AVG 2013 virus scanner false positive on SETI@home 7 for Windows

Message boards : News : AVG 2013 virus scanner false positive on SETI@home 7 for Windows
Message board moderation

To post messages, you must log in.

1 · 2 · 3 · 4 . . . 6 · Next

AuthorMessage
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1373641 - Posted: 30 May 2013, 17:45:58 UTC
Last modified: 31 May 2013, 22:41:09 UTC

The AVG virus scanner heuristic virus detection method reports a false positive for SETI@home version 7.00 on windows. This alert doesn't not indicate an infection with a known virus, but indicates that the application contains code that the virus scanner considers to be suspicious. AVG 2012 apparently does not report any issues.

We believe that this alert is related to the method we used to compress the executable in order to save network bandwidth. We are examining how we can resolve the problem. Until then the best strategy is to click "cancel" or "ignore" to the AVG warnings.
@SETIEric@qoto.org (Mastodon)

ID: 1373641 · Report as offensive
Profile Igogo Project Donor
Volunteer tester
Avatar

Send message
Joined: 18 Dec 04
Posts: 125
Credit: 65,303,299
RAC: 44
Thailand
Message 1373649 - Posted: 30 May 2013, 17:50:44 UTC - in response to Message 1373641.  

Thank you Eric.
ID: 1373649 · Report as offensive
WezH
Volunteer tester

Send message
Joined: 19 Aug 99
Posts: 576
Credit: 67,033,957
RAC: 95
Finland
Message 1373678 - Posted: 30 May 2013, 18:23:12 UTC

Same problem with Avira Antivirus Free:

Product version 12.1.9.1236 11.10.2012
Search engine 8.02.12.50 27.5.2013
Virus definition file 7.11.81.128 30.5.2013
Control Center 12.03.00.15 1.5.2012
Config Center 12.03.00.28 9.8.2012
Luke Filewalker 12.03.00.48 15.11.2012
Realtime Protection 12.03.00.15 1.5.2012
Filter 12.00.24.11 24.4.2012
Web Protection 12.03.08.15 1.5.2012
Scheduler 12.03.00.15 1.5.2012
Updater 12.03.14.38 15.11.2012
Rootkits Protection 12.00.50.34 27.4.2012

ID: 1373678 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1373693 - Posted: 30 May 2013, 18:46:08 UTC - in response to Message 1373678.  
Last modified: 30 May 2013, 19:17:36 UTC

If you're willing, could you please download http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe
and scan it with your virus scanner to see if it reports a problem with the uncompressed file?

And if that checks out, try to scan a recompressed version, just to be sure. http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_repacked.exe
@SETIEric@qoto.org (Mastodon)

ID: 1373693 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1373704 - Posted: 30 May 2013, 19:21:56 UTC
Last modified: 30 May 2013, 19:43:05 UTC

Microsoft Security Essentials reports nothing wrong with either the executable or the dynamic linked library.
ID: 1373704 · Report as offensive
enriqueromo

Send message
Joined: 9 Mar 13
Posts: 2
Credit: 150,218
RAC: 0
Mexico
Message 1373712 - Posted: 30 May 2013, 19:27:14 UTC - in response to Message 1373641.  
Last modified: 30 May 2013, 19:27:39 UTC

The same with Spyhunter4
ID: 1373712 · Report as offensive
Profile mrcmobile

Send message
Joined: 6 Aug 99
Posts: 1
Credit: 2,103,118
RAC: 3
Italy
Message 1373719 - Posted: 30 May 2013, 19:32:02 UTC

Same problem with trendmicro Fake Antivirus (FakeAV) Removal Tool.
http://esupport.trendmicro.com/solution/en-us/1056510.aspx

marco
ID: 1373719 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1373722 - Posted: 30 May 2013, 19:33:51 UTC - in response to Message 1373704.  
Last modified: 30 May 2013, 19:47:07 UTC

Symantec Endpoint Protection 11 and AVG 2012 find no problems, both with heuristics on.
@SETIEric@qoto.org (Mastodon)

ID: 1373722 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1373729 - Posted: 30 May 2013, 19:36:45 UTC - in response to Message 1373721.  

That's weird. I'm able to get them both from home. It's probably the coral cache problem. Try http://boinc2.ssl.berkeley.edu.nyud.net/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe directly.
@SETIEric@qoto.org (Mastodon)

ID: 1373729 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1373741 - Posted: 30 May 2013, 19:43:40 UTC

I scanned the repack as well. No problems. (Obviously no problems downloading the files either).

Did additional scans with:
Malwarebytes Anti-Malware 1.75.0.1300, Database version: v2013.05.30.06 -> no problems.

Superantispyware -> no problems.

Plus I did a scan at Virustotal.com, for the repack outcome 0/46 viruses found.
For the unpacked outcome 0/47 viruses found.
ID: 1373741 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1373747 - Posted: 30 May 2013, 19:46:14 UTC - in response to Message 1373731.  

