Workunit Shortage

Message boards : News : Workunit Shortage
Message board moderation

To post messages, you must log in.

Previous · 1 · 2 · 3 · Next

AuthorMessage
Profile WHOSIT
Avatar

Send message
Joined: 12 Nov 10
Posts: 29
Credit: 162,958
RAC: 0
United States
Message 1058749 - Posted: 22 Dec 2010, 16:52:27 UTC - in response to Message 1058179.  

Hi @all,

i got a Virus (Trojan) in my last workunit. Trend Micro shows me: TROJ_GEN.FA2CZLJ in ..\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe

hey guys, whats going up? Please check your systems. I stop further download.

fred

It's highly unlikely that, with a hundred thousand users or more, and applications which have remained on secure servers since they were released in August 2008, that you computer is the first and (so far as I know) only computer to have detected this virus.


I would think, that IF such a dasterdly occurance of infection should happen, someone indeed WOULD BE "FIRST" out of the multitudes of users to get it. :-)

To be serious, I agree, that this is only a case of a "false positive" finding of the user's installed anti-malware program. It's a very common problem, which scares the bejesus out of many PC owners when it happens, myself included.
Wishing you continued science "fun" and at least, always valid results,
Laters,
Rick "WHOSIT" W.
Participating in: Einstein/MilkyWay/Rosetta/SETI
ID: 1058749 · Report as offensive
Profile WHOSIT
Avatar

Send message
Joined: 12 Nov 10
Posts: 29
Credit: 162,958
RAC: 0
United States
Message 1058760 - Posted: 22 Dec 2010, 17:17:23 UTC - in response to Message 1058738.  

I haven't seen any downloads in the past few days. Also completed tasks are not uploading. Any ideas?


Read Technical News, we're in the middle of the 3 day outage,

Claggy


They really should feed and water their mice more often. Perhaps they would then continue to run on the tread mill more. :-)

One thing which occurred here was, that I began crunching "AstroPulse" WUs for the very first time, during this controlled "outage". I was quite pleased, but this to has stopped as well. "BUMMER", but I think the outcome of the outage will improve future services, so in the long run, it's a good thing.

Wishing you continued science "fun" and at least, always valid results,
Laters,
Rick "WHOSIT" W.
Participating in: Einstein/MilkyWay/Rosetta/SETI
ID: 1058760 · Report as offensive
kittyman Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Jul 00
Posts: 51468
Credit: 1,018,363,574
RAC: 1,004
United States
Message 1058777 - Posted: 22 Dec 2010, 18:08:08 UTC
Last modified: 22 Dec 2010, 18:08:29 UTC

The main goal today, should it go off successfully........
Is to change the stripes on Oscar's drives to make them more efficient.

This involves moving a LOT of data back and forth between Oscar and his sister, Carolyn.

Hence, the extra day of downtime.

It has been hinted at that these 3 day science fairs might be coming to and end.......
No promises there.
"Freedom is just Chaos, with better lighting." Alan Dean Foster

ID: 1058777 · Report as offensive
Dave

Send message
Joined: 29 Mar 02
Posts: 778
Credit: 25,001,396
RAC: 0
United Kingdom
Message 1058780 - Posted: 22 Dec 2010, 18:17:24 UTC

A leopard never changes its stripes ;)...
ID: 1058780 · Report as offensive
Profile WHOSIT
Avatar

Send message
Joined: 12 Nov 10
Posts: 29
Credit: 162,958
RAC: 0
United States
Message 1058792 - Posted: 22 Dec 2010, 18:54:00 UTC - in response to Message 1058777.  

The main goal today, should it go off successfully........
Is to change the stripes on Oscar's drives to make them more efficient.

This involves moving a LOT of data back and forth between Oscar and his sister, Carolyn.

Hence, the extra day of downtime.

It has been hinted at that these 3 day science fairs might be coming to and end.......
No promises there.


Great news msattler! Thanks!

". . . might be coming to an end. . . No promises there." If I have to update, reboot, and upgrade my PCs, plus open the cases just to dust and clean them out, I imagine the same things are going to be done with those.

