BOINC - Virus False Positive?

Message boards : Questions and problems : BOINC - Virus False Positive?
Message board moderation

To post messages, you must log in.

AuthorMessage
Dave34

Send message
Joined: 21 Apr 18
Posts: 2
United States
Message 85950 - Posted: 21 Apr 2018, 13:54:13 UTC

Here is a screen-shot of Windows Defender showing a virus (file: C:\ProgramData\BOINC\slots\5\restart.idx):
https://photos.app.goo.gl/pki3EsAfQWHxQOrN2

Link shown on screen-shot to virus information:
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aScript%2fCloxer.A!cl&threatid=2147725998

Is this a possible false positive or something to be concerned about? File has been quarantined. Has anyone else seen or had this issue?

Can't currently copy BOINC event log from startup...only goes back 6 days or so. I am currently running GPUGrid, WCG, and Rosetta. Win10Pro. i7-870. GTX 770. BOINC v7.8.3 (x64).
ID: 85950 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5077
United Kingdom
Message 85951 - Posted: 21 Apr 2018, 15:14:17 UTC - in response to Message 85950.  

Anything in a slots\n location belongs to a science project, not to BOINC itself.

restart.idx is a file which we've been discussing at the GPUGrid project, which is the project this particular file belongs to.

Have a read of BOINC Trojan - which should definitely have had a question mark on the end. The consensus is that this is a false positive by the AV provider.
ID: 85951 · Report as offensive
Dave34

Send message
Joined: 21 Apr 18
Posts: 2
United States
Message 85952 - Posted: 21 Apr 2018, 15:30:57 UTC - in response to Message 85951.  

Thank you very much for the quick response!
Hopefully the quarantine will not cause any further issues with programs restarting.
ID: 85952 · Report as offensive
JIM

Send message
Joined: 19 Sep 10
Posts: 24
United States
Message 85953 - Posted: 21 Apr 2018, 20:02:25 UTC - in response to Message 85950.  

IT IS ALMOST CERTANILY A FALSE POSITIVE! This has happened many time to many Boinc projects over the last 10 years. They have always been false positives. The best thing to do is find out how to exclude Boinc from these scans in that AV program and exclude it. Be sure to exclude the Boinc folders in both the “Program” folder and in the “ProgranData” folder.
ID: 85953 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5077
United Kingdom
Message 85955 - Posted: 21 Apr 2018, 21:19:45 UTC - in response to Message 85953.  

It's not only scans that you need to exclude. Modern anti-virus products also monitor files as they are downloaded over the internet - suspect files end up in quarantine, rather than in the intended folders.
ID: 85955 · Report as offensive

Message boards : Questions and problems : BOINC - Virus False Positive?

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.