Message boards :
News :
Workunit Shortage
Message board moderation
Previous · 1 · 2 · 3 · Next
Author | Message |
---|---|
WHOSIT Send message Joined: 12 Nov 10 Posts: 29 Credit: 162,958 RAC: 0 |
Hi @all, I would think, that IF such a dasterdly occurance of infection should happen, someone indeed WOULD BE "FIRST" out of the multitudes of users to get it. :-) To be serious, I agree, that this is only a case of a "false positive" finding of the user's installed anti-malware program. It's a very common problem, which scares the bejesus out of many PC owners when it happens, myself included. Wishing you continued science "fun" and at least, always valid results, Laters, Rick "WHOSIT" W. Participating in: Einstein/MilkyWay/Rosetta/SETI |
WHOSIT Send message Joined: 12 Nov 10 Posts: 29 Credit: 162,958 RAC: 0 |
I haven't seen any downloads in the past few days. Also completed tasks are not uploading. Any ideas? They really should feed and water their mice more often. Perhaps they would then continue to run on the tread mill more. :-) One thing which occurred here was, that I began crunching "AstroPulse" WUs for the very first time, during this controlled "outage". I was quite pleased, but this to has stopped as well. "BUMMER", but I think the outcome of the outage will improve future services, so in the long run, it's a good thing. Wishing you continued science "fun" and at least, always valid results, Laters, Rick "WHOSIT" W. Participating in: Einstein/MilkyWay/Rosetta/SETI |
kittyman Send message Joined: 9 Jul 00 Posts: 51478 Credit: 1,018,363,574 RAC: 1,004 |
The main goal today, should it go off successfully........ Is to change the stripes on Oscar's drives to make them more efficient. This involves moving a LOT of data back and forth between Oscar and his sister, Carolyn. Hence, the extra day of downtime. It has been hinted at that these 3 day science fairs might be coming to and end....... No promises there. "Time is simply the mechanism that keeps everything from happening all at once." |
Dave Send message Joined: 29 Mar 02 Posts: 778 Credit: 25,001,396 RAC: 0 |
A leopard never changes its stripes ;)... |
WHOSIT Send message Joined: 12 Nov 10 Posts: 29 Credit: 162,958 RAC: 0 |
The main goal today, should it go off successfully........ Great news msattler! Thanks! ". . . might be coming to an end. . . No promises there." If I have to update, reboot, and upgrade my PCs, plus open the cases just to dust and clean them out, I imagine the same things are going to be done with those. Plus keep in mind all of the "Murphy's Laws" and others , which also would apply, so I wouldn't promise anything either. :-) Wishing you continued science "fun" and at least, always valid results, Laters, Rick "WHOSIT" W. Participating in: Einstein/MilkyWay/Rosetta/SETI |
kittyman Send message Joined: 9 Jul 00 Posts: 51478 Credit: 1,018,363,574 RAC: 1,004 |
The main goal today, should it go off successfully........ Dustle and bustle....... Keep the kitties cool. Fine lad, you are. "Time is simply the mechanism that keeps everything from happening all at once." |
WHOSIT Send message Joined: 12 Nov 10 Posts: 29 Credit: 162,958 RAC: 0 |
A leopard never changes its stripes ;)... Apparently an Oscar type critter does and needs human intervention to do so as well! WOW! COOL! :-) Wishing you continued science "fun" and at least, always valid results, Laters, Rick "WHOSIT" W. Participating in: Einstein/MilkyWay/Rosetta/SETI |
WHOSIT Send message Joined: 12 Nov 10 Posts: 29 Credit: 162,958 RAC: 0 |
Greetings all, msattler, Oh yes. Once a month sans fail. One simply must clean the kitties inside & out or they get over heated and there's nothing worse than owning / dealing with an over heated, grouchy kitty. They bite and scratch you! :-) Wishing you continued science "fun" and at least, always valid results, Laters, Rick "WHOSIT" W. Participating in: Einstein/MilkyWay/Rosetta/SETI |
D.A. Pinniger Send message Joined: 16 May 02 Posts: 49 Credit: 10,515,335 RAC: 0 |
Plan ahead. You can always download extra days of work for times like these. But I'm close to being out now to. except for about 5 days of cuda23 work. |
Richard Haselgrove Send message Joined: 4 Jul 99 Posts: 14679 Credit: 200,643,578 RAC: 874 |
