Message boards :
Number crunching :
Keystroke logger in Boinc?
Message board moderation
Author | Message |
---|---|
MattDavis Send message Joined: 11 Nov 99 Posts: 919 Credit: 934,161 RAC: 0 |
I saw this on the Predictor board, and I thought I'd paste it here since this board is more heavily trafficked. "Hello folks, recently pestpatrol (www.pestpatrol.com or www.pestpatrol.de ) alerted me of a keyboard-logger in file boinc.dll. Virusscanner, Malwarescanners asquare and spybot didn't detect anything but that means nothing to me 'cause these programms all didn't find a remote administration tool that really was on my machine. So I have reason to trust pestpatrol. The suspicious bionc.dll is 35328 byte large, version 3.20. Strange is the following: created on 13. July 04, 20:15:45, last change on 08. July 04, 15:56:16. A false alert, I hope, but as long as I don't know, a red alert. Greetings Lutz" |
SCREAMING EAGLE Send message Joined: 24 Jan 04 Posts: 28 Credit: 268,976 RAC: 0 |
thanks for info matt. |
Petit Soleil Send message Joined: 17 Feb 03 Posts: 1497 Credit: 70,934 RAC: 0 |
Do you have any idea where and how you could have got that Key logger ? If you can't get rid of it try Trojan remover. It works well for me. Edit / Sorry it's not you who got that.... |
One Hot Minute Send message Joined: 3 Apr 99 Posts: 33 Credit: 4,981 RAC: 0 |
http://www.ssl.berkeley.edu/pipermail/boinc_projects/2004-July/000165.html <a> [/url] Artificial intelligence is no match for natural stupidity. |
MattDavis Send message Joined: 11 Nov 99 Posts: 919 Credit: 934,161 RAC: 0 |
Great, I'll post that link in the Predictor forums. |
Arm Send message Joined: 12 Sep 03 Posts: 308 Credit: 15,584,777 RAC: 0 |
> http://www.ssl.berkeley.edu/pipermail/boinc_projects/2004-July/000165.html > > Artificial intelligence is no match for natural stupidity. > Does that mean that if I remove this boinc.dll and my prefferences are "Work all the time" nothing wrong will happen to the boinc client? |
One Hot Minute Send message Joined: 3 Apr 99 Posts: 33 Credit: 4,981 RAC: 0 |
No problem Matt, glad to help. <a> [/url] Artificial intelligence is no match for natural stupidity. |
Arm Send message Joined: 12 Sep 03 Posts: 308 Credit: 15,584,777 RAC: 0 |
> No problem Matt, glad to help. > > Artificial intelligence is no match for natural stupidity. > No answer from One Hot Minute. Anyhow I renamed this file - just in case. P.S. Personal Antispy also says that this .dll is a keylogger |
One Hot Minute Send message Joined: 3 Apr 99 Posts: 33 Credit: 4,981 RAC: 0 |
Sorry Fram didn't mean to seem rude, with a bit of luck someone a bit more technically minded than myself will be able to help with that one. ;o) <a> [/url] Artificial intelligence is no match for natural stupidity. |
grumpy Send message Joined: 2 Jun 99 Posts: 209 Credit: 152,987 RAC: 0 |
Well I renamed boinc.dll and restarted boinc and got this message. - - - 2004-08-21 20:14:10 - Starting BOINC client version 3.20 for windows_intelx86 SETI@home - 2004-08-21 20:14:10 - Project prefs: using your defaults SETI@home - 2004-08-21 20:14:10 - Host ID is --- - 2004-08-21 20:14:10 - General prefs: from SETI@home (last modified 2004-08-05 18:47:40) --- - 2004-08-21 20:14:10 - General prefs: using your defaults SETI@home - 2004-08-21 20:14:10 - Resuming computation for result 13ja04aa.14664.3280.822138.26_3 using setiathome version 3.08 --- - 2004-08-21 20:14:10 - Can't load "boinc.dll", will not be able to determine idle time |
ML1 Send message Joined: 25 Nov 01 Posts: 20147 Credit: 7,508,002 RAC: 20 |
> recently pestpatrol (www.pestpatrol.com or www.pestpatrol.de ) > alerted me of a keyboard-logger in file boinc.dll. Ahhh... Then you must be using MS Windows... Does not boinc have options for checking PC 'activity' to support the option to only run boinc when your machine is inactive?... Keyboard activity might be amongst the items tested for. Boinc is Open Source so someone should notice a malicious key logger quickly. The other route is that MS Windows has let itself get you 'infected'. (No comparable worries on linux (;-)) Good luck, Martin |
Petit Soleil Send message Joined: 17 Feb 03 Posts: 1497 Credit: 70,934 RAC: 0 |
> (No comparable worries on linux (;-)) Or a MAC |
