VIRUS IN THE PROJECTS


log in

Advanced search

Questions and Answers : Windows : VIRUS IN THE PROJECTS

1 · 2 · Next
Author Message
Peter
Avatar
Send message
Joined: 4 May 12
Posts: 22
Credit: 26,746
RAC: 0
United States
Message 1253988 - Posted: 1 Jul 2012, 4:09:42 UTC

I have a problem who ever said that this is virus free. I am sorry but one of the projects I uploaded had a virus, I will have to delete all my projects a signed to me and get new once. After $250.00 a Tech for HP found where it came from and it had seti on it now I will be down at times. So just keep alert and run a virus check on uploaded projects. Just letting everyone know about it. Any question please e-mail me or call.

Peter L
____________
THEY SEE YOU!! LOOK UP!!

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13625
Credit: 30,969,100
RAC: 20,775
United States
Message 1254008 - Posted: 1 Jul 2012, 5:14:16 UTC - in response to Message 1253988.

There is absolutely no way a virus came from a SETI workunit. Either you had what is known as a false positive or you got your virus elsewhere.

The SETI@Home workunits are not executable data and therefore can never cause harm to your computer.

Profile ignorance is no excuse
Avatar
Send message
Joined: 4 Oct 00
Posts: 9529
Credit: 44,433,321
RAC: 0
Korea, North
Message 1254107 - Posted: 1 Jul 2012, 12:51:24 UTC - in response to Message 1254008.

There is absolutely no way a virus came from a SETI workunit. Either you had what is known as a false positive or you got your virus elsewhere.

The SETI@Home workunits are not executable data and therefore can never cause harm to your computer.

and further the tech you talked to is probably full of fecal material
____________
In a rich man's house there is no place to spit but his face.
Diogenes Of Sinope

End terrorism by building a school

Profile BilBg
Volunteer tester
Avatar
Send message
Joined: 27 May 07
Posts: 2789
Credit: 6,297,622
RAC: 7,519
Bulgaria
Message 1254287 - Posted: 1 Jul 2012, 18:19:43 UTC - in response to Message 1253988.


Do you REALLY say that you gave $250 to a 'tech' that tells lies to get your money??

I bet you are using some stupid antivirus (Trend Micro, Comodo, Symantec/Norton)

Scan your file here:
https://www.virustotal.com/
http://virscan.org/

I'm using ESET NOD32 Antivirus 4.2.71.2


____________



- ALF - "Find out what you don't do well ..... then don't do it!" :)

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12324
Credit: 2,626,514
RAC: 994
Netherlands
Message 1254360 - Posted: 1 Jul 2012, 22:31:18 UTC

Next time spend your money on books like:
The internet for dummies
and
Computer viruses for dummies

That way you save a whole 225 dollars to do fun other things with.

:-)
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

Profile Gatekeeper
Avatar
Send message
Joined: 14 Jul 04
Posts: 887
Credit: 176,479,616
RAC: 0
United States
Message 1254361 - Posted: 1 Jul 2012, 22:42:43 UTC

Just FYI, the OP has opened a new thread in "Getting Started", here
____________

Profile ignorance is no excuse
Avatar
Send message
Joined: 4 Oct 00
Posts: 9529
Credit: 44,433,321
RAC: 0
Korea, North
Message 1254630 - Posted: 2 Jul 2012, 18:45:36 UTC

I hope you don't think we were just being jerks.

You never told us what he found or why you needed to completely reformat your HDD and reinstall Windows. That seems a bit extreme or someone is trying to make a bunch of money off of something mundane as a bad driver.
____________
In a rich man's house there is no place to spit but his face.
Diogenes Of Sinope

End terrorism by building a school

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13625
Credit: 30,969,100
RAC: 20,775
United States
Message 1254822 - Posted: 3 Jul 2012, 0:43:25 UTC - in response to Message 1254630.
Last modified: 3 Jul 2012, 0:43:49 UTC

I think it is as simple as a false positive. Likely the Anti-Virus scanner found a string of characters in a SETI@Home workunit that resembled a virus signature (hence a "false positive"), and like most people they freak out whenever a virus alert pops up. The HP tech likely told him the only way to make sure the virus was gone was to erase everything and start from scratch (a practice all to common in IT and it usually comes from IT people who don't understand viruses or computers on a high level).


I wasn't trying to be a jerk at all, just stating in a factual manner that there is no way a virus was found in a SETI@Home workunit.