Plus keep in mind all of the "Murphy's Laws" and others , which also would apply, so I wouldn't promise anything either. :-)

Wishing you continued science "fun" and at least, always valid results,
Laters,
Rick "WHOSIT" W.
Participating in: Einstein/MilkyWay/Rosetta/SETI
ID: 1058792 · Report as offensive
kittyman Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Jul 00
Posts: 51468
Credit: 1,018,363,574
RAC: 1,004
United States
Message 1058794 - Posted: 22 Dec 2010, 18:57:00 UTC - in response to Message 1058792.  

The main goal today, should it go off successfully........
Is to change the stripes on Oscar's drives to make them more efficient.

This involves moving a LOT of data back and forth between Oscar and his sister, Carolyn.

Hence, the extra day of downtime.

It has been hinted at that these 3 day science fairs might be coming to and end.......
No promises there.


Great news msattler! Thanks!

". . . might be coming to an end. . . No promises there." If I have to update, reboot, and upgrade my PCs, plus open the cases just to dust and clean them out, I imagine the same things are going to be done with those.

Plus keep in mind all of the "Murphy's Laws" and others , which also would apply, so I wouldn't promise anything either. :-)

Dustle and bustle.......
Keep the kitties cool.

Fine lad, you are.



"Freedom is just Chaos, with better lighting." Alan Dean Foster

ID: 1058794 · Report as offensive
Profile WHOSIT
Avatar

Send message
Joined: 12 Nov 10
Posts: 29
Credit: 162,958
RAC: 0
United States
Message 1058796 - Posted: 22 Dec 2010, 18:57:44 UTC - in response to Message 1058780.  
Last modified: 22 Dec 2010, 19:06:28 UTC

A leopard never changes its stripes ;)...


Apparently an Oscar type critter does and needs human intervention to do so as well! WOW! COOL! :-)
Wishing you continued science "fun" and at least, always valid results,
Laters,
Rick "WHOSIT" W.
Participating in: Einstein/MilkyWay/Rosetta/SETI
ID: 1058796 · Report as offensive
Profile WHOSIT
Avatar

Send message
Joined: 12 Nov 10
Posts: 29
Credit: 162,958
RAC: 0
United States
Message 1058810 - Posted: 22 Dec 2010, 19:14:30 UTC - in response to Message 1058794.  

Greetings all,

msattler,

Oh yes. Once a month sans fail.

One simply must clean the kitties inside & out or they get over heated and there's nothing worse than owning / dealing with an over heated, grouchy kitty. They bite and scratch you! :-)
Wishing you continued science "fun" and at least, always valid results,
Laters,
Rick "WHOSIT" W.
Participating in: Einstein/MilkyWay/Rosetta/SETI
ID: 1058810 · Report as offensive
Profile D.A. Pinniger
Avatar

Send message
Joined: 16 May 02
Posts: 49
Credit: 10,515,335
RAC: 0
United States
Message 1058907 - Posted: 22 Dec 2010, 23:33:45 UTC

Plan ahead. You can always download extra days of work for times like these.
But I'm close to being out now to. except for about 5 days of cuda23 work.
ID: 1058907 · Report as offensive
Richard Haselgrove Project Donor
Volunteer tester

Send message
Joined: 4 Jul 99
Posts: 14649
Credit: 200,643,578
RAC: 874
United Kingdom
Message 1058944 - Posted: 23 Dec 2010, 1:10:25 UTC - in response to Message 1058174.  

Hi @all,

i got a Virus (Trojan) in my last workunit. Trend Micro shows me: TROJ_GEN.FA2CZLJ in ..\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe

hey guys, whats going up? Please check your systems. I stop further download.

fred

Since neither Fred, not the other poster on the BOINC message board, has posted any follow-up data, I thought I'd better check this report out.

I pasted the download url "http://boinc2.ssl.berkeley.edu/sah/download_fanout/setiathome_6.03_windows_intelx86.exe" into http://www.virustotal.com/ - so the file was downloaded directly from Berkeley to virustotal, without contamination or modification by my machine.

