Message boards :
Number crunching :
BOINC files infected with PartyPoker
Message board moderation
Author | Message |
---|---|
Rom Walton (BOINC) Send message Joined: 28 Apr 00 Posts: 579 Credit: 130,733 RAC: 0 |
Actually, that file is used as a file compression library. It has nothing to do with party poker. I can assure you of that. I built it from the zlib sources myself. ----- Rom BOINC Development Team, U.C. Berkeley My Blog |
Rom Walton (BOINC) Send message Joined: 28 Apr 00 Posts: 579 Credit: 130,733 RAC: 0 |
I think CounterSpy is wrong. I think it is a false positive. ----- Rom BOINC Development Team, U.C. Berkeley My Blog |
David@home Send message Joined: 16 Jan 03 Posts: 755 Credit: 5,040,916 RAC: 28 |
Do you have an entry for PartyPoker in Add or Remove Programs? Try opening control panel then selecting Add or Remove Programs and scan through to see if PartyPoker is listed. If it is then remove it. |
UBT - Halifax--lad Send message Joined: 13 Dec 00 Posts: 433 Credit: 13,900 RAC: 0 |
Well, I just ran my nightly CounterSpy, and PartyPoker showed up again as spyware in the same BOINC file, even though I removed it last night. I will not remove it tonight, as I don't want to have to re-install BOINC again. I am not comfortable with it there, as it was done without my consent. CounterSpy does include PartyPoker as spyware, though benign, unless it is installed without consent. Your not listening to what people are telling you it is a false positive, there is no party poker there, the file will just probally have something realated to it that party poker also users, so it is throwing up that message. Just ignore it, its a BOINC file and your comp needs it, some antivirus software reports BOINC files as a virus when they are not, that happens a lot over at CPDN Join us in Chat (see the forum) Click the Sig Join UBT |
John Clark Send message Joined: 29 Sep 99 Posts: 16515 Credit: 4,418,829 RAC: 0 |
Well, I just ran my nightly CounterSpy, and PartyPoker showed up again as spyware in the same BOINC file, even though I removed it last night. I will not remove it tonight, as I don't want to have to re-install BOINC again. I am not comfortable with it there, as it was done without my consent. CounterSpy does include PartyPoker as spyware, though benign, unless it is installed without consent. Listen to what colleagues are saying, and what Halifax_Lad makes abundantly clear (if you are listening and understanding). I run several spyware programmes, on a weekly basis, on each of my PCs. On 1, to which I have a scanner attached, one of my spyware packages identifies the scanning software as spyware. The first time I foolishly uninstalled the identified files, and the scaner stopped working (doing it's job). I reinstalled the software, and then regularly "inspect (to check) and exclude the "so called" threat. Ignore the identified threat or junk your anti-spyware package. It sounds suspect to me! It's good to be back amongst friends and colleagues |
Sean Turkington Send message Joined: 28 May 99 Posts: 17 Credit: 1,139,787 RAC: 2 |
The file zlib1.dll is present in my BOINC installation also. Neither Adaware SE or Spybot Search and Destroy have a problem with this. As these are two of the best anti spyware programs availble I am confident that the file is a legitimate BOINC file. If I were you I would replace my anti spyware program with one or both of the above two as your current program IS reporting false positives. |
kinhull Send message Joined: 3 Oct 03 Posts: 1029 Credit: 636,475 RAC: 0 |
Well, I just ran my nightly CounterSpy, and PartyPoker showed up again as spyware in the same BOINC file, even though I removed it last night. I will not remove it tonight, as I don't want to have to re-install BOINC again. I am not comfortable with it there, as it was done without my consent. CounterSpy does include PartyPoker as spyware, though benign, unless it is installed without consent. Hi marz, thanks for pointing this out, as many people may just see "spyware" and decide to delete BOINC without mentioning it in the Message Boards. If ROM says it is probably a false positive, then I would have a tendency to go with that. Like others have said I would double check your computer to see if PartyPoker has been inadvertantly installed some how, use add/remove and possibly do a thorough search for PartyPoker, see what comes up. I would have a little surf over to http://grc.com/ and click on ShieldsUp, which should give you a good indication as to how good your firewall is doing (ok it's not checking for infections, but it would be good to know how secure you are) Join TeamACC Sometimes I think we are alone in the universe, and sometimes I think we are not. In either case the idea is quite staggering. |
Grant (SSSF) Send message Joined: 19 Aug 99 Posts: 13736 Credit: 208,696,464 RAC: 304 |
I have removed it, again, but I expect that it is in my registry, and I won't attempt to clean that out. (I've only had a computer for a little over a year, and I won't take the risk of screwing it up). Get a copy of Hijack this & post the results to a Techforum, you've possibly got some form of Malware. Grant Darwin NT |
Geek@Play Send message Joined: 31 Jul 01 Posts: 2467 Credit: 86,146,931 RAC: 0 |
For your information..........a search at McAfee virus definitions shows nothing on "PartyPoker" at least as a virus. Possibility still exists of some type of spyware. Boinc....Boinc....Boinc....Boinc.... |
Jim Send message Joined: 28 Jan 00 Posts: 614 Credit: 2,031,206 RAC: 0 |
|
Jim-R. Send message Joined: 7 Feb 06 Posts: 1494 Credit: 194,148 RAC: 0 |
