Message boards :
Number crunching :
Warning: Avast indicates false positive on Astropulse V6 for Nvidia!
Message board moderation
Author | Message |
---|---|
Ulrich Metzner Send message Joined: 3 Jul 02 Posts: 1256 Credit: 13,565,513 RAC: 13 |
As the title says, the latest virus signatures for Avast Antivirus silently delete the "AP6_win_x86_SSE2_OpenCL_NV_r1843.exe" from your seti directory trashing all AP-WUs in the queue. Sorry to my wingmen, but you can see the disastrous result here: http://setiathome.berkeley.edu/results.php?hostid=157931&offset=0&show_names=0&state=0&appid=12 Unfortunately i wasn't home to stop this "gone wild" anti virus cr@p... %( Aloha, Uli |
arkayn Send message Joined: 14 May 99 Posts: 4438 Credit: 55,006,323 RAC: 0 |
As the title says, the latest virus signatures for Avast Antivirus silently delete the "AP6_win_x86_SSE2_OpenCL_NV_r1843.exe" from your seti directory trashing all AP-WUs in the queue. Sorry to my wingmen, but you can see the disastrous result here: Which is why we tell people to exclude the BOINC data directory from being scanned. |
Ulrich Metzner Send message Joined: 3 Jul 02 Posts: 1256 Credit: 13,565,513 RAC: 13 |
Which is why we tell people to exclude the BOINC data directory from being scanned.Yes, now the directory is on the exclusion list. Never had a problem with Avast for at least 6-7 years! Oh well, mea culpa for trusting this AV-software... :/ Aloha, Uli |
spitfire_mk_2 Send message Joined: 14 Apr 00 Posts: 563 Credit: 27,306,885 RAC: 0 |
Edit. Ok. Avast 9 is out. My current is Avast 8. I will update and see what the 9 does. |
Ulrich Metzner Send message Joined: 3 Jul 02 Posts: 1256 Credit: 13,565,513 RAC: 13 |
Edit. Ok. Avast 9 is out. My current is Avast 8. I will update and see what the 9 does. Be careful, i have version 9 running on WinXP, updated a few days ago. Exclude the BOINC directory prior to the update, cause the settings will be preserved. Meanwhile Avast does not complain about the Nvidia executable anymore... Aloha, Uli |
Richard Haselgrove Send message Joined: 4 Jul 99 Posts: 14649 Credit: 200,643,578 RAC: 874 |
If you get a virus warning on any file (even if you're pretty certain it's a false positive), it's always a good idea to test it against a site like https://www.virustotal.com/. I'll do that with the master copy of "AP6_win_x86_SSE2_OpenCL_NV_r1843.exe" that I built the installer with, but of course I can't be responsible for the current state of a file which may have been downloaded many months ago. If you downloaded a fresh copy, please tell me where from, and I can check whether it matches my master copy. |
Ulrich Metzner Send message Joined: 3 Jul 02 Posts: 1256 Credit: 13,565,513 RAC: 13 |
Hello, the MD5sum of the executable: AP6_win_x86_SSE2_OpenCL_NV_r1843.exe - 4811e3e8ed814ea3f3a313eb1ccd44fd BTW: It is still recognized as a virus by Avast, i just checked again. I accidentally had it on the white list. Aloha, Uli |
Richard Haselgrove Send message Joined: 4 Jul 99 Posts: 14649 Credit: 200,643,578 RAC: 874 |
Hello, Master build copy on my machine has identical MD5, and a file size of 849,920 bytes. VirusTotal calculates SHA256: eb1ac69c71df145f5b7872f73fb7618dc64bc0cb8ac843631e4fb191ba77cc14 for the copy I uploaded, and finds no virus report among the 47 virus scanning engines they're currently using to test: https://www.virustotal.com/en/file/eb1ac69c71df145f5b7872f73fb7618dc64bc0cb8ac843631e4fb191ba77cc14/analysis/1382993010/ |
Uli Send message Joined: 6 Feb 00 Posts: 10923 Credit: 5,996,015 RAC: 1 |
From one Uli to another, thank you for the heads up. So far I have not had any problems with Avast. Other issues were Seti related communication issues. Pluto will always be a planet to me. Seti Ambassador Not to late to order an Anni Shirt |
Thomas Send message Joined: 9 Dec 11 Posts: 1499 Credit: 1,345,576 RAC: 0 |
Thanks for the heads-up Ulrich. |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