This is the report:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. 
File name: setiathome_6.03_windows_intelx86.exe
Submission date: 2010-12-23 00:52:44 (UTC)
Current status: queued queued analysing finished


Result: 3/ 43 (7.0%)
 VT Community

not reviewed
 Safety score: -  
Compact Print results Antivirus Version Last Update Result 
AhnLab-V3 2010.12.23.01 2010.12.22 - 
AntiVir 7.11.0.144 2010.12.22 - 
Antiy-AVL 2.0.3.7 2010.12.22 Worm/Win32.Mabezat.gen 
Avast 4.8.1351.0 2010.12.22 - 
Avast5 5.0.677.0 2010.12.22 - 
AVG 9.0.0.851 2010.12.23 - 
BitDefender 7.2 2010.12.23 - 
CAT-QuickHeal 11.00 2010.12.22 - 
ClamAV 0.96.4.0 2010.12.23 - 
Command 5.2.11.5 2010.12.22 - 
Comodo 7155 2010.12.22 - 
DrWeb 5.0.2.03300 2010.12.23 - 
Emsisoft 5.1.0.1 2010.12.22 - 
eSafe 7.0.17.0 2010.12.22 - 
eTrust-Vet 36.1.8055 2010.12.22 - 
F-Prot 4.6.2.117 2010.12.22 - 
F-Secure 9.0.16160.0 2010.12.23 - 
Fortinet 4.2.254.0 2010.12.21 - 
GData 21 2010.12.23 - 
Ikarus T3.1.1.90.0 2010.12.22 - 
Jiangmin 13.0.900 2010.12.22 - 
K7AntiVirus 9.74.3319 2010.12.22 - 
Kaspersky 7.0.0.125 2010.12.23 - 
McAfee 5.400.0.1158 2010.12.23 - 
McAfee-GW-Edition 2010.1C 2010.12.22 - 
Microsoft 1.6402 2010.12.22 - 
NOD32 5726 2010.12.22 - 
Norman 6.06.12 2010.12.22 - 
nProtect 2010-12-22.01 2010.12.22 - 
Panda 10.0.2.7 2010.12.22 - 
PCTools 7.0.3.5 2010.12.23 - 
Prevx 3.0 2010.12.23 - 
Rising 22.79.01.04 2010.12.22 - 
Sophos 4.60.0 2010.12.23 - 
SUPERAntiSpyware 4.40.0.1006 2010.12.23 - 
Symantec 20101.3.0.103 2010.12.23 - 
TheHacker 6.7.0.1.104 2010.12.21 - 
TrendMicro 9.120.0.1004 2010.12.22 TROJ_GEN.FA2CZLJ 
TrendMicro-HouseCall 9.120.0.1004 2010.12.23 TROJ_GEN.FA2CZLJ 
VBA32 3.12.14.2 2010.12.21 - 
VIPRE 7765 2010.12.23 - 
ViRobot 2010.12.22.4214 2010.12.22 - 
VirusBuster 13.6.108.0 2010.12.22 - 
Additional informationShow all  
MD5   : d53249aadb1d72cc19db36359e63425a 
SHA1  : 2e784ab66e039c8bfead07705d821b7a6801f371 
SHA256: 3fb12cb159de5235045dbbf3800ffaf7fd6e8d36b10574c2e3807822000d6168 

(PDF version of report available - PM me with email address)

With 40 'clean' reports out of 43, and two of the positives coming from the same company, I would judge this program to be safe to run. But each user must make their own decision.
ID: 1058944 · Report as offensive
tbret
Volunteer tester
Avatar

Send message
Joined: 28 May 99
Posts: 3380
Credit: 296,162,071
RAC: 40
United States
Message 1059200 - Posted: 23 Dec 2010, 22:12:09 UTC - in response to Message 1058944.  

TrendMicro 3.0.1303 is still identifying the "trojan". Adding setiathome_6.03_windows_intelx86.exe and two entire subdirectories to the exceptions lists seems to have done nothing.