It's possible you have a virus/spyware/other that has attached itself to a sector of your hard drive. I had one once that survived deleting everything on the partition and doing a clean install. I did everything but reformat the drive. When I booted up the new windows installation it was back. Only way I got rid of it was to reformat the partition *then* do a fresh install. Jim Some people plan their life out and look back at the wealth they've had. Others live life day by day and look back at the wealth of experiences and enjoyment they've had. |
Legacy Send message Joined: 10 Dec 99 Posts: 134 Credit: 1,778,571 RAC: 0 |
Marz, I would advice you to go to Symantec website and do an online scan to determine if there really is a virus / trojan or is it just a false positive. What could be happening is you may have a virus which is infecting other dll files, hence the BOINC library file being reported as a virus. But without a reliable scan, all we can do is guess. After the scan, pls do take note of the name(s) of the virus(es) / trojan(s) found and we could give you better instructions for removal. |
Skip Davis Send message Joined: 22 Dec 00 Posts: 44 Credit: 2,565,939 RAC: 0 |
Norton gives false positives all the time. |
1mp0£173 Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0 |
I know nothing about coding (obviously), so I defer to your expertise. I thought that what I found should be mentioned, as it was installed in some way into the BOINC file, and, when deleted, stopped BOINC cold upon startup. Marz, Detecting viruses, trojans and spyware is an art, not a science. A science is precise, art implies creativity. The anti-spyware programs search for a pattern in a file -- a sequence of bytes which the anti-spyware authors hope is unique to that one file, that one trojan. So, why would CounterSpy report this as a trojan? 1) PartyPoker uses zlib compression. 2) PartyPoker doesn't use zlib, it just happens to have an identical byte sequence somewhere. How long? Only the folks at CounterSpy would know. It is unlikely that they're looking for something highly unique, like "PartyPoker" -- it is more likely just a string of bytes picked arbitrarily. What we do know is that one of the lead developers has told you the origin of zlib1.dll in the BOINC directory. It is there intentionally. Under all circumstances, when you remove a component from installed software, you do so on the "if you break it, you own both parts" basis. -- Ned |
David@home Send message Joined: 16 Jan 03 Posts: 755 Credit: 5,040,916 RAC: 28 |
The most likely option is that is a false positive. However, it is possible that some malware has attached to this BOINC file via an alternate data stream. Marz, if you are using the Windows NTFS file system then I would also ensure you do a scan of Alternate Data Streams (ADS). NTFS supports ADS but Windows provides no means to view alternate data streams and some malware uses them to hide from view. You can store anything in an ADS even an executable. Windows XP even uses for its own stuff but provides no means to view these additions to files on disk. I do not know if CounterSpy supports scanning of alternate data streams. I would: 1) Check if partypoker is listed under add or remove programs. It is quite easy to get programs installed without your knowledge especially if you use some P2P file sharing program like kazaa, click on links people send via Instant Messaging (e.g. if your friends system is infected some malware can send messages with links to people in their contacts list) or visit accidently dubious web sites. 2) Run a scan with an antispyware program that can scan ADS. Maybe Counterpsy has this option if not try Ad-Aware. This does provide the option to scan the ADS on your file system. The free version is available at http://www.lavasoftusa.com/software/adaware/ |
StokeyBob Send message Joined: 31 Aug 03 Posts: 848 Credit: 2,218,691 RAC: 0 |
My zlib1.dll file shows a size of 58.5 KB (59,904 bytes) if that helps at all. |
3quarks Send message Joined: 19 Jun 03 Posts: 95 Credit: 354,773 RAC: 0 |
My zlib1.dll file shows a size of 58.5 KB (59,904 bytes) if that helps at all. Yes, the BOINC zlib1.dll here is exactly the same size here and, as a double check, has an MD5 check of 80e41408f6d641dc1c0f5353a0cc8125 though there is also anothere zlib1.dll under C:\\Program Files\\Intel\\Wireless\\Bin which is 55,808 bytes. |
Mike Bader Send message Joined: 18 May 99 Posts: 231 Credit: 20,366,214 RAC: 33 |
I have not gotten that message from Counterspy. You can try to update Counterspy, or reinstall Counterspy and BOINC. Report it to Sunbelt Software. Mike Bader BOINC V7.16.5 http://setiathome.berkeley.edu/team_join_form.php?id=5 - Join Our International Team [img]http://boinc.mundayweb.com/one/stats.php? |
Darren Send message Joined: 2 Jul 99 Posts: 259 Credit: 280,503 RAC: 0 |
Just FYI, people on other projects have also reported this. Einstein has a thread here and Rosetta has one here. Aside from the file name, a common factor in all of them is that CounterSpy seems to be the only spyware program reporting a problem. If it were truly spyware, it's highly likely that other spyware programs would also identify it as such. Just a suggestion that people keep that in mind before they start deleting files willy-nilly. |
Scarecrow Send message Joined: 15 Jul 00 Posts: 4520 Credit: 486,601 RAC: 0 |
Report it to Sunbelt Software. I stumbled on this thread in the GetRight forums. Looks like someone already has rattled Sunbelt's cage about this. GetRight Forums Thread |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.