI32.dll has a trojan, I feel it is appropriate to keep the laptop disconnected from the Internet when I am using Techstream and have McAfee file scanning deactivated.

 

Hi Patrick,

I'm not saying you shouldn't be bothered. My point is that all AV SW have their limitations. They depend on certain code patterns to judge whether it is virus-like or malware. That is why they need to keep updating their virus pattern files.

For my e.g., the 6 suspicious viruses are same as yours but left only Norman still thinks it is a virus after updates. Even if the list shows 0 virus, I would not say it is virus-free. The best practice is to use a standalone laptop that does not have internet connection, WiFi, BT and external storage like thumbdrives or USB HDD. Temporary deactivating AV to use Techstream is still not safe.

Vincent

 

I looked at the x horse cable recently and it seemed to work great. It could even program gen 3 keys. It did not appear to work on gen 1 but it looked like it was working well on gen 2. I think it talked to the engine computers of both gen 2 and 3.