Actually, that file is used as a file compression library. It has nothing to do with party poker. I can assure you of that. I built it from the zlib sources myself.

---

----- Rom
BOINC Development Team, U.C. Berkeley
My Blog

I think CounterSpy is wrong.

I think it is a false positive.

---

----- Rom
BOINC Development Team, U.C. Berkeley
My Blog

Do you have an entry for PartyPoker in Add or Remove Programs?

Try opening control panel then selecting Add or Remove Programs and scan through to see if PartyPoker is listed. If it is then remove it.

---

Well, I just ran my nightly CounterSpy, and PartyPoker showed up again as spyware in the same BOINC file, even though I removed it last night. I will not remove it tonight, as I don't want to have to re-install BOINC again. I am not comfortable with it there, as it was done without my consent. CounterSpy does include PartyPoker as spyware, though benign, unless it is installed without consent.

Your not listening to what people are telling you it is a false positive, there is no party poker there, the file will just probally have something realated to it that party poker also users, so it is throwing up that message.

Just ignore it, its a BOINC file and your comp needs it, some antivirus software reports BOINC files as a virus when they are not, that happens a lot over at CPDN

---

Join us in Chat (see the forum) Click the Sig


Join UBT

Well, I just ran my nightly CounterSpy, and PartyPoker showed up again as spyware in the same BOINC file, even though I removed it last night. I will not remove it tonight, as I don't want to have to re-install BOINC again. I am not comfortable with it there, as it was done without my consent. CounterSpy does include PartyPoker as spyware, though benign, unless it is installed without consent.

Your not listening to what people are telling you it is a false positive, there is no party poker there, the file will just probally have something realated to it that party poker also users, so it is throwing up that message.

Just ignore it, its a BOINC file and your comp needs it, some antivirus software reports BOINC files as a virus when they are not, that happens a lot over at CPDN

Listen to what colleagues are saying, and what Halifax_Lad makes abundantly clear (if you are listening and understanding).

I run several spyware programmes, on a weekly basis, on each of my PCs. On 1, to which I have a scanner attached, one of my spyware packages identifies the scanning software as spyware.

The first time I foolishly uninstalled the identified files, and the scaner stopped working (doing it's job). I reinstalled the software, and then regularly "inspect (to check) and exclude the "so called" threat.

Ignore the identified threat or junk your anti-spyware package. It sounds suspect to me!

---

It's good to be back amongst friends and colleagues

PartyPoker
Infected files detected
C:\\Program Files\\BOINC\\zlib1.dll

The file zlib1.dll is present in my BOINC installation also. Neither Adaware SE or Spybot Search and Destroy have a problem with this. As these are two of the best anti spyware programs availble I am confident that the file is a legitimate BOINC file.

If I were you I would replace my anti spyware program with one or both of the above two as your current program IS reporting false positives.

---

Well, I just ran my nightly CounterSpy, and PartyPoker showed up again as spyware in the same BOINC file, even though I removed it last night. I will not remove it tonight, as I don't want to have to re-install BOINC again. I am not comfortable with it there, as it was done without my consent. CounterSpy does include PartyPoker as spyware, though benign, unless it is installed without consent.

Hi marz,

thanks for pointing this out, as many people may just see "spyware" and decide to delete BOINC without mentioning it in the Message Boards.

If ROM says it is probably a false positive, then I would have a tendency to go with that. Like others have said I would double check your computer to see if PartyPoker has been inadvertantly installed some how, use add/remove and possibly do a thorough search for PartyPoker, see what comes up.

I would have a little surf over to http://grc.com/ and click on ShieldsUp, which should give you a good indication as to how good your firewall is doing (ok it's not checking for infections, but it would be good to know how secure you are)

---

Join TeamACC

Sometimes I think we are alone in the universe, and sometimes I think we are not. In either case the idea is quite staggering.

I have removed it, again, but I expect that it is in my registry, and I won't attempt to clean that out. (I've only had a computer for a little over a year, and I won't take the risk of screwing it up).

Get a copy of Hijack this & post the results to a Techforum, you've possibly got some form of Malware.

---

Grant
Darwin NT

For your information..........a search at McAfee virus definitions shows nothing on "PartyPoker" at least as a virus. Possibility still exists of some type of spyware.