Toby Send message Joined: 26 Oct 00 Posts: 1005 Credit: 6,366,949 RAC: 0 |
To those of you who renamed your boinc.dll files: 1) If this really WERE a real keylogger, chances are that renaming it wouldn't turn it off. 2) boinc.dll is part of BOINC. BOINC needs it to function correctly. If you rename it, BOINC can't find it and will give the error message reported by golden goose. In case you don't understand the link posted above with an explanation, let me try to re-phrase it. When you have your preferences set to 'only work when computer is idle' BOINC monitors your keyboard and mouse for input. This activity is viewed as 'dangerous' by pestpatrol because keyloggers do the same thing and record the keystrokes as they come in. BOINC, however does NOT record what you type or what your mosue does, it just listens for action. Kind of like a motion sensor. It senses that someone is in the room but it doesn't know exactly where they are, what they are doing or what they look like. So put the file back the way you found it and step away from your computer! :) ------------------------------------------- - A member of The Knights Who Say NI! Possibly the best stats site in the universe: http://boinc-kwsn.no-ip.info |
Darth Dogbytes™ Send message Joined: 30 Jul 03 Posts: 7512 Credit: 2,021,148 RAC: 0 |
However, it would make a juicy target for a script kiddie. Account frozen... |
KWSN - MajorKong Send message Joined: 5 Jan 00 Posts: 2892 Credit: 1,499,890 RAC: 0 |
> However, it would make a juicy target for a script kiddie. > Which is why you should be VERY wary of running non-official binaries. Either run what you can download from berkeley, or download the source and compile it yourself. You never know what some creepy, evil dude might have snuck into a build when HE/SHE compiled it. ------------ KWSN-MajorKong KWSN Forum Admin (retired) http://www.kwsnforum.com BOINC Beta tester Member of the 'Magnificent 7' |
Arm Send message Joined: 12 Sep 03 Posts: 308 Credit: 15,584,777 RAC: 0 |
> To those of you who renamed your boinc.dll files: > > 1) If this really WERE a real keylogger, chances are that renaming it wouldn't > turn it off. > 2) boinc.dll is part of BOINC. BOINC needs it to function correctly. If you > rename it, BOINC can't find it and will give the error message reported by > golden goose. > > In case you don't understand the link posted above with an explanation, let me > try to re-phrase it. When you have your preferences set to 'only work when > computer is idle' BOINC monitors your keyboard and mouse for input. This > activity is viewed as 'dangerous' by pestpatrol because keyloggers do the same > thing and record the keystrokes as they come in. BOINC, however does NOT > record what you type or what your mosue does, it just listens for action. > Kind of like a motion sensor. It senses that someone is in the room but it > doesn't know exactly where they are, what they are doing or what they look > like. > > So put the file back the way you found it and step away from your computer! > :) Thaks for the detailed explanation, Toby. You have the rare talent to explain. Thank you once again :) If boinc.dll is responsible ONLY to stop the client if there is a keyboard or mouse activity, then the biggest disaster would be the message "Can't load "boinc.dll", will not be able to determine idle time" and BOINC will run even you are typing or clicking with the mouse. If not, BOINC client will crash. I do agree that it works while I'm clicking with the mouse. [Offtoppic] And you have bought your 4 PCs only to keep them bussy? :) [/Offtoppic] |
ric Send message Joined: 16 Jun 03 Posts: 482 Credit: 666,047 RAC: 0 |
S>>o put the file back the way you found it and step away from your computer! :) This is a good advice but, users are used not to use advices, even yours. They are just not listening... Toby, perhaps I'm wrong but so far, it looks for me, the boinc.dll is used "only" for the boinc_gui.exe part, if running the boinc_cli.exe stand alone, is the boinc.dll really needed? I don't know, not having the "need" to test, but curious to your/any awnser(s) ric |
Arm Send message Joined: 12 Sep 03 Posts: 308 Credit: 15,584,777 RAC: 0 |