Profile ignorance is no excuse
Avatar
Send message
Joined: 4 Oct 00
Posts: 9529
Credit: 44,433,321
RAC: 0
Korea, North
Message 1255103 - Posted: 3 Jul 2012, 16:02:52 UTC

Agreed, I just don't want an angry user out there expecting to be laughed at for every question that they bring here.

Though to be honest a complete drive wipe for a false positive virus alert is probably the most extreme example of nukes for mosquito repellent I've seen.
____________
In a rich man's house there is no place to spit but his face.
Diogenes Of Sinope

End terrorism by building a school

rob smithProject donor
Volunteer tester
Send message
Joined: 7 Mar 03
Posts: 8525
Credit: 59,048,316
RAC: 81,176
United Kingdom
Message 1255132 - Posted: 3 Jul 2012, 21:01:50 UTC

It might be extreme, but it isn't the first time,. nor will it be the last. I worked for an IT support company for a short time, and had more than one client refuse to believe that what they were seeing was a false positive, and shouldn't they do something about it. One of the other desk jockeys was prone to say "Well, if you are really not sure this isn't a virus there is only one way to cure it - reformat your hard disk" (he was talking about "curing" the user, not the false positive.... And then hit them with a £10 per MINUTE charge, typical call duration 30 minutes to that point - now that makes 250 dollars sound a real bargain!!

(I would pass my insistent callers over to him, knowing that I would get 60% of the "call fee", while my colleague would get 40%, and I could knock off a few simple calls while he was sorting the awkward one out....)
____________
Bob Smith
Member of Seti PIPPS (Pluto is a Planet Protest Society)
Somewhere in the (un)known Universe?

John McLeod VII
Volunteer developer
Volunteer tester
Avatar
Send message
Joined: 15 Jul 99
Posts: 24679
Credit: 522,659
RAC: 40
United States
Message 1255207 - Posted: 4 Jul 2012, 0:23:29 UTC

I have one time re-formatted a HD to rid myself of a virus. Notably the time that it installed a rootkit that MalwareBytes could not (at that time) expunge. And yes, I did have my data backed up. Reinstalled all programs from original sources though. It was a pain in the rear.
____________


BOINC WIKI

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13625
Credit: 30,969,100
RAC: 20,775
United States
Message 1256008 - Posted: 5 Jul 2012, 19:09:46 UTC - in response to Message 1255207.

Sure, as a last resort a re-image (or complete re-install) is necessary. In most cases a virus can be "exterminated" by a decent program, but I prefer removing them manually.

John McLeod VII
Volunteer developer
Volunteer tester
Avatar
Send message
Joined: 15 Jul 99
Posts: 24679
Credit: 522,659
RAC: 40
United States
Message 1256141 - Posted: 6 Jul 2012, 0:11:30 UTC - in response to Message 1256008.

Sure, as a last resort a re-image (or complete re-install) is necessary. In most cases a virus can be "exterminated" by a decent program, but I prefer removing them manually.

Root kits can be difficult for a program to exterminate, and next to impossible to squash by hand.
____________


BOINC WIKI

pabla
Send message
Joined: 8 Jul 12
Posts: 2
Credit: 0
RAC: 0
Germany
Message 1257579 - Posted: 8 Jul 2012, 16:12:08 UTC - in response to Message 1256141.

Hi guys, I just wanted to report a trojan found in the installation of the seti software. I had just signed up for the project and it was being downloaded by the manager, when it finished downloading some parts, my AV software showed this message:

In der Datei 'C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\ap_graphics_6.01_windows_intelx86.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

sorry for the German, is says in the file"..." a virus or unwanted program"..." was found.

Action: Access denied.

Just letting you know. Thanks.

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13625
Credit: 30,969,100
RAC: 20,775
United States
Message 1257588 - Posted: 8 Jul 2012, 16:47:39 UTC - in response to Message 1257579.

Pabla,

Please read the rest of this thread. The message you received from your anti-virus program is a false positive.

The reason why your anti-virus thinks p_graphics_6.01_windows_intelx86.exe is a virus is because it consumes all available CPU cycles, which many anti-virus programs think is virus/worm activity.

There is no virus in p_graphics_6.01_windows_intelx86.exe and if you want to crunch, you need to allow the program to execute. In fact, you should create an exception in your anti-virus software allowing all activity to your BOINC Program Data directory (usually C:\ProgramData\BOINC for all Vista and Win7 machines).

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12324
Credit: 2,626,514
RAC: 994
Netherlands
Message 1257617 - Posted: 8 Jul 2012, 17:58:55 UTC

Never just only believe your AV scanner. Put the executable into https://www.virustotal.com/ and if it says on most of its 42 scanners that something is wrong, then something may be wrong.

