Message boards :
Number crunching :
GUPPI Rescheduler for Linux and Windows - Move GUPPI work to CPU and non-GUPPI to GPU
Message board moderation
Previous · 1 . . . 17 · 18 · 19 · 20 · 21 · 22 · 23 . . . 37 · Next
Author | Message |
---|---|
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
The previous QOpt_64.exe was fine with Kaspersky. Which is "The previous QOpt_64.exe"? Send it to VirusTotal and give link: https://www.virustotal.com/ Â - ALF - "Find out what you don't do well ..... then don't do it!" :) Â |
Jimbocous Send message Joined: 1 Apr 13 Posts: 1853 Credit: 268,616,081 RAC: 1,349 |
The previous QOpt_64.exe was fine with Kaspersky. https://www.virustotal.com/en/file/e2dd48f172c21c5cf1342b98f66357fbda80a3ecea0afc08f2bf713c435a89b1/analysis/ |
Jimbocous Send message Joined: 1 Apr 13 Posts: 1853 Credit: 268,616,081 RAC: 1,349 |
Current zip of 32/64 files and docs: https://www.virustotal.com/en/file/aea7f6a947eb361e14c4cf2ba40193da82af3090776dc1894a12c48ba291269e/analysis/1475471910/ |
Keith Myers Send message Joined: 29 Apr 01 Posts: 13164 Credit: 1,160,866,277 RAC: 1,873 |
The previous QOpt_64.exe was fine with Kaspersky. https://www.virustotal.com Seti@Home classic workunits:20,676 CPU time:74,226 hours A proud member of the OFA (Old Farts Association) |
Keith Myers Send message Joined: 29 Apr 01 Posts: 13164 Credit: 1,160,866,277 RAC: 1,873 |
The version of QOpt_64.exe that Jim made back on 10/1 I think. I believe it was his first attempt to get rid of the false positives by compiling the program as a 64 bit version instead of 32 bit which all the previous iterations were. Seti@Home classic workunits:20,676 CPU time:74,226 hours A proud member of the OFA (Old Farts Association) |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
The previous QOpt_64.exe was fine with Kaspersky. That one (from Message 1821195 (?)) have only "Detection ratio: 4 / 57" but is no more available. And half of the Antiviruses' vendors/programmers are crazy, over time the number of False Positive count increases instead of decreasing! (most "Detect" as "Generic", all 6 that say "Trojan.GenericKD.3572544" depend on BitDefender) Now "Detection ratio: 25 / 56" (was 10 / 56) for the "latest" QOpt_1_02g_x64 https://www.virustotal.com/en/file/60ef32832e9ac2fea560ba52d313893915c1703fc72af411394e0817e58843d3/analysis/ You may use that list as indication of who really analyses the files and who flags them "just in case" because some other Antivirus detects them. (I think that VirusTotal sends any new file to the labs of All Antivirus vendors for analysis if even only one Antivirus detects it) And (for that reason?) Jimbocous seem to remove the QOpt_1_02g_x64\QOpt.exe - at the same Download link: http://setiathome.berkeley.edu/forum_thread.php?id=79954&postid=1821271#1821271 Â - ALF - "Find out what you don't do well ..... then don't do it!" :) Â |
Jimbocous Send message Joined: 1 Apr 13 Posts: 1853 Credit: 268,616,081 RAC: 1,349 |
And half of the Antiviruses' vendors/programmers are crazy, over time the number of False Positive count increases instead of decreasing! Might try this one. Actually, it seems Windows "Defender" ignored the directory exclusion and nuked the files in some paths. Very unhappy, it should have left the drop box alone. Also, got a response back from McAfee:
They're the only ones I've heard back from as yet. Not sure this really means much, as it seem like every time I recompile it will look different and trigger somebody. Only suggestion I can offer is to download it, and try to white list it. |
Jeff Buck Send message Joined: 11 Feb 00 Posts: 1441 Credit: 148,764,870 RAC: 0 |
Might try this one. Well, I hate to tell you, but McAfee is not at all happy with this one, and it hadn't previously had a problem with the 64-bit version. First, it tried to block the download claiming it detected "Artemis!9B26FE0862C7", which is similar to the "Artemis" trojan it detected in one of your earlier versions. Then, after I let it download anyway, I updated the McAfee definitions and, just about as quickly as McAfee restarted it found the downloaded file and nuked it due to "RDN/Generic Downloader.x". Just a question for you, as I don't know your development environment, but do you have any predefined arrays or large variables that are allocated in the module before you compile it? Sometimes, if the storage areas for those arrays aren't initialized with blanks or zeros at design time, they pick up whatever random garbage happens to be in RAM when the program is first written and that stuff can persist in the compiled module. I've seen it happen, though never with the sort of garbage that would look like a virus or trojan signature. I suppose it could happen, however. |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
Might try this one. Not fault of the file itself (i.e. McAfee updated signatures): That version is old enough (found in QOpt 1.02f.zip) It was scanned (by someone, maybe me) ~3 days ago and "Detection ratio: 8 / 57" https://www.virustotal.com/en/file/e2dd48f172c21c5cf1342b98f66357fbda80a3ecea0afc08f2bf713c435a89b1/analysis/1475643640/ The same file scanned now - "Detection ratio: 28 / 56" https://www.virustotal.com/en/file/e2dd48f172c21c5cf1342b98f66357fbda80a3ecea0afc08f2bf713c435a89b1/analysis/1475643643/ Â - ALF - "Find out what you don't do well ..... then don't do it!" :) Â |
Jimbocous Send message Joined: 1 Apr 13 Posts: 1853 Credit: 268,616,081 RAC: 1,349 |