I'm perfectly willing to believe that TrendMicro is the culprit.

I'm not so sure that since TrendMicro is the follow-on name of PC-Cillin, which was a very highly regarded anti-virus program a few years back, that only three or four of us are having this trouble.

I'm thinking there are thousands of WUs that will never be completed and new WUs are being downloaded that are also never going to run. This could just as easily be one of my "set and forget" computers as one I check, and I might be weeks discovering the problem if it were.

Who knows how many WUs I'd "waste" that way?

I think it is odd, don't you, that TrendMicro is identifying a specific trojan.

I suspect someone "official" needs to bring this to TrendMicro's attention.

Bret
ID: 1059200 · Report as offensive
Profile Sutaru Tsureku
Volunteer tester

Send message
Joined: 6 Apr 07
Posts: 7105
Credit: 147,663,825
RAC: 5
Germany
Message 1059203 - Posted: 23 Dec 2010, 22:27:12 UTC - in response to Message 1058944.  

(...)
http://www.virustotal.com
(...)


Warning: VirusTotal is currently experiencing high workload. The scanning process of your file can take over 15 minutes. We suggest you use the email interface in these situations. Follow the instructions on the "Advanced" page to do so. If you wish you can still submit your sample via this interface.


Is this because of the SETI@home member? ;-)

ID: 1059203 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1059206 - Posted: 23 Dec 2010, 22:36:10 UTC - in response to Message 1059200.  

I think it is odd, don't you, that TrendMicro is identifying a specific trojan.

Not so much. It'll always specify the closest Trojan to the behaviour (of how the Seti application will check through the task file for promising signals) it finds. And then it's how Trend Micro named this Trojan, it usually is named differently by the other AV makers. Thanks for standardizing that.
ID: 1059206 · Report as offensive
Richard Haselgrove Project Donor
Volunteer tester

Send message
Joined: 4 Jul 99
Posts: 14649
Credit: 200,643,578
RAC: 874
United Kingdom
Message 1059218 - Posted: 23 Dec 2010, 23:33:43 UTC - in response to Message 1059200.  

I think it is odd, don't you, that TrendMicro is identifying a specific trojan.

Bur "Antiy-AVL" (anyone here heard of them? I haven't heard of it in the UK) is calling it "Worm/Win32.Mabezat.gen"

I suspect someone "official" needs to bring this to TrendMicro's attention.

That was why I posted my report in the News area. Being a low-traffic message board, there's a chance it will stand out better and be noticed.
ID: 1059218 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1059221 - Posted: 23 Dec 2010, 23:51:51 UTC - in response to Message 1059218.  

I think it is odd, don't you, that TrendMicro is identifying a specific trojan.

Bur "Antiy-AVL" (anyone here heard of them? I haven't heard of it in the UK) is calling it "Worm/Win32.Mabezat.gen"

I suspect someone "official" needs to bring this to TrendMicro's attention.

That was why I posted my report in the News area. Being a low-traffic message board, there's a chance it will stand out better and be noticed.

Brought to Trend Micro's attention? Not here. You are Trend Micro's customer, you report the false positive to them. IIRC they false positive a lot on SETI work units. Not unexpected either. The work unit is random numbers and eventually a short bunch of them in order will be the same as a small bunch of code in a virus.

Oh and knowing this I or any other person knows how to get around their protection. All I need do is randomly insert a NOP instruction and their pattern detector will fail.

ID: 1059221 · Report as offensive
Richard Haselgrove Project Donor
Volunteer tester

Send message
Joined: 4 Jul 99
Posts: 14649
Credit: 200,643,578
RAC: 874
United Kingdom
Message 1059227 - Posted: 24 Dec 2010, 0:10:17 UTC - in response to Message 1059221.  

Brought to Trend Micro's attention? Not here. You are Trend Micro's customer, you report the false positive to them. IIRC they false positive a lot on SETI work units. Not unexpected either. The work unit is random numbers and eventually a short bunch of them in order will be the same as a small bunch of code in a virus.