However, the file can also be infected on your machine.

The likelihood that Seti science applications come infected to your machine, is very very very extremely very remote. They're built on a Linux system and distributed from that Linux system. While it's true that there are Linux viruses, the amount of them being around are few, when compared to Windows viruses. And a Windows virus infecting a Linux system would be a first.
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

Profile Earthmage
Avatar
Send message
Joined: 27 Mar 12
Posts: 2
Credit: 3,017
RAC: 0
United States
Message 1257620 - Posted: 8 Jul 2012, 18:06:53 UTC

I've had this program running on my computer for a few months, so I'm not certain that the problem I've been having recently is related. However, since the SETI@home is running the entire time my laptop is on, I'm curious to know if anyone else has had the annoying issue where advertisement audio plays without any related windows being opened.

It started maybe in the last few weeks. While going about my business online, something occasionally occurs in which I hear advertisements being played, but have no visuals. Sometimes, I get snippets of songs in the rap, hip-hop, and Mexican genres (none of which are music that I want to hear while I'm surfing the web). It continues after I've completely closed out of any open windows, so I suspect that it may be linked to anything running in the background. I'm no techie here, so I have no idea where to look or even if it's possible that it can somehow be related to the continually running SETI@home program.

If this sounds even remotely familiar to you, or if you have any suggestions for how I might begin figuring out what's going on in order to cease it for good, I would greatly appreciate it.
____________
"Our task must be to free ourselves ... by widening our circle of compassion to embrace all living creatures and the whole of nature and its beauty."--Albert Einstein

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13625
Credit: 30,969,100
RAC: 20,775
United States
Message 1257639 - Posted: 8 Jul 2012, 19:52:29 UTC - in response to Message 1257617.

And a Windows virus infecting a Linux system would be a first.


Not that uncommon if the Linux system is running WINE. ;-)

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13625
Credit: 30,969,100
RAC: 20,775
United States
Message 1257640 - Posted: 8 Jul 2012, 19:54:41 UTC - in response to Message 1257620.

I'm curious to know if anyone else has had the annoying issue where advertisement audio plays without any related windows being opened.

It started maybe in the last few weeks. While going about my business online, something occasionally occurs in which I hear advertisements being played, but have no visuals. Sometimes, I get snippets of songs in the rap, hip-hop, and Mexican genres (none of which are music that I want to hear while I'm surfing the web). It continues after I've completely closed out of any open windows, so I suspect that it may be linked to anything running in the background. I'm no techie here, so I have no idea where to look or even if it's possible that it can somehow be related to the continually running SETI@home program.


That sounds like a web browser add-on, possibly installed via another piece of software (they like to tack on all sorts of crappy add-ons). I would start by going through all of your web browser add-ons and disabling any unfamiliar ones to see if the problem goes away.

BTW - This is also definitely not caused by SETI@Home.

Profile BilBg
Volunteer tester
Avatar
Send message
Joined: 27 May 07
Posts: 2789
Credit: 6,297,622
RAC: 7,519
Bulgaria
Message 1257824 - Posted: 9 Jul 2012, 2:24:53 UTC - in response to Message 1257579.

Hi guys, I just wanted to report a trojan found in the installation of the seti software. I had just signed up for the project and it was being downloaded by the manager, when it finished downloading some parts, my AV software showed this message:

In der Datei 'C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\ap_graphics_6.01_windows_intelx86.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

sorry for the German, is says in the file"..." a virus or unwanted program"..." was found.

Action: Access denied.

Just letting you know. Thanks.

"my AV software" is not at all informative, which is this strange antivirus?
(TrendMicro have habit of giving such false positives, and before my scan bellow
TrendMicro was marking (last scan result was a month ago) the http://boinc2.ssl.berkeley.edu/sah/download_fanout/ as 'Malicious site'!?)

NONE of the antivirus programs (Detection ratio: 0 / 42) gives any warning about:
http://boinc2.ssl.berkeley.edu/sah/download_fanout/ap_graphics_6.01_windows_intelx86.exe
https://www.virustotal.com/file/6be058f0ac2997fba8d37445d268b3efccd54a64f9b2b35fe4478e6300a39d41/analysis/1341799812/


____________



- ALF - "Find out what you don't do well ..... then don't do it!" :)

1 · 2 · Next

Questions and Answers : Windows : VIRUS IN THE PROJECTS

Copyright © 2014 University of California