Norton AV detected WS.Reputation.1 threat in libfftw3f-3-3_upx.dll

Questions and Answers : Windows : Norton AV detected WS.Reputation.1 threat in libfftw3f-3-3_upx.dll
Message board moderation

To post messages, you must log in.

AuthorMessage
Profile Robi

Send message
Joined: 24 Oct 00
Posts: 33
Credit: 886,890
RAC: 1
United States
Message 1538195 - Posted: 9 Jul 2014, 2:26:44 UTC

On my laptop, Norton (Symantec) AV just detected a WS.Reputation.1 threat in libfftw3f-3-3_upx.dll.
According to Symantec this is not considered a virus or an adware or spyware threat, but instead a "wisdom of crowds" reputation-based system level.

the Norton message is:

Medium
This file risk is medium.

Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe
____________________________
http://boinc2.ssl.berkeley.edu/sah/download_fanout/libfftw3f-3-3_upx.dll
Downloaded File libfftw3f-3-3_upx.dll Threat name: WS.Reputation.1
 from berkeley.edu

Source: External Media

boinc.exe

File Created: libfftw3f-3-3_upx.dll
____________________________

File Actions

Infected file: c:\programdata\BOINC\projects\setiathome.berkeley.edu\ libfftw3f-3-3_upx.dll Restart Required
____________________________

File Thumbprint - SHA:
bbd819680b20d52669238c2c14da4d6ec43d21bca58fd5be6398d34b2e0880df
File Thumbprint - MD5:
Not available


I have contacted Symantec as for it being a false positive, but my laptop is now requiring a restart, and when that happens, I'm afraid that the file will be gone and the WU fail because of it.
Does anybody have a solution for me to reverse the actions of Symantec? I have Norton Internet Security Version 21.3.0.12

Thanks for any help
Robi
ID: 1538195 · Report as offensive
Profile arkayn
Volunteer tester
Avatar

Send message
Joined: 14 May 99
Posts: 4438
Credit: 55,006,323
RAC: 0
United States
Message 1538536 - Posted: 9 Jul 2014, 15:57:44 UTC - in response to Message 1538195.  

On my laptop, Norton (Symantec) AV just detected a WS.Reputation.1 threat in libfftw3f-3-3_upx.dll.
According to Symantec this is not considered a virus or an adware or spyware threat, but instead a "wisdom of crowds" reputation-based system level.

the Norton message is:

Medium
This file risk is medium.

Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe
____________________________
http://boinc2.ssl.berkeley.edu/sah/download_fanout/libfftw3f-3-3_upx.dll
Downloaded File libfftw3f-3-3_upx.dll Threat name: WS.Reputation.1
 from berkeley.edu

Source: External Media

boinc.exe

File Created: libfftw3f-3-3_upx.dll
____________________________

File Actions

Infected file: c:\programdata\BOINC\projects\setiathome.berkeley.edu\ libfftw3f-3-3_upx.dll Restart Required
____________________________

File Thumbprint - SHA:
bbd819680b20d52669238c2c14da4d6ec43d21bca58fd5be6398d34b2e0880df
File Thumbprint - MD5:
Not available


I have contacted Symantec as for it being a false positive, but my laptop is now requiring a restart, and when that happens, I'm afraid that the file will be gone and the WU fail because of it.
Does anybody have a solution for me to reverse the actions of Symantec? I have Norton Internet Security Version 21.3.0.12

Thanks for any help


Best thing you can do is exclude the BOINC data directory from you AV scan.

Pause BOINC, copy the "offending" dll to another location, restart the computer.
After it comes back up, check the folder to see if it removed the dll and replace if necessary.

ID: 1538536 · Report as offensive
Profile Robi

Send message
Joined: 24 Oct 00
Posts: 33
Credit: 886,890
RAC: 1
United States
Message 1542707 - Posted: 16 Jul 2014, 18:31:27 UTC - in response to Message 1538536.  

Thanks arkayn,

I ended up adding the BOINC folder to my AV exclude list and hope that no virus enters through BOINC... :(
according to Symantec, the file is OK and shouldn't have triggered, so no idea what the fluke was.
regardless, after a restart, BOINC noticed the file was gone, and silently downloaded it again without any hiccups...
ah well...
crunch on!
Robi
ID: 1542707 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1542829 - Posted: 17 Jul 2014, 0:11:59 UTC - in response to Message 1542707.  

I ended up adding the BOINC folder to my AV exclude list and hope that no virus enters through BOINC... :(


BOINC runs science applications in a sandboxed environment. Meaning, if a virus were ever distributed through BOINC, it would have very minimal impact on your machine and would be quite easy to get rid of.

according to Symantec, the file is OK and shouldn't have triggered, so no idea what the fluke was.


It's known as a "false positive". The way virus scanners work is they search all files on a hard drive for a specific signature or type of process activity. This used to work well 25 years so. Due to the completely random nature of SETI@home workunits, it isn't too surprising to see false positives in the workunits. And when it is a science application that triggers a false positive, it is usually because of the behavior - science applications run your system full bore, and that type of behavior was common with worms 15 years ago.

This is why it is best to exclude BOINC and all science apps from scanning; they're just not intelligent enough to handle it, and the anti-virus vendors can't seem to be bothered to either add an exclusion to the scanner, or to come up with a more intelligent heuristics to detect viruses.
ID: 1542829 · Report as offensive

Questions and Answers : Windows : Norton AV detected WS.Reputation.1 threat in libfftw3f-3-3_upx.dll


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.