Hi @all, Since neither Fred, not the other poster on the BOINC message board, has posted any follow-up data, I thought I'd better check this report out. I pasted the download url "http://boinc2.ssl.berkeley.edu/sah/download_fanout/setiathome_6.03_windows_intelx86.exe" into http://www.virustotal.com/ - so the file was downloaded directly from Berkeley to virustotal, without contamination or modification by my machine. This is the report: 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: setiathome_6.03_windows_intelx86.exe Submission date: 2010-12-23 00:52:44 (UTC) Current status: queued queued analysing finished Result: 3/ 43 (7.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.23.01 2010.12.22 - AntiVir 7.11.0.144 2010.12.22 - Antiy-AVL 2.0.3.7 2010.12.22 Worm/Win32.Mabezat.gen Avast 4.8.1351.0 2010.12.22 - Avast5 5.0.677.0 2010.12.22 - AVG 9.0.0.851 2010.12.23 - BitDefender 7.2 2010.12.23 - CAT-QuickHeal 11.00 2010.12.22 - ClamAV 0.96.4.0 2010.12.23 - Command 5.2.11.5 2010.12.22 - Comodo 7155 2010.12.22 - DrWeb 5.0.2.03300 2010.12.23 - Emsisoft 5.1.0.1 2010.12.22 - eSafe 7.0.17.0 2010.12.22 - eTrust-Vet 36.1.8055 2010.12.22 - F-Prot 4.6.2.117 2010.12.22 - F-Secure 9.0.16160.0 2010.12.23 - Fortinet 4.2.254.0 2010.12.21 - GData 21 2010.12.23 - Ikarus T3.1.1.90.0 2010.12.22 - Jiangmin 13.0.900 2010.12.22 - K7AntiVirus 9.74.3319 2010.12.22 - Kaspersky 7.0.0.125 2010.12.23 - McAfee 5.400.0.1158 2010.12.23 - McAfee-GW-Edition 2010.1C 2010.12.22 - Microsoft 1.6402 2010.12.22 - NOD32 5726 2010.12.22 - Norman 6.06.12 2010.12.22 - nProtect 2010-12-22.01 2010.12.22 - Panda 10.0.2.7 2010.12.22 - PCTools 7.0.3.5 2010.12.23 - Prevx 3.0 2010.12.23 - Rising 22.79.01.04 2010.12.22 - Sophos 4.60.0 2010.12.23 - SUPERAntiSpyware 4.40.0.1006 2010.12.23 - Symantec 20101.3.0.103 2010.12.23 - TheHacker 6.7.0.1.104 2010.12.21 - TrendMicro 9.120.0.1004 2010.12.22 TROJ_GEN.FA2CZLJ TrendMicro-HouseCall 9.120.0.1004 2010.12.23 TROJ_GEN.FA2CZLJ VBA32 3.12.14.2 2010.12.21 - VIPRE 7765 2010.12.23 - ViRobot 2010.12.22.4214 2010.12.22 - VirusBuster 13.6.108.0 2010.12.22 - Additional informationShow all MD5 : d53249aadb1d72cc19db36359e63425a SHA1 : 2e784ab66e039c8bfead07705d821b7a6801f371 SHA256: 3fb12cb159de5235045dbbf3800ffaf7fd6e8d36b10574c2e3807822000d6168 (PDF version of report available - PM me with email address) With 40 'clean' reports out of 43, and two of the positives coming from the same company, I would judge this program to be safe to run. But each user must make their own decision. |
tbret Send message Joined: 28 May 99 Posts: 3380 Credit: 296,162,071 RAC: 40 |
TrendMicro 3.0.1303 is still identifying the "trojan". Adding setiathome_6.03_windows_intelx86.exe and two entire subdirectories to the exceptions lists seems to have done nothing. I'm perfectly willing to believe that TrendMicro is the culprit. I'm not so sure that since TrendMicro is the follow-on name of PC-Cillin, which was a very highly regarded anti-virus program a few years back, that only three or four of us are having this trouble. I'm thinking there are thousands of WUs that will never be completed and new WUs are being downloaded that are also never going to run. This could just as easily be one of my "set and forget" computers as one I check, and I might be weeks discovering the problem if it were. Who knows how many WUs I'd "waste" that way? I think it is odd, don't you, that TrendMicro is identifying a specific trojan. I suspect someone "official" needs to bring this to TrendMicro's attention. Bret |
Dirk Sadowski Send message Joined: 6 Apr 07 Posts: 7105 Credit: 147,663,825 RAC: 5 |
(...) Warning: VirusTotal is currently experiencing high workload. The scanning process of your file can take over 15 minutes. We suggest you use the email interface in these situations. Follow the instructions on the "Advanced" page to do so. If you wish you can still submit your sample via this interface. Is this because of the SETI@home member? ;-) |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
I think it is odd, don't you, that TrendMicro is identifying a specific trojan. Not so much. It'll always specify the closest Trojan to the behaviour (of how the Seti application will check through the task file for promising signals) it finds. And then it's how Trend Micro named this Trojan, it usually is named differently by the other AV makers. Thanks for standardizing that. |
Richard Haselgrove Send message Joined: 4 Jul 99 Posts: 14679 Credit: 200,643,578 RAC: 874 |