Oh and knowing this I or any other person knows how to get around their protection. All I need do is randomly insert a NOP instruction and their pattern detector will fail.

Program or data?

The false positive was found in the program, which is unchanging and certainly not random. But a NOP as a workround should work - except that it will cause MD5 checksum errors.

A NOP in data, on the other hand, is a significant value - unless ignored by the "x-setiathome" encoding of the WU data file? I doubt it will help to ensure that a valid result is returned.
ID: 1059227 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1059282 - Posted: 24 Dec 2010, 2:30:59 UTC - in response to Message 1059227.  

Brought to Trend Micro's attention? Not here. You are Trend Micro's customer, you report the false positive to them. IIRC they false positive a lot on SETI work units. Not unexpected either. The work unit is random numbers and eventually a short bunch of them in order will be the same as a small bunch of code in a virus.

Oh and knowing this I or any other person knows how to get around their protection. All I need do is randomly insert a NOP instruction and their pattern detector will fail.

Program or data?

The false positive was found in the program, which is unchanging and certainly not random. But a NOP as a workround should work - except that it will cause MD5 checksum errors.

A NOP in data, on the other hand, is a significant value - unless ignored by the "x-setiathome" encoding of the WU data file? I doubt it will help to ensure that a valid result is returned.

Ah, what stuck in my mind was he said he got it in a work unit. Went back and now see he posted the program's file name.

I do recall this being hashed about a couple of other times. IIRC someone finally posted that Trend Micro refused to accept SETI's certificate as valid.

Re NOP's Wasn't commenting on SETI's code or work units, but a real out in the wild virus. All that needs be done to replicate is scatter NOP's into the code at random, so the code remains valid. When it is time to replicate, pull them out and at random put a different batch in. Every copy of the virus is different but the same. Virus scanner working on exact match will not get one. Virus Runs! Damage Done! Of course the shorter the chunk to be match the more likely to get false positives. So at some point the virus wins this war.

ID: 1059282 · Report as offensive
tbret
Volunteer tester
Avatar

Send message
Joined: 28 May 99
Posts: 3380
Credit: 296,162,071
RAC: 40
United States
Message 1059312 - Posted: 24 Dec 2010, 4:39:25 UTC - in response to Message 1059221.  

You are Trend Micro's customer, you report the false positive to them.


Be more than happy to there, partner.

But since I didn't write the code and have only downloaded it from somewhere that is responsible for it...

And since I am just, exactly as you say, "a customer" of which they have hundreds of thousands I'm sure...

I was thinking that an official objection to having "my" clean code categorized as a "trojan" might be something someone in an official capacity might want to bring to the attention of someone over there who could act in an official capacity to stop it.

Now... if I were TrendMicro and one of my customers came to me and said, "Hey, this file you've identified as a trojan is clean," I'd say, "How do you know it is clean?"

How should I answer them? "Because the odds and a couple of people on a message board say so?"

But I'll be happy to tell them.

Bret
ID: 1059312 · Report as offensive
tbret
Volunteer tester
Avatar

Send message
Joined: 28 May 99
Posts: 3380
Credit: 296,162,071
RAC: 40
United States
Message 1059315 - Posted: 24 Dec 2010, 4:56:27 UTC - in response to Message 1059312.  

Surprise, surprise, surprise...

Apparently you have to be a "software publisher" to ask them to review a program.

Who would have thunk that?


ID: 1059315 · Report as offensive
Henk

Send message
Joined: 17 Aug 08
Posts: 2
Credit: 14,560,156
RAC: 25
Netherlands
Message 1059809 - Posted: 26 Dec 2010, 12:41:31 UTC - in response to Message 1059315.  

Waitin for work units is hopeless.
I quit this futile project .
Its been 8 years or so,but I am fed up with the wasted time.

Good luck to all of you.


ID: 1059809 · Report as offensive
Previous · 1 · 2 · 3 · Next

Message boards : News : Workunit Shortage


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.