VirusTotal ... finds no virus report among the 47 virus scanning engines they're currently using to test I wonder why the file is removed on people's systems and not detected in online tests (on 3 sites which may use different settings - e.g. for Heuristics Sensitivity): https://www.virustotal.com/en/file/eb1ac69c71df145f5b7872f73fb7618dc64bc0cb8ac843631e4fb191ba77cc14/analysis/ http://virusscan.jotti.org/en/scanresult/a0008b68f4926ecf23760399e083a28957c5c233 http://r.virscan.org/report/808b98fa425e8be88dff891e97df9028.html (This have to be some 'Behavioral Analysis' or how they call it by Avast or this is specific to Avast v9/2014 and do not happen on Avast v8/2013) Â - ALF - "Find out what you don't do well ..... then don't do it!" :) Â |
Gatekeeper Send message Joined: 14 Jul 04 Posts: 887 Credit: 176,479,616 RAC: 0 |
(This have to be some 'Behavioral Analysis' or how they call it by Avast or this is specific to Avast v9/2014 and do not happen on Avast v8/2013) It did happen to me on Avast v8. There was a definitions update released by Avast sometime around 0500UTC yesterday, and it was after that update that the file was quarantined by Avast. I've since applied global exclusions on Avast on all my rigs, so I don't know if subsequent definition updates are doing the same thing. EDIT: Avast called the .exe "suspicious-evo-win32" |
Dr Who Fan Send message Joined: 8 Jan 01 Posts: 3193 Credit: 715,342 RAC: 4 |
Please report False Positive to AVAST @ http://www.avast.com/contact-form.php change subject to suite your case [file name that supposedly infected]. |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
I've since applied global exclusions on Avast on all my rigs, so I don't know if subsequent definition updates are doing the same thing. I don't know what you mean by "global exclusions" (exclude BOINC dir?, exclude the .exe file name?) You can check by: 1) Copy the file (AP6_win_x86_SSE2_OpenCL_NV_r1843.exe) from ...\projects\setiathome.berkeley.edu\ (which is excluded) e.g. to your Desktop (which is not excluded and have to trigger the detection) 2) Rename the copy of the file (if you excluded AP6_win_x86_SSE2_OpenCL_NV_r1843.exe by name - new name have to trigger the detection) (I reported False Positive to AVAST using the link from Dr Who Fan post) Â - ALF - "Find out what you don't do well ..... then don't do it!" :) Â |
David S Send message Joined: 4 Oct 99 Posts: 18352 Credit: 27,761,924 RAC: 12 |
I just sent the owner of this host a PM telling him that all his v7 work is coming back with a PROT_WRITE error and it's probably caused by his AV, and then after sending the PM I looked again and realized it's running Linux. I sent another PM to try to remove my foot from my mouth. But the fact remains that all his v7s are coming back with an error 127. His APs are fine, though. David Sitting on my butt while others boldly go, Waiting for a message from a small furry creature from Alpha Centauri. |
Richard Haselgrove Send message Joined: 4 Jul 99 Posts: 14649 Credit: 200,643,578 RAC: 874 |
I just sent the owner of this host a PM telling him that all his v7 work is coming back with a PROT_WRITE error and it's probably caused by his AV, and then after sending the PM I looked again and realized it's running Linux. I sent another PM to try to remove my foot from my mouth. But the fact remains that all his v7s are coming back with an error 127. His APs are fine, though. Private (optimised) download without a chmod +x on the binary, perhaps? |
spitfire_mk_2 Send message Joined: 14 Apr 00 Posts: 563 Credit: 27,306,885 RAC: 0 |
Edit. Ok. Avast 9 is out. My current is Avast 8. I will update and see what the 9 does. Update. It has been a week or a little more since I upgraded Avast 8 to Avast 9. No problems. I try to do AP units on GPU only, so I manually abort CPU AP units. If you look at my tasks, my GPU AP units are validating just fine. http://setiathome.berkeley.edu/results.php?hostid=7103832&offset=0&show_names=0&state=0&appid=12 I did not modify Avast 8 to ignore any files. I did not modify Avast 9 to ignore any files. I simply installed Avast 8 when I installed the OS, however, obviously it does not work this way for everyone. Maybe I got lucky with how the original installation of Avast 8 worked. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.