VIRUS IN THE PROJECTS


log in

Advanced search

Questions and Answers : Windows : VIRUS IN THE PROJECTS

Previous · 1 · 2
Author Message
pabla
Send message
Joined: 8 Jul 12
Posts: 2
Credit: 0
RAC: 0
Germany
Message 1258132 - Posted: 9 Jul 2012, 18:20:59 UTC

BilBG, I must apologize, I forgot to mention: I am using Avira free Antivirus.

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12474
Credit: 2,695,287
RAC: 1,405
Netherlands
Message 1258194 - Posted: 9 Jul 2012, 21:06:20 UTC - in response to Message 1258132.

So do I, but mine doesn't find anything in the file. I downloaded it specifically, since I'm using optimized applications.

Avira Version information: BUILD.DAT : 12.0.0.1125 AVSCAN.EXE : 12.3.0.15 VBASE031.VDF : 7.11.35.128 64000 Bytes 8-7-2012 21:27:58 Configuration settings for the scan: Jobname.............................: ShlExt Configuration file..................: C:\Users\Ageless\AppData\Local\Temp\3a632566.avp Logging.............................: default Primary action......................: Interactive Secondary action....................: Ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: P:, Process scan........................: off Scan registry.......................: off Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: Intelligent file selection Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: extended Skipped files.......................: D:\BOINC613\*, D:\Crytek\Crysis 2\bin32\Crysis2.exe, D:\Crytek\Crysis 2\bin32\Crysis2Launcher.exe, E:\Crytek\*, k:\*.*, P:\ProgramData\*, Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Start of the scan: maandag 9 juli 2012 22:53 Starting the file scan: Begin scan in 'P:\ProgramData\ap_graphics_6.01_windows_intelx86.exe' End of the scan: maandag 9 juli 2012 22:53 Used time: 00:00 Minute(s) The scan has been done completely. 0 Scanned directories 2 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 2 Files not concerned 0 Archives were scanned 0 Warnings 0 Notes


Our advice is always to exclude the BOINC Data directory from being scanned by your anti-virus and other anti-malware scanners and only to scan these by hand, after you exited BOINC (or suspended it), to avoid loss of work.

As you can see, I have my data directory excluded from being scanned.
If you want to do so as well, open Avira, click Realtime Protection, Configuration, Scan, Exceptions, with the ... box search on "File objects to be scanned" (Second option) for your BOINC Data directory (default at C:\Programdata\BOINC\ under Windows Vista and Windows 7), select the BOINC main directory and click Add, click Apply, click OK.
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

Profile BilBg
Volunteer tester
Avatar
Send message
Joined: 27 May 07
Posts: 2894
Credit: 6,632,789
RAC: 8,048
Bulgaria
Message 1258474 - Posted: 10 Jul 2012, 8:02:06 UTC - in response to Message 1258132.


Two more Antivirus scan results (nothing found):

http://r.virscan.org/report/364572dc4292f30b165afe592eb2a626.html

http://virusscan.jotti.org/en/scanresult/f8165a9bc2bcc55cde281bc4089a2af4d6cc348f

(Despite using the same Antivirus programs the sites (virustotal.com, virscan.org, virusscan.jotti.org) sometimes give different results probably because they use different settings (e.g. heuristics sensitivity level))


____________



- ALF - "Find out what you don't do well ..... then don't do it!" :)

Profile coffee
Send message
Joined: 18 Feb 12
Posts: 4
Credit: 12,481
RAC: 0
Germany
Message 1258516 - Posted: 10 Jul 2012, 11:22:56 UTC - in response to Message 1253988.

Hello there,
it seems so. Since several days I got the same message, that there's an update of BOINCE available.
Still... when I want to go on reading on my Firefox, the browser says "Sorry, you can't trust this site. It seems to be a faked site!"
I didn't download the new version of BOINC.
And my e-mail-account, on which I communicate with BOINC, has been attacked the last days!
My question now is: is there a new version of BOINC?
Here's the link to the site, my Firefox browser says NO to:

https://boinc.berkeley.edu/manager_links.php?target=notice&controlid=download

Can anybody do something with this?
I suggested you, NOT to follow this link!
Kind greetings,
coffee

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13706
Credit: 31,734,174
RAC: 12,809
United States
Message 1258538 - Posted: 10 Jul 2012, 13:31:40 UTC - in response to Message 1258516.

Hello there,
it seems so. Since several days I got the same message, that there's an update of BOINCE available.
Still... when I want to go on reading on my Firefox, the browser says "Sorry, you can't trust this site. It seems to be a faked site!"
I didn't download the new version of BOINC.
And my e-mail-account, on which I communicate with BOINC, has been attacked the last days!
My question now is: is there a new version of BOINC?
Here's the link to the site, my Firefox browser says NO to:

https://boinc.berkeley.edu/manager_links.php?target=notice&controlid=download

Can anybody do something with this?
I suggested you, NOT to follow this link!
Kind greetings,
coffee


https://boinc.berkeley.edu/manager_links.php?target=notice&controlid=download is the correct URL to get BOINC updates. You can tell it is not fake because it belongs directly to the Berkeley.edu domain. Fake sites would try to fool you with something like Berkeley.edu.net or Berkeley.edu.nl or something like that.

When I visit https://boinc.berkeley.edu/manager_links.php?target=notice&controlid=download on Firefox, it does NOT say that it is a fake, it simply says that the site's security certificate cannot be verified through a third party (such as VeriSign), so Firefox says that the secure connection cannot be trusted.