Just a question for you, as I don't know your development environment, but do you have any predefined arrays or large variables that are allocated in the module before you compile it? Naw, nothing fancy at all. All this is is a batch (.cmd) file that's compiled to try and speed up a few things. Outside of the normal DOS type commands, the only things even vaguely suspicious are: a couple REG QUERYs to determine the BOINC file path environment (Haselgrove's well-proven code), some TASKLIST queries to determine what's running, some TASKKILL operations to shut stuff down as needed, SET some environment variables to keep track of what's going on, where files and paths are, filenames to work with, and that's about it. Only other variable BilBg mentioned was whether UPX compression was enabled or not, and I'm leaving that disabled as apparently that has the habit of increasing false positives. |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
Actually, it seems Windows "Defender" ignored the directory exclusion and nuked the files in some paths. Very unhappy, it should have left the drop box alone. Set your Antivirus to "Ask me what to do" (i.e. Delete | Clean | Do Nothing) For ESET NOD32 Antivirus 4 I needed to set this in 3-4 places to be true for "everything" (e.g. Real-time, Manual scan, Web protection...) (In all cases the file (not yours, some other file) is blocked from Opening/Executing - even if [Do Nothing] is clicked) Â - ALF - "Find out what you don't do well ..... then don't do it!" :) Â |
Jimbocous Send message Joined: 1 Apr 13 Posts: 1853 Credit: 268,616,081 RAC: 1,349 |
Set your Antivirus to "Ask me what to do" (i.e. Delete | Clean | Do Nothing) That applies to a real antivirus, not "Defender". M$ knows all, doesn't require your input. :| |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
All this is is a batch (.cmd) file that's compiled to try and speed up a few things. Which BAT2EXE do you use?: https://duckduckgo.com/?q=BAT2EXE&ia=web I ask because some of the detections are like this: Avira (no cloud)Â Â Â Â Â Â TR/Crypt.XPACK.Gen7 Crypt.XPACK suggests that BAT2EXE compresses (XPACK) or enCrypts parts of the .exe Do you use any such Option/flag/switch for BAT2EXE ? If this (compiling) is only for "speed up" (and not to hide the code) - I don't think it is needed (i.e. compiling will not speed up measurably this .cmd file) Scan of QOpt.0.49.cmd is "Green" (Clean) https://www.virustotal.com/en/file/2e5a7b436d42f0cd6b704894726aa0c69ea5203a92ecd941451d9a481af65133/analysis/1475646195/ Â - ALF - "Find out what you don't do well ..... then don't do it!" :) Â |
Jimbocous Send message Joined: 1 Apr 13 Posts: 1853 Credit: 268,616,081 RAC: 1,349 |
Which BAT2EXE do you use?: After a bunch of checking and experimentation, I use this one, primarily because of its reputation and freeware status. No compression, no encryption, no other options. If this (compiling) is only for ... No compiling, no distribution. Not up for discussion in this forum. I have my reasons. Scan of QOpt.0.49.cmd is "Green" (Clean) As one would expect. Not sure a batch file even could contain a virus as such. Though I wouldn't recommend running 0.49. I've fixed a lot of problems since then:) |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
Though I wouldn't recommend running 0.49. I've fixed a lot of problems since then:) As you know I don't run any version. QOpt.0.49.cmd is just the last file you sent me to proofread. The link for "Bat To Exe Converter" is 'bad' in your post, fixed: http://www.f2ko.de/en/b2e.php  - ALF - "Find out what you don't do well ..... then don't do it!" :)  |
Jimbocous Send message Joined: 1 Apr 13 Posts: 1853 Credit: 268,616,081 RAC: 1,349 |
Though I wouldn't recommend running 0.49. I've fixed a lot of problems since then:) Understood. Just wanted to get that out there, in case someone wanted to run it, due to all the hassle with the false positives. I would not advise anything below 1.0 due to file path issues you well know, as you helped me through them:) If you've ever come across another bat2exec you like, I would love to know. The one I started with wanted a license fee to make distributable code. Entirely reasonable. But in life you either have too little time or too little money. Never too much of each. Time I can invest in this, and certainly have. The one I'm using seemed to have a very clean rep, and no mention that I could find of virus issues, false or otherwise. Always a worry, though. |
Jimbocous Send message Joined: 1 Apr 13 Posts: 1853 Credit: 268,616,081 RAC: 1,349 |
Might try this one. Just did a fresh x64 compile. Again, now seems to scan clean with WD, as does the full zip file. 10/56 on the fulll zip file with both 32 and 64 bit versions, and nice to see McAfee isn't amongst them now. Just reported to Avast and Kaspersky. If I can get them to white list it, I'll be a happy camper. |
Grant (SSSF) Send message Joined: 19 Aug 99 Posts: 13736 Credit: 208,696,464 RAC: 304 |
But in life you either have too little time or too little money. Or both. *deep sigh* Grant Darwin NT |
Jimbocous Send message Joined: 1 Apr 13 Posts: 1853 Credit: 268,616,081 RAC: 1,349 |
But in life you either have too little time or too little money. Ended up with all the time in the world. All I had to do was get laid off :| lol. That was 6 years ago, I really miss it! (not) |
I3APR Send message Joined: 23 Apr 16 Posts: 99 Credit: 70,717,488 RAC: 0 |
Hmm...all matches, except for point #1 : my main cruncher, which normally produce about 100k credits/day and should be eligible for running your program is Windows 2012 R2..do you explicitly filter out such OS ? My working Nvidia driver is the one for Windows 8.1, so maybe it worth a try, do you think I could screw it all by running it or it simply would not work..? Thank you ! A. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.