VIRUS IN THE PROJECTS

Questions and Answers : Windows : VIRUS IN THE PROJECTS
Message board moderation

To post messages, you must log in.

Previous · 1 · 2

AuthorMessage
pabla

Send message
Joined: 8 Jul 12
Posts: 2
Credit: 0
RAC: 0
Germany
Message 1258132 - Posted: 9 Jul 2012, 18:20:59 UTC

BilBG, I must apologize, I forgot to mention: I am using Avira free Antivirus.
ID: 1258132 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1258194 - Posted: 9 Jul 2012, 21:06:20 UTC - in response to Message 1258132.  

So do I, but mine doesn't find anything in the file. I downloaded it specifically, since I'm using optimized applications.

Avira Version information:
BUILD.DAT       : 12.0.0.1125
AVSCAN.EXE      : 12.3.0.15
VBASE031.VDF    : 7.11.35.128    64000 Bytes    8-7-2012 21:27:58

Configuration settings for the scan:
Jobname.............................: ShlExt
Configuration file..................: C:\Users\Ageless\AppData\Local\Temp\3a632566.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: P:, 
Process scan........................: off
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Skipped files.......................: D:\BOINC613\*, D:\Crytek\Crysis 2\bin32\Crysis2.exe, D:\Crytek\Crysis 2\bin32\Crysis2Launcher.exe, E:\Crytek\*, k:\*.*, P:\ProgramData\*, 
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: maandag 9 juli 2012  22:53

Starting the file scan:

Begin scan in 'P:\ProgramData\ap_graphics_6.01_windows_intelx86.exe'

End of the scan: maandag 9 juli 2012  22:53
Used time: 00:00 Minute(s)

The scan has been done completely.

      0 Scanned directories
      2 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
      2 Files not concerned
      0 Archives were scanned
      0 Warnings
      0 Notes


Our advice is always to exclude the BOINC Data directory from being scanned by your anti-virus and other anti-malware scanners and only to scan these by hand, after you exited BOINC (or suspended it), to avoid loss of work.

As you can see, I have my data directory excluded from being scanned.
If you want to do so as well, open Avira, click Realtime Protection, Configuration, Scan, Exceptions, with the ... box search on "File objects to be scanned" (Second option) for your BOINC Data directory (default at C:\Programdata\BOINC\ under Windows Vista and Windows 7), select the BOINC main directory and click Add, click Apply, click OK.
ID: 1258194 · Report as offensive
Profile BilBg
Volunteer tester
Avatar

Send message
Joined: 27 May 07
Posts: 3720
Credit: 9,385,827
RAC: 0
Bulgaria
Message 1258474 - Posted: 10 Jul 2012, 8:02:06 UTC - in response to Message 1258132.  


Two more Antivirus scan results (nothing found):

http://r.virscan.org/report/364572dc4292f30b165afe592eb2a626.html

http://virusscan.jotti.org/en/scanresult/f8165a9bc2bcc55cde281bc4089a2af4d6cc348f

(Despite using the same Antivirus programs the sites (virustotal.com, virscan.org, virusscan.jotti.org) sometimes give different results probably because they use different settings (e.g. heuristics sensitivity level))


 


- ALF - "Find out what you don't do well ..... then don't do it!" :)
 
ID: 1258474 · Report as offensive
Profile coffee

Send message
Joined: 18 Feb 12
Posts: 4
Credit: 12,481
RAC: 0
Germany
Message 1258516 - Posted: 10 Jul 2012, 11:22:56 UTC - in response to Message 1253988.  

Hello there,
it seems so. Since several days I got the same message, that there's an update of BOINCE available.
Still... when I want to go on reading on my Firefox, the browser says "Sorry, you can't trust this site. It seems to be a faked site!"
I didn't download the new version of BOINC.
And my e-mail-account, on which I communicate with BOINC, has been attacked the last days!
My question now is: is there a new version of BOINC?
Here's the link to the site, my Firefox browser says NO to:

https://boinc.berkeley.edu/manager_links.php?target=notice&controlid=download

Can anybody do something with this?
I suggested you, NOT to follow this link!
Kind greetings,
coffee
ID: 1258516 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1258538 - Posted: 10 Jul 2012, 13:31:40 UTC - in response to Message 1258516.  

Hello there,
it seems so. Since several days I got the same message, that there's an update of BOINCE available.
Still... when I want to go on reading on my Firefox, the browser says "Sorry, you can't trust this site. It seems to be a faked site!"
I didn't download the new version of BOINC.
And my e-mail-account, on which I communicate with BOINC, has been attacked the last days!
My question now is: is there a new version of BOINC?
Here's the link to the site, my Firefox browser says NO to:

https://boinc.berkeley.edu/manager_links.php?target=notice&controlid=download

Can anybody do something with this?
I suggested you, NOT to follow this link!
Kind greetings,
coffee


https://boinc.berkeley.edu/manager_links.php?target=notice&controlid=download is the correct URL to get BOINC updates. You can tell it is not fake because it belongs directly to the Berkeley.edu domain. Fake sites would try to fool you with something like Berkeley.edu.net or Berkeley.edu.nl or something like that.

When I visit https://boinc.berkeley.edu/manager_links.php?target=notice&controlid=download on Firefox, it does NOT say that it is a fake, it simply says that the site's security certificate cannot be verified through a third party (such as VeriSign), so Firefox says that the secure connection cannot be trusted.