ID: 1373747 · Report as offensive
Claggy
Volunteer tester

Send message
Joined: 5 Jul 99
Posts: 4654
Credit: 47,537,079
RAC: 4
United Kingdom
Message 1373750 - Posted: 30 May 2013, 19:52:01 UTC - in response to Message 1373731.  

That's weird. I'm able to get them both from home. It's probably the coral cache problem. Try http://boinc2.ssl.berkeley.edu.nyud.net/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe directly.


Nop, the page doesn't exist.


I used Getright to try out that link, for the first three attempts it came up 'no connection', on the 4th it got a connection and showed the file as 1.59Mb

Claggy
ID: 1373750 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1373753 - Posted: 30 May 2013, 19:52:48 UTC - in response to Message 1373749.  

We'll be turning off coral caching in a day or two, so that problem will go away in a short time.
@SETIEric@qoto.org (Mastodon)

ID: 1373753 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1373803 - Posted: 30 May 2013, 20:58:40 UTC - in response to Message 1373719.  

Same problem with trendmicro Fake Antivirus (FakeAV) Removal Tool.


Trend FakeAV reports about valid 20 programs on my system as "RogueAV" including BOINC, the NVIDIA tray utility, the UPS monitor, the Trend FakeAV Removal Tool, and the drivers for my camera. It seems that just about anything that runs as a console program in the background or has a tray icon gets reported. And it always hangs hard before completing its scans. After attemting to run it a few times, I decided I can safely ignore its detections as entirely false positives. I'm surprised there hasn't been a class action suit by software publishers against Trendmicro.
@SETIEric@qoto.org (Mastodon)

ID: 1373803 · Report as offensive
Profile Raistmer
Volunteer developer
Volunteer tester
Avatar

Send message
Joined: 16 Jun 01
Posts: 6325
Credit: 106,370,077
RAC: 121
Russia
Message 1373807 - Posted: 30 May 2013, 21:03:42 UTC
Last modified: 30 May 2013, 21:04:29 UTC

As I said in original thread already, AVG produces too many false positives to be useful. All my friends denied from use it already...
(if someone shout "fire" too often he risks to burn w/o any help...)
SETI apps news
We're not gonna fight them. We're gonna transcend them.
ID: 1373807 · Report as offensive
Profile Floyd
Avatar

Send message
Joined: 19 May 11
Posts: 524
Credit: 1,870,625
RAC: 0
United States
Message 1373814 - Posted: 30 May 2013, 21:09:18 UTC - in response to Message 1373693.  
Last modified: 30 May 2013, 21:13:31 UTC

If you're willing, could you please download http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe
and scan it with your virus scanner to see if it reports a problem with the uncompressed file?

And if that checks out, try to scan a recompressed version, just to be sure. http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_repacked.exe


Sir:
I downloaded both and AVG 2013 scanned them in the download folder and found nothing.

EDIT:
That was after it found them and I told it to allow , so it was added to the exception list in avg , Just remembered that.
ID: 1373814 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1373820 - Posted: 30 May 2013, 21:16:45 UTC - in response to Message 1373814.  
Last modified: 30 May 2013, 21:19:10 UTC

I wonder if it's only a problem when it scans the in memory copy when it is running. And if the exceptions list is based on the in memory footprint, it may be excepted. Does the original fail to scan on your AVG13?

http://boinc2.ssl.berkeley.edu/sah/download_fanout/setiathome_7.00_windows_intelx86.exe
@SETIEric@qoto.org (Mastodon)

ID: 1373820 · Report as offensive
Horacio

Send message
Joined: 14 Jan 00
Posts: 536
Credit: 75,967,266
RAC: 0
Argentina
Message 1373868 - Posted: 30 May 2013, 22:42:07 UTC

The linked files on previous posts and also the executable and library files downloaded from main for the CPU don't trigger any warning neither with the free version of Avast neither with the last Norton Antivirus...

The only warning in all cases was from MS Internet Explorer saying that the files were not commonly downloaded so it suggested to delete them, but as BOINC dont need a browser to download the files this should not be an issue... (even when the wording of the warning was really frightening LOL)
ID: 1373868 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1373895 - Posted: 30 May 2013, 23:20:48 UTC - in response to Message 1373859.  

I have Trend Virus scan the best there is!!


Never tried it. I was only talking about the false positives from their FakeAV detector.
@SETIEric@qoto.org (Mastodon)

ID: 1373895 · Report as offensive
spyregyre

Send message
Joined: 25 Aug 01
Posts: 3
Credit: 35,736,267
RAC: 23
United States
Message 1373905 - Posted: 30 May 2013, 23:55:17 UTC

I just had both the stable and development version trigger AVG. My question is how to turn or exception boinc from AVG.

thanks.
ID: 1373905 · Report as offensive
1 · 2 · 3 · 4 . . . 6 · Next

Message boards : News : AVG 2013 virus scanner false positive on SETI@home 7 for Windows


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.