I think it is odd, don't you, that TrendMicro is identifying a specific trojan. Bur "Antiy-AVL" (anyone here heard of them? I haven't heard of it in the UK) is calling it "Worm/Win32.Mabezat.gen" I suspect someone "official" needs to bring this to TrendMicro's attention. That was why I posted my report in the News area. Being a low-traffic message board, there's a chance it will stand out better and be noticed. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 31012 Credit: 53,134,872 RAC: 32 |
I think it is odd, don't you, that TrendMicro is identifying a specific trojan. Brought to Trend Micro's attention? Not here. You are Trend Micro's customer, you report the false positive to them. IIRC they false positive a lot on SETI work units. Not unexpected either. The work unit is random numbers and eventually a short bunch of them in order will be the same as a small bunch of code in a virus. Oh and knowing this I or any other person knows how to get around their protection. All I need do is randomly insert a NOP instruction and their pattern detector will fail. |
Richard Haselgrove Send message Joined: 4 Jul 99 Posts: 14679 Credit: 200,643,578 RAC: 874 |
Brought to Trend Micro's attention? Not here. You are Trend Micro's customer, you report the false positive to them. IIRC they false positive a lot on SETI work units. Not unexpected either. The work unit is random numbers and eventually a short bunch of them in order will be the same as a small bunch of code in a virus. Program or data? The false positive was found in the program, which is unchanging and certainly not random. But a NOP as a workround should work - except that it will cause MD5 checksum errors. A NOP in data, on the other hand, is a significant value - unless ignored by the "x-setiathome" encoding of the WU data file? I doubt it will help to ensure that a valid result is returned. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 31012 Credit: 53,134,872 RAC: 32 |
Brought to Trend Micro's attention? Not here. You are Trend Micro's customer, you report the false positive to them. IIRC they false positive a lot on SETI work units. Not unexpected either. The work unit is random numbers and eventually a short bunch of them in order will be the same as a small bunch of code in a virus. Ah, what stuck in my mind was he said he got it in a work unit. Went back and now see he posted the program's file name. I do recall this being hashed about a couple of other times. IIRC someone finally posted that Trend Micro refused to accept SETI's certificate as valid. Re NOP's Wasn't commenting on SETI's code or work units, but a real out in the wild virus. All that needs be done to replicate is scatter NOP's into the code at random, so the code remains valid. When it is time to replicate, pull them out and at random put a different batch in. Every copy of the virus is different but the same. Virus scanner working on exact match will not get one. Virus Runs! Damage Done! Of course the shorter the chunk to be match the more likely to get false positives. So at some point the virus wins this war. |
tbret Send message Joined: 28 May 99 Posts: 3380 Credit: 296,162,071 RAC: 40 |
You are Trend Micro's customer, you report the false positive to them. Be more than happy to there, partner. But since I didn't write the code and have only downloaded it from somewhere that is responsible for it... And since I am just, exactly as you say, "a customer" of which they have hundreds of thousands I'm sure... I was thinking that an official objection to having "my" clean code categorized as a "trojan" might be something someone in an official capacity might want to bring to the attention of someone over there who could act in an official capacity to stop it. Now... if I were TrendMicro and one of my customers came to me and said, "Hey, this file you've identified as a trojan is clean," I'd say, "How do you know it is clean?" How should I answer them? "Because the odds and a couple of people on a message board say so?" But I'll be happy to tell them. Bret |
tbret Send message Joined: 28 May 99 Posts: 3380 Credit: 296,162,071 RAC: 40 |
Surprise, surprise, surprise... Apparently you have to be a "software publisher" to ask them to review a program. Who would have thunk that? |
Henk Send message Joined: 17 Aug 08 Posts: 2 Credit: 14,560,156 RAC: 25 |
Waitin for work units is hopeless. I quit this futile project . Its been 8 years or so,but I am fed up with the wasted time. Good luck to all of you. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.