The problem is that Berkeley doesn't use a third-party signed certificate - they use a self-signed certificate. The problem stems from the fact that web browsers have no way to verify the authenticity of a self-signed certificate, and many companies and educational facilities do not trust using third-party certificates, so web browsers tell the user that the sites is "untrusted".

In this case, it is OK to select "I understand the Risks" and continue on to the BOINC download page.

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12474
Credit: 2,695,287
RAC: 1,405
Netherlands
Message 1258571 - Posted: 10 Jul 2012, 15:56:22 UTC - in response to Message 1258516.

https://boinc.berkeley.edu/manager_links.php?target=notice&controlid=download

Addendum to what (the invisible name guy) said, if you do not want to use the secure connection, you can also use the unsecure download link, at http://boinc.berkeley.edu/download.php, which does the same, really.
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

Profile coffee
Send message
Joined: 18 Feb 12
Posts: 4
Credit: 12,481
RAC: 0
Germany
Message 1258908 - Posted: 11 Jul 2012, 13:58:26 UTC - in response to Message 1258538.

Hello,
many thanks for your replys!
I became unsure, because I got the messages, that there's a new version of BOINC six times (normally a message has only been sent once!).
And then Firefox told me, that it might be a faked page, all my bells inside were ringing... ;-)
I'm glad, that I can trust in your software... at least! ;-)
Especially cause my e-mail-account has been hacked, as I said. The hacker sent mails from my account which I didn't know about...
Anyway... can I download the new version while it's still working on wu's?
Another question... the last time I downloaded a wu of seti, I received a wu from astropulse. Is astropulse working together with seti?
Greetings,
coffee

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13706
Credit: 31,734,174
RAC: 12,809
United States
Message 1258922 - Posted: 11 Jul 2012, 14:47:17 UTC - in response to Message 1258908.

Yes, you can update BOINC while you have work in progress.

AstroPulse is another form of SETI@Home. Or put another way, SETI@Home has two types of applications: MultiBeam (narrowband) and AstroPulse (broadband).

Profile coffee
Send message
Joined: 18 Feb 12
Posts: 4
Credit: 12,481
RAC: 0
Germany
Message 1259341 - Posted: 12 Jul 2012, 12:50:24 UTC - in response to Message 1258922.

Thanks for your reply!
Better, one time asked too much than one time too less... ;-)
Kind regards,
coffee

wmtknox5
Send message
Joined: 2 Aug 12
Posts: 1
Credit: 0
RAC: 0
United States
Message 1266705 - Posted: 2 Aug 2012, 13:22:47 UTC

Uh, I got a virus warning off the SETI@home project. My Vipre Anti-virus said libfftw3f-3-1-1a_upx.dll contained a known trojan and didn't allow the file to open. To be safe, I uninstalled BOINC & deleted all the files.

Any guidance would be much appreciated.

Here's the warning. Apologize for this being in XML, but I figure some of you are good enough to read it without too much trouble.

<?xml version="1.0" encoding="UTF-16"?>
<APEvent SchemaVersion="4.0.0" DefaultConfig="false" EventTypeEnum="2" TimeoutInSeconds="0" MonitorID="2003" MsgID="{055C2E9A-1159-4EE7-8EB6-CA66D7723633}" MonitorTypeEnum="2" RecommendScan="true" SDKVersion="5.2.5162" ThreatDefVersion="12462" APEventID="{D2C90A69-782E-422D-A212-C372A1BC9319}" IsAllowOk="true" IsAllowAlwaysOk="true" IsBlockOk="true" IsBlockAlwaysOk="true" IsQuarantineOk="true" EventActorEnum="2" EventDateTime="2012-08-02T08:59:35" TransactionID="">
<ParentProcess FilePath="C:\Program Files\BOINC\boinc.exe" PID="5128" FileSize="930992" MD5="" CRC8="0B1B05BFA8040000" CobraPackHash="0000000000000000" KnownAsEnum="1" ThreatID="0" AddedToUserKnown="false" Company="Space Sciences Laboratory" FileVersion="7.0.28" ProductName="BOINC client" ProductVersion="7.0.28" Description="BOINC client" Copyright="© 2003-2012 University of California"/>
<FileMonitor FilePath="C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-1-1a_upx.dll" MD5="e3d0548010ae1efa62545ac739da4c1d" CRC8="3E3FB975D92A0000" CobraPackHash="0000000000000000" KnownAsEnum="2" ThreatID="4752972" Company="" FileVersion="" ProductName="" ProductVersion="" Description="" Copyright=""/>
<FinalDispositionInfo DispositionEnum="2" AuthorityEnum="2" QuarantineStatusCode="1" QID="" UserName="\\FRUGAL\Marketing" ErrorEnum="0"/>
</APEvent>

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13706
Credit: 31,734,174
RAC: 12,809
United States
Message 1266706 - Posted: 2 Aug 2012, 13:32:38 UTC - in response to Message 1266705.

Have you tried scanning that file with any of the other online scanners mentioned in this thread?

If you had, I'm confident that you'd find the warning to be a false positive. "libfftw3f-3-1-1a_upx.dll" is an open source file and is required to process Fast Fourier Transform functions for SETI@Home.

Previous · 1 · 2

Questions and Answers : Windows : VIRUS IN THE PROJECTS

Copyright © 2014 University of California