The problem is that Berkeley doesn't use a third-party signed certificate - they use a self-signed certificate. The problem stems from the fact that web browsers have no way to verify the authenticity of a self-signed certificate, and many companies and educational facilities do not trust using third-party certificates, so web browsers tell the user that the sites is "untrusted".

In this case, it is OK to select "I understand the Risks" and continue on to the BOINC download page.
ID: 1258538 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1258571 - Posted: 10 Jul 2012, 15:56:22 UTC - in response to Message 1258516.  

https://boinc.berkeley.edu/manager_links.php?target=notice&controlid=download

Addendum to what (the invisible name guy) said, if you do not want to use the secure connection, you can also use the unsecure download link, at http://boinc.berkeley.edu/download.php, which does the same, really.
ID: 1258571 · Report as offensive
Profile coffee

Send message
Joined: 18 Feb 12
Posts: 4
Credit: 12,481
RAC: 0
Germany
Message 1258908 - Posted: 11 Jul 2012, 13:58:26 UTC - in response to Message 1258538.  

Hello,
many thanks for your replys!
I became unsure, because I got the messages, that there's a new version of BOINC six times (normally a message has only been sent once!).
And then Firefox told me, that it might be a faked page, all my bells inside were ringing... ;-)
I'm glad, that I can trust in your software... at least! ;-)
Especially cause my e-mail-account has been hacked, as I said. The hacker sent mails from my account which I didn't know about...
Anyway... can I download the new version while it's still working on wu's?
Another question... the last time I downloaded a wu of seti, I received a wu from astropulse. Is astropulse working together with seti?
Greetings,
coffee
ID: 1258908 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1258922 - Posted: 11 Jul 2012, 14:47:17 UTC - in response to Message 1258908.  

Yes, you can update BOINC while you have work in progress.

AstroPulse is another form of SETI@Home. Or put another way, SETI@Home has two types of applications: MultiBeam (narrowband) and AstroPulse (broadband).
ID: 1258922 · Report as offensive
Profile coffee

Send message
Joined: 18 Feb 12
Posts: 4
Credit: 12,481
RAC: 0
Germany
Message 1259341 - Posted: 12 Jul 2012, 12:50:24 UTC - in response to Message 1258922.  

Thanks for your reply!
Better, one time asked too much than one time too less... ;-)
Kind regards,
coffee
ID: 1259341 · Report as offensive
wmtknox5

Send message
Joined: 2 Aug 12
Posts: 1
Credit: 0
RAC: 0
United States
Message 1266705 - Posted: 2 Aug 2012, 13:22:47 UTC

Uh, I got a virus warning off the SETI@home project. My Vipre Anti-virus said libfftw3f-3-1-1a_upx.dll contained a known trojan and didn't allow the file to open. To be safe, I uninstalled BOINC & deleted all the files.

Any guidance would be much appreciated.

Here's the warning. Apologize for this being in XML, but I figure some of you are good enough to read it without too much trouble.

<?xml version="1.0" encoding="UTF-16"?>
<APEvent SchemaVersion="4.0.0" DefaultConfig="false" EventTypeEnum="2" TimeoutInSeconds="0" MonitorID="2003" MsgID="{055C2E9A-1159-4EE7-8EB6-CA66D7723633}" MonitorTypeEnum="2" RecommendScan="true" SDKVersion="5.2.5162" ThreatDefVersion="12462" APEventID="{D2C90A69-782E-422D-A212-C372A1BC9319}" IsAllowOk="true" IsAllowAlwaysOk="true" IsBlockOk="true" IsBlockAlwaysOk="true" IsQuarantineOk="true" EventActorEnum="2" EventDateTime="2012-08-02T08:59:35" TransactionID="">
<ParentProcess FilePath="C:\Program Files\BOINC\boinc.exe" PID="5128" FileSize="930992" MD5="" CRC8="0B1B05BFA8040000" CobraPackHash="0000000000000000" KnownAsEnum="1" ThreatID="0" AddedToUserKnown="false" Company="Space Sciences Laboratory" FileVersion="7.0.28" ProductName="BOINC client" ProductVersion="7.0.28" Description="BOINC client" Copyright="© 2003-2012 University of California"/>
<FileMonitor FilePath="C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-1-1a_upx.dll" MD5="e3d0548010ae1efa62545ac739da4c1d" CRC8="3E3FB975D92A0000" CobraPackHash="0000000000000000" KnownAsEnum="2" ThreatID="4752972" Company="" FileVersion="" ProductName="" ProductVersion="" Description="" Copyright=""/>
<FinalDispositionInfo DispositionEnum="2" AuthorityEnum="2" QuarantineStatusCode="1" QID="" UserName="\\FRUGAL\Marketing" ErrorEnum="0"/>
</APEvent>
ID: 1266705 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1266706 - Posted: 2 Aug 2012, 13:32:38 UTC - in response to Message 1266705.  

Have you tried scanning that file with any of the other online scanners mentioned in this thread?

If you had, I'm confident that you'd find the warning to be a false positive. "libfftw3f-3-1-1a_upx.dll" is an open source file and is required to process Fast Fourier Transform functions for SETI@Home.
ID: 1266706 · Report as offensive
Previous · 1 · 2

Questions and Answers : Windows : VIRUS IN THE PROJECTS


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.