Message boards : Questions and problems : Trojan found in Boinc Data
Message board moderation
Author | Message |
---|---|
Send message Joined: 21 Dec 10 Posts: 1 |
I awoke today to find the following info from my antivirus scan today and I must say I am none to happy with it: Date/Time,Affected Files,Threat,Source,Response 12/21/2010 12:44 AM,C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe,TROJ_GEN.FA2CZLJ,Threat,Removed 12/21/2010 1:48 AM,C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe,TROJ_GEN.FA2CZLJ,Threat,Removed 12/21/2010 1:48 AM,C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe,TROJ_GEN.FA2CZLJ,Threat,Removed 12/21/2010 1:49 AM,C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe,TROJ_GEN.FA2CZLJ,Threat,Removed 12/21/2010 2:03 AM,C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe,TROJ_GEN.FA2CZLJ,Threat,Removed I have posted the same info on the Seti forums and want an explanation as to why data files are not scaned by SETI or Bonic before they are uploaded to peoples computers who are giving of their computer time to help |
Send message Joined: 29 Aug 05 Posts: 15565 |
This is what's called in the trade a "false positive". Something in your antivirus scanner's scanning ability changed by which it sees things that aren't there. Easily tested by going to http://www.virustotal.com and inputting the setiathome_6.03_windows_intelx86.exe into the scanner there. Then the file is scanned by 30+ AV scanners. And only if most all say there's something wrong, there will be something wrong. If something is wrong, it's 99.99% of the time an infection that happened on your system. Projects mainly make their science applications on Linux computers and distribute them from there. This means that the chance they are infected with whatever is minimal at best, as there's not many virus writers who write virii for this platform. |
Send message Joined: 13 Aug 06 Posts: 778 |
That looks very worrying. Could you please give us a link to your thread on the Seti forum so we can see what is said there? Am I right in thinking that what your AV scanner has identified as a trojan or containing a trojan is files for this particular Seti task type in your Boinc Data folder? It's difficult to tell whether it's identified 5 different tasks or 5 files from the same task. Which AV have you got? Is it bundled with a firewall or have you got that separately? I'm not taking what you say and have shown as prima facie evidence of the presence of a trojan. It may be but I'm not sure yet. For example, quite a few AVs immediately think that CPDN climate models are a risk and block them from running unless the member excludes Boinc and CPDN from scans and/or puts these folders into the AV's trusted section. CPDN has members whose AVs won't let them run anything because they haven't done this; all their tasks crash because the AV blocks them, thinking they're risky or dangerous. But other people with different AVs run the same climate model types with no trouble at all and without needing to tell the AV that these folders should be considered safe. Of course, classifying files as safe requires the member to trust both Boinc and the project. I will be interested to see how these tasks and their files are treated by the AVs of other Seti members who've downloaded the same task type. |
Send message Joined: 23 Apr 07 Posts: 1112 |
setiathome_6.03_windows_intelx86.exe is the Stock CPU app for Setiathome Enhanced Multibeam tasks and a has been in use for a couple of years now, Claggy |
Send message Joined: 29 Aug 05 Posts: 15565 |
I will be interested to see how these tasks and their files are treated by the AVs of other Seti members who've downloaded the same task type. Seti is down at the moment due to big maintenance (moving of database files to the new server). Yet before they went down, 3 different people had started 3 different threads already complaining how their Trend Micro would all of a sudden make a fuss of Seti's app, it being purportedly 'infected' with a Trojan horse virus. When your AV will Monday say there's nothing to worry about, then get an update in between Monday and Tuesday, to go Tuesday say that Seti's app is infected with a Whatdowehavehere virus, then it's 99% sure that it's your freshly updated AV scanner that's doing it and seeing it wrong. This isn't the first time that we have seen on any project that a freshly updated AV scanner went nuts about project applications. Then at the next update of their Av scanner, things would go back to normal. The user though is usually in complete panic and blaming projects and program makers for adding things, over absolutely completely nothing. |
Send message Joined: 5 Oct 06 Posts: 5129 |
Since nobody has reported back on this, I've done my own test. VirusTotal test results have been posted in the SETI@home News message board area, where the first warning was posted. Note my comment on methodology - I pasted the download url for the SETI file directly into VirusTotal, so the file was downloaded directly from Berkeley to VirusTotal with no risk of contamination or modification on my machine. |
Send message Joined: 13 Aug 06 Posts: 778 |
Thanks for carrying out the test. Sometimes my AV (AVG freebie) asks me 'What's this?' and asks me to report on something new. Until now I've always declined to fill in the AVG report form in case it's very complicated, but to some extent the AV companies do depend on their clients making the effort to explain what apps consist of. |
Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License,
Version 1.2 or any later version published by the Free Software Foundation.