---

Boinc....Boinc....Boinc....Boinc....

never mind

---

Without love, breath is just a clock ... ticking.
Equilibrium

It's possible you have a virus/spyware/other that has attached itself to a sector of your hard drive. I had one once that survived deleting everything on the partition and doing a clean install. I did everything but reformat the drive. When I booted up the new windows installation it was back. Only way I got rid of it was to reformat the partition *then* do a fresh install.

---

Jim

Some people plan their life out and look back at the wealth they've had.
Others live life day by day and look back at the wealth of experiences and enjoyment they've had.

Marz,

I would advice you to go to Symantec website and do an online scan to determine if there really is a virus / trojan or is it just a false positive. What could be happening is you may have a virus which is infecting other dll files, hence the BOINC library file being reported as a virus. But without a reliable scan, all we can do is guess. After the scan, pls do take note of the name(s) of the virus(es) / trojan(s) found and we could give you better instructions for removal.

---

Norton gives false positives all the time.

---

I know nothing about coding (obviously), so I defer to your expertise. I thought that what I found should be mentioned, as it was installed in some way into the BOINC file, and, when deleted, stopped BOINC cold upon startup.

Marz,

Detecting viruses, trojans and spyware is an art, not a science. A science is precise, art implies creativity.

The anti-spyware programs search for a pattern in a file -- a sequence of bytes which the anti-spyware authors hope is unique to that one file, that one trojan.

So, why would CounterSpy report this as a trojan?

1) PartyPoker uses zlib compression.

2) PartyPoker doesn't use zlib, it just happens to have an identical byte sequence somewhere.

How long? Only the folks at CounterSpy would know. It is unlikely that they're looking for something highly unique, like "PartyPoker" -- it is more likely just a string of bytes picked arbitrarily.

What we do know is that one of the lead developers has told you the origin of zlib1.dll in the BOINC directory. It is there intentionally.

Under all circumstances, when you remove a component from installed software, you do so on the "if you break it, you own both parts" basis.

-- Ned

---

The most likely option is that is a false positive. However, it is possible that some malware has attached to this BOINC file via an alternate data stream. Marz, if you are using the Windows NTFS file system then I would also ensure you do a scan of Alternate Data Streams (ADS). NTFS supports ADS but Windows provides no means to view alternate data streams and some malware uses them to hide from view. You can store anything in an ADS even an executable. Windows XP even uses for its own stuff but provides no means to view these additions to files on disk.

I do not know if CounterSpy supports scanning of alternate data streams. I would:

1) Check if partypoker is listed under add or remove programs. It is quite easy to get programs installed without your knowledge especially if you use some P2P file sharing program like kazaa, click on links people send via Instant Messaging (e.g. if your friends system is infected some malware can send messages with links to people in their contacts list) or visit accidently dubious web sites.

2) Run a scan with an antispyware program that can scan ADS. Maybe Counterpsy has this option if not try Ad-Aware. This does provide the option to scan the ADS on your file system. The free version is available at http://www.lavasoftusa.com/software/adaware/

---

My zlib1.dll file shows a size of 58.5 KB (59,904 bytes) if that helps at all.

---

My zlib1.dll file shows a size of 58.5 KB (59,904 bytes) if that helps at all.

Yes, the BOINC zlib1.dll here is exactly the same size here and, as a double check, has an MD5 check of 80e41408f6d641dc1c0f5353a0cc8125

though there is also anothere zlib1.dll under C:\\Program Files\\Intel\\Wireless\\Bin which is 55,808 bytes.

I have not gotten that message from Counterspy.
You can try to update Counterspy, or reinstall Counterspy and BOINC.
Report it to Sunbelt Software.

---

Mike Bader
BOINC V7.16.5
http://setiathome.berkeley.edu/team_join_form.php?id=5 - Join Our International Team
[img]http://boinc.mundayweb.com/one/stats.php?

Just FYI, people on other projects have also reported this. Einstein has a thread here and Rosetta has one here.

Aside from the file name, a common factor in all of them is that CounterSpy seems to be the only spyware program reporting a problem. If it were truly spyware, it's highly likely that other spyware programs would also identify it as such.

Just a suggestion that people keep that in mind before they start deleting files willy-nilly.

---

Report it to Sunbelt Software.

I stumbled on this thread in the GetRight forums. Looks like someone already has rattled Sunbelt's cage about this.

GetRight Forums Thread