Malware


Advanced search

Message boards : Questions and problems : Malware
Message board moderation

To post messages, you must log in.

AuthorMessage
rick snyder

Send message
Joined: 10 Jun 09
Posts: 3
United States
Message 25315 - Posted: 10 Jun 2009, 0:16:05 UTC

re: project seti@home

every time boinc sends message back and forth to seti-mother-ship, my computer gets reinfected with the Sysguard malware.
ID: 25315 · Report as offensive
Les Bayliss
Help desk expert

Send message
Joined: 25 Nov 05
Posts: 1654
Australia
Message 25316 - Posted: 10 Jun 2009, 1:21:17 UTC - in response to Message 25315.  

Is this according to your AV software?
Which one do you use?

And are you SURE that you keep getting the virus, or are you taking the AV's word for it? Because it's most likely a false positive that the AV people need to fix.

ID: 25316 · Report as offensive
rick snyder

Send message
Joined: 10 Jun 09
Posts: 3
United States
Message 25317 - Posted: 10 Jun 2009, 1:32:15 UTC

no sorry...it is not my av software (mcafee). I actually get all the pop up messages about my computer is at risk, and sysguard appears in my system tray. I struggled trying to figure out what was causing the re-infestation, and finally realized, I could exactly correlate the creation date of c:\windows\sysguard.exe to every time my Boinc-mgr communicated back with mother-ship.

I have explictly scanned all the files in c:\program files\boinc using mcafee, and it shows clean.
ID: 25317 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15484
Netherlands
Message 25322 - Posted: 10 Jun 2009, 10:10:12 UTC - in response to Message 25317.  

Seti won't be the source of the infection. Not only do they run completely on Linux, which can't be infected in any way, but if they were sending things like that out, there would be lots more people shouting hell and high water.

My suspicion is that you never got rid of it in the first place. What did you use to remove it with?
ID: 25322 · Report as offensive
Aurora Borealis
Avatar

Send message
Joined: 8 Jan 06
Posts: 448
Canada
Message 25327 - Posted: 10 Jun 2009, 15:58:54 UTC

First, this infection has nothing to do with Seti or Boinc. Time to do a little bit of googling. This is a very insidious type of infection and very adept at hiding. It is very difficult to eradicate completely. It can hide all over your system under various names. This including amoung others places, your system restore files, temporary files folders and virtual memory on the hard drive. It will resurrect itself unless you manage to remove all its component at the same time. The longer it's on your system the harder it will be to get rid of. You are likely to need expert help.

AV software is fairly good at detecting problems, but not that great at fixing them.
ID: 25327 · Report as offensive
rick snyder

Send message
Joined: 10 Jun 09
Posts: 3
United States
Message 25331 - Posted: 10 Jun 2009, 22:58:53 UTC

Sorry for the false alarm - I had convinced myself the coindence of a re-infestation timed to coincide with Boinc messages was the cause.

disabled system_restore, and now running avert stinger, plus whatever else it takes.
ID: 25331 · Report as offensive

Message boards : Questions and problems : Malware

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.