> perhaps I'm wrong but so far, it looks for me, the boinc.dll is used "only" > for the boinc_gui.exe part, if running the boinc_cli.exe stand alone, is the > boinc.dll really needed? > > I don't know, not having the "need" to test, but curious to your/any > awnser(s) > > ric > Obviously cli doesnt need it - if started there is no warning message about the renamed/missing .dll and Personal Antispy doesnt find any keylogger activity. |
grumpy Send message Joined: 2 Jun 99 Posts: 209 Credit: 152,987 RAC: 0 |
hum... !!! Seems to be a little more than mouse & keyboard logging... SVCHOST.EXE:720 IRP_MJ_CREATE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Options: Open Access: All SVCHOST.EXE:720 FASTIO_QUERY_BASIC_INFO C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Attributes: A SVCHOST.EXE:720 IRP_MJ_CLEANUP C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS SVCHOST.EXE:720 IRP_MJ_CLOSE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS SVCHOST.EXE:720 IRP_MJ_CREATE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Options: Open Access: All SVCHOST.EXE:720 IRP_MJ_QUERY_INFORMATION C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS FileInternalInformation SVCHOST.EXE:720 IRP_MJ_CLEANUP C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS SVCHOST.EXE:720 IRP_MJ_CLOSE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 IRP_MJ_CREATE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Options: Open Access: All MailWasher.exe:2788 IRP_MJ_CREATE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Options: Open Access: All MailWasher.exe:2788 FASTIO_QUERY_BASIC_INFO C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Attributes: A MailWasher.exe:2788 IRP_MJ_SET_INFORMATION C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS FileBasicInformation MailWasher.exe:2788 IRP_MJ_QUERY_VOLUME_INFORMATION C:\PROGRAMFILES\BOINC\BOINC.DLL BUFFER OVERFLOW FileFsVolumeInformation MailWasher.exe:2788 IRP_MJ_QUERY_INFORMATION C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS FileInternalInformation MailWasher.exe:2788 FASTIO_QUERY_STANDARD_INFO C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Length: 35328 MailWasher.exe:2788 IRP_MJ_CLEANUP C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 IRP_MJ_CREATE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Options: Open Access: All MailWasher.exe:2788 IRP_MJ_QUERY_INFORMATION C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS FileBasicInformation MailWasher.exe:2788 IRP_MJ_CLEANUP C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 FASTIO_QUERY_STANDARD_INFO C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Length: 35328 System:2788 IRP_MJ_CLEANUP C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 IRP_MJ_CREATE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Options: Open Access: Execute MailWasher.exe:2788 IRP_MJ_CREATE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Options: Open Access: All MailWasher.exe:2788 FASTIO_QUERY_BASIC_INFO C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Attributes: A MailWasher.exe:2788 IRP_MJ_SET_INFORMATION C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS FileBasicInformation MailWasher.exe:2788 IRP_MJ_QUERY_VOLUME_INFORMATION C:\PROGRAM FILES\BOINC\BOINC.DLL BUFFER OVERFLOW FileFsVolumeInformation MailWasher.exe:2788 IRP_MJ_QUERY_INFORMATION C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS FileInternalInformation MailWasher.exe:2788 FASTIO_QUERY_STANDARD_INFO C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Length: 35328 MailWasher.exe:2788 IRP_MJ_CLEANUP C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 IRP_MJ_CREATE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Options: Open Access: All MailWasher.exe:2788 IRP_MJ_QUERY_INFORMATION C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS FileBasicInformation MailWasher.exe:2788 IRP_MJ_CLEANUP C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS System:2788 IRP_MJ_CLEANUP C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS MailWasher.exe:2788 IRP_MJ_CREATE C:\Program Files\BOINC\boinc.dll SUCCESS Options: Open Access: All MailWasher.exe:2788 FASTIO_QUERY_BASIC_INFO C:\Program Files\BOINC\boinc.dll SUCCESS Attributes: A MailWasher.exe:2788 IRP_MJ_CLEANUP