../windows/projects/setiathome.berkeley.edu removal?

Message boards : BOINC client : ../windows/projects/setiathome.berkeley.edu removal?
Message board moderation

To post messages, you must log in.

AuthorMessage
connarch

Send message
Joined: 5 Feb 06
Posts: 2
United States
Message 2958 - Posted: 5 Feb 2006, 2:59:37 UTC

Why is it that everytime I startup my computer the directory ../windows/system32/projects/setiathome.berkeley.edu gets created?

I know about SETI and BOINC and never installed it on my machine voluntarily so I must assume that it was installed either by accident or maliciously.

Problem is I have run SpySweeper, AdAware, various VirusScanners, researched the app in Google for removal instructions, removed all instances of
SETIATHOME and BOINC in the registries, deleted the directories and files related to it...

I've tried everything yet everytime I re-start my system there's the damn directory even thought there is no shown evidence of any programs, directories, files related to either BOINC or SETIATHOME anywhere on my system.

My Windows Explorer is set to show hidden files...

I've searched the Microsoft KB and found nothing...

I've searched the this and the SETI website and found nothing...

Anyone know of this occurence, what can be done?

Sincerely,

Pierre Levesque,AIA
connarchATyahoo.com

ID: 2958 · Report as offensive
Aurora Borealis
Avatar

Send message
Joined: 8 Jan 06
Posts: 448
Canada
Message 2960 - Posted: 5 Feb 2006, 4:48:53 UTC - in response to Message 2958.  
Last modified: 5 Feb 2006, 4:50:39 UTC

Why is it that everytime I startup my computer the directory ../windows/system32/projects/setiathome.berkeley.edu gets created?

I know about SETI and BOINC and never installed it on my machine voluntarily so I must assume that it was installed either by accident or maliciously.

Problem is I have run SpySweeper, AdAware, various VirusScanners, researched the app in Google for removal instructions, removed all instances of
SETIATHOME and BOINC in the registries, deleted the directories and files related to it...

I've tried everything yet everytime I re-start my system there's the damn directory even thought there is no shown evidence of any programs, directories, files related to either BOINC or SETIATHOME anywhere on my system.

My Windows Explorer is set to show hidden files...

I've searched the Microsoft KB and found nothing...

I've searched the this and the SETI website and found nothing...

Anyone know of this occurence, what can be done?

Sincerely,

Pierre Levesque,AIA
connarchATyahoo.com

There is a possibility that someone has created a Trojan with Boinc-Seti as a payload. There has been discussion of this on one of the Seti Boards and has been looked into by a member of the development team.
Check the task manager to see if you have a process called setiathome_4.18_windows_intelx86.exe running.

Boinc V 7.4.36
Win7 i5 3.33G 4GB NVidia 470
ID: 2960 · Report as offensive
Paul D. Buck

Send message
Joined: 29 Aug 05
Posts: 225
Message 2963 - Posted: 5 Feb 2006, 6:54:29 UTC

Posting the same question in multiple threads will make it harder to get good help. If you look I answered this question in the other forum. So, mark one of these as closed and only use one thread.
ID: 2963 · Report as offensive
trux
Avatar

Send message
Joined: 8 Jan 06
Posts: 2
Czech Republic
Message 2967 - Posted: 5 Feb 2006, 14:37:03 UTC

Pierre, please be sure to preserve the content of the disk before removing. As others told, you apparently downloaded a Trojan program or virus, or your computer might have been intruded in another way. It is important that we can track down the initiator (program or person) and that we understand the mechanism it infects computers. It would be interesting to know the content of the xml files in your syste32 dir, but that's not all. Can you remember if you installed some new software just before the time it started to happen? (if you know at all when it really started). Maybe contacting an anti-virus company would be wise - telling them that your computer was infected by unidentified Trojan that apparently already infected many other computers (very possibly thousands), they migh be quite interrested in investigating it.
trux
BOINC software
Freediving Team
Czech Republic
ID: 2967 · Report as offensive

Message boards : BOINC client : ../windows/projects/setiathome.berkeley.edu removal?

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.