Today I ran a full sacn of my system using McAfee and it detected the subject Trojan in the AP_GRAPHICS_5.03_WINDOWS_INTELX86.exe file.

What does this file do?

I am running the current version of BOINC.

The file has been quarantined. If I download BOINC again I don't believe it will replace the current installed BOINC as they are the same Version.

Has anybody seen anything similar?

Suggestions?

---

Today I ran a full sacn of my system using McAfee and it detected the subject Trojan in the AP_GRAPHICS_5.03_WINDOWS_INTELX86.exe file.

What does this file do?

I am running the current version of BOINC.

The file has been quarantined. If I download BOINC again I don't believe it will replace the current installed BOINC as they are the same Version.

Has anybody seen anything similar?

Suggestions?

That is part of the Seti application to analyze Astropulse WU. McAfee and other virus software often give false positive. It is best to exempt the Boinc folders from being scanned. The chance of a virus coming from a trusted project is virtually zero. Even then Boinc software limits application to reading and writing within the Boinc Data folder.

---

Boinc V7.2.42
Win7 i5 3.33G 4GB, GTX470

It is the executable that displays graphics for the screen saver for AP tasks. If you delete it, it will be downloaded again from S@H.

---

BOINC WIKI

Today I ran a full scan of my system using McAfee and it detected the subject Trojan in the AP_GRAPHICS_5.03_WINDOWS_INTELX86.exe file.

What does this file do?

I am running the current version of BOINC.

The file has been quarantined. If I download BOINC again I don't believe it will replace the current installed BOINC as they are the same Version.

Has anybody seen anything similar?

Suggestions?

Please, report this obviously wrong identification (false positive) to McAfee
- they have to correct this (if not already)!

(this file is part of SETI@home project (auto downloaded) - Not part of BOINC)

.

---

 


- ALF - "Find out what you don't do well ..... then don't do it!" :)
 

I got the same trojan message on a scan performed my Mcafee today and on a scan on 8/14/09. IS this really a trojan? If this comes up on several machines perhaps it is.

R Rothemund

---

I got the same trojan message on a scan performed my Mcafee today and on a scan on 8/14/09. IS this really a trojan? If this comes up on several machines perhaps it is.

R Rothemund

As posted earlier it is not a Trojan but a known part of the Seti software. Anti virus software work by looking for patterns. If it looks anything like something a virus or trojan would use it assumes that's what it is. They are wrong more often then they are right because it is difficult to distinguish a benign piece of code from one that is designed to cause problems with your system.

Complain to your AV software company, they should know by now to ignore this false positive.

---

Boinc V7.2.42
Win7 i5 3.33G 4GB, GTX470

I got the same trojan message on a scan performed my Mcafee today and on a scan on 8/14/09. IS this really a trojan? If this comes up on several machines perhaps it is.

R Rothemund

That's false logic because it's a false positive. Of course it's going to come up on several machines because it is being falsely identified by the AV program.

This sort of thing is actually relatively common. I've seen it happen on other virus scanners from F-Prot & Kaspersky as well. Often, the reason why it is considered a trojan is due to the AV's primitive methods of identifying the behavior. All the scanner "sees" is that one program (BOINC) is trying to download another program (any science app) without the user having started the download manually, such as from a website - then the program itself consumes all CPU cycles like what most programs do when a machine has been turned into a zombie as part of a botnet.

This has already been identified by another user in this thread.

---

I just received a message from Comodo AV that astropulse_5.05_windows_intelx86.exe was labeled as Backdoor.Win32.Hupigon.RAA trojan. I wonder if this was the same behavior as above, a false positive? I just started using this AV recently, so I suspect so, but just in case, has anyone verified his?

Regards,

---

I just received a message from Comodo AV that astropulse_5.05_windows_intelx86.exe was labeled as Backdoor.Win32.Hupigon.RAA trojan. I wonder if this was the same behavior as above, a false positive? I just started using this AV recently, so I suspect so, but just in case, has anyone verified his?

Regards,

Since it is known that the file comes from a trusted source 'SETI' which has not been compromised, then there is only one conclusion possible, it is a false positive. We are beginning to see that several different AV view this file as a virus, but they come up with different types. It is obvious that they are detecting a general pattern or behavior but can't identify it to a specific type of infection. They are doing 'best guess' and making false assumptions.

Yep, I agree it is a false positive. Also, I was just reading reviews where Comodo AV (free version) is ranked as one of the worst, or best ;-), in producing false positives. It looks as though, I will remove it and use a more reliable AV scanner. I just needed an interim solution to AV anyway as my old (paid) AV broke after upgrading to Windows Vista SP2. Thanks for the help here.

---

Yes I have!!!! My McAfee is going crazy & now my pc is going very slow!!!!!
[/b]

What you have to do is uninstall the Boinc your pc & then reinstall it that should take care of the problem. Because Boinc I think will keep your data current.

Best not read the rest of the thread... ;-)

If you don't trust what's being said in the thread, about this being a false positive detection by your anti virus software, you can run the file through http://www.virustotal.com/, which tests it against 30+ anti virus products.

Edit: I tested it just a moment ago and only McAfee finds something. Since the rest doesn't, you can conclude that it's not infected and what you see is a false positive that has to be fixed by McAfee.

---

What you have to do is uninstall the Boinc your pc & then reinstall it that should take care of the problem. Because Boinc I think will keep your data current.

This is not a solution to a problem that starts with the AV.

---

In a rich man's house there is no place to spit but his face.
Diogenes Of Sinope

Dump McAfee and get a reliable and FREE AV solution such as Avira AntiVIR.

---

Dump McAfee and get a reliable and FREE AV solution such as Avira AntiVIR.

I like most NOD32 Antivirus

http://www.eset.com/

http://www.eset.com/products/compare-NOD32-vs-competition.php

---

 


- ALF - "Find out what you don't do well ..... then don't do it!" :)