C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CREATE C:\Program Files\BOINC\boinc.dll SUCCESS Options: Open Access: Execute MailWasher.exe:2788 IRP_MJ_CREATE C:\Program Files\BOINC\boinc.dll SUCCESS Options: Open Access: All MailWasher.exe:2788 FASTIO_QUERY_BASIC_INFO C:\Program Files\BOINC\boinc.dll SUCCESS Attributes: A MailWasher.exe:2788 IRP_MJ_SET_INFORMATION C:\Program Files\BOINC\boinc.dll SUCCESS FileBasicInformation MailWasher.exe:2788 IRP_MJ_QUERY_VOLUME_INFORMATION C:\Program Files\BOINC\boinc.dll BUFFER OVERFLOW FileFsVolumeInformation MailWasher.exe:2788 IRP_MJ_QUERY_INFORMATION C:\Program Files\BOINC\boinc.dll SUCCESS FileInternalInformation MailWasher.exe:2788 FASTIO_QUERY_STANDARD_INFO C:\Program Files\BOINC\boinc.dll SUCCESS Length: 35328 MailWasher.exe:2788 IRP_MJ_CLEANUP C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CREATE C:\Program Files\BOINC\boinc.dll SUCCESS Options: Open Access: All MailWasher.exe:2788 IRP_MJ_QUERY_INFORMATION C:\Program Files\BOINC\boinc.dll SUCCESS FileBasicInformation MailWasher.exe:2788 IRP_MJ_CLEANUP C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 FASTIO_QUERY_STANDARD_INFO C:\Program Files\BOINC\boinc.dll SUCCESS Length: 35328 MailWasher.exe:2788 IRP_MJ_CLEANUP C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\Program Files\BOINC\boinc.dll SUCCESS System:4 IRP_MJ_QUERY_INFORMATION C:\Program Files\BOINC\boinc.dll SUCCESS FileNameInformation MailWasher.exe:2788 IRP_MJ_CREATE C:\Program Files\BOINC\boinc.dll SUCCESS Options: Open Access: All MailWasher.exe:2788 FASTIO_QUERY_BASIC_INFO C:\Program Files\BOINC\boinc.dll SUCCESS Attributes: A MailWasher.exe:2788 IRP_MJ_CLEANUP C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CREATE C:\Program Files\BOINC\boinc.dll SUCCESS Options: Open Access: Execute MailWasher.exe:2788 IRP_MJ_CREATE C:\Program Files\BOINC\boinc.dll SUCCESS Options: Open Access: All MailWasher.exe:2788 FASTIO_QUERY_BASIC_INFO C:\Program Files\BOINC\boinc.dll SUCCESS Attributes: A MailWasher.exe:2788 IRP_MJ_SET_INFORMATION C:\Program Files\BOINC\boinc.dll SUCCESS FileBasicInformation MailWasher.exe:2788 IRP_MJ_QUERY_VOLUME_INFORMATION C:\Program Files\BOINC\boinc.dll BUFFER OVERFLOW FileFsVolumeInformation MailWasher.exe:2788 IRP_MJ_QUERY_INFORMATION C:\Program Files\BOINC\boinc.dll SUCCESS FileInternalInformation MailWasher.exe:2788 FASTIO_QUERY_STANDARD_INFO C:\Program Files\BOINC\boinc.dll SUCCESS Length: 35328 MailWasher.exe:2788 IRP_MJ_CLEANUP C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CREATE C:\Program Files\BOINC\boinc.dll SUCCESS Options: Open Access: All MailWasher.exe:2788 IRP_MJ_QUERY_INFORMATION C:\Program Files\BOINC\boinc.dll SUCCESS FileBasicInformation MailWasher.exe:2788 IRP_MJ_CLEANUP C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CLEANUP C:\Program Files\BOINC\boinc.dll SUCCESS MailWasher.exe:2788 IRP_MJ_CLOSE C:\Program Files\BOINC\boinc.dll SUCCESS SVCHOST.EXE:720 IRP_MJ_CREATE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Options: Open Access: All SVCHOST.EXE:720 FASTIO_QUERY_BASIC_INFO C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Attributes: A SVCHOST.EXE:720 IRP_MJ_CLEANUP C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS SVCHOST.EXE:720 IRP_MJ_CLOSE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS SVCHOST.EXE:720 IRP_MJ_CREATE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Options: Open Access: All SVCHOST.EXE:720 IRP_MJ_QUERY_INFORMATION C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS FileInternalInformation SVCHOST.EXE:720 IRP_MJ_CLEANUP C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS SVCHOST.EXE:720 IRP_MJ_CLOSE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Filemon.exe:1108 IRP_MJ_CREATE C:\PROGRAM FILES\BOINC\BOINC.DLL SUCCESS Options: Open Access: All |
mlcudd Send message Joined: 11 Apr 03 Posts: 782 Credit: 63,647 RAC: 0 |
Golden Goose, I am sure there are many out there that know exactly what you just posted. But for those of us that have no idea what we are looking at could you possibly offer a laymens explanation for your post, and what we can do about it. I would really appreciate it. Still Learning, Regards, Rocky |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.