AVG 2013 virus scanner false positive on SETI@home 7 for Windows

Message boards : News : AVG 2013 virus scanner false positive on SETI@home 7 for Windows
Message board moderation

To post messages, you must log in.

Previous · 1 · 2 · 3 · 4 · 5 · 6 · Next

AuthorMessage
S@NL - JBG

Send message
Joined: 26 Jan 00
Posts: 11
Credit: 14,694,950
RAC: 0
Netherlands
Message 1374355 - Posted: 31 May 2013, 15:33:22 UTC - in response to Message 1373693.  

Both downloaded, and both NO AVG message during downloading

Also NO message during a scan

Using... AVG version 2012.0.2242 with db version 3184/5871

If you're willing, could you please download http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe
and scan it with your virus scanner to see if it reports a problem with the uncompressed file?

And if that checks out, try to scan a recompressed version, just to be sure. http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_repacked.exe


ID: 1374355 · Report as offensive
Profile VDS_TYPE_12

Send message
Joined: 27 May 01
Posts: 1
Credit: 137,283
RAC: 0
United States
Message 1374389 - Posted: 31 May 2013, 16:23:48 UTC - in response to Message 1373693.  

FYI,
Comodo Internet Security Premiuim's Comodo Antivirus doesn't report anything on the two packed and unpacked versions.

Comodo Internet Security Premiuim Version 5.12.256249.2599
Virus Signature DB Version 16350
ID: 1374389 · Report as offensive
Juice

Send message
Joined: 19 Oct 11
Posts: 1
Credit: 755,454
RAC: 0
United States
Message 1374410 - Posted: 31 May 2013, 16:55:37 UTC

"doesn't not"
ID: 1374410 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1374417 - Posted: 31 May 2013, 17:01:16 UTC

The circumstances under which the alert is triggered are becoming more clear. It seems to only happen with the "resident shield" component, and only with specific versions of AVG 2012 and AVG 2013, possibly only the paid version.

If anyone has contrary info please let me know.
@SETIEric@qoto.org (Mastodon)

ID: 1374417 · Report as offensive
Babaganoosh

Send message
Joined: 11 Jan 13
Posts: 1
Credit: 326,923
RAC: 0
Canada
Message 1374422 - Posted: 31 May 2013, 17:06:33 UTC - in response to Message 1373693.  

Scanned both versions with Avast and Malwarebytes, no problem with either of them.
ID: 1374422 · Report as offensive
rob smith Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer moderator
Volunteer tester

Send message
Joined: 7 Mar 03
Posts: 22233
Credit: 416,307,556
RAC: 380
United Kingdom
Message 1374435 - Posted: 31 May 2013, 17:22:10 UTC

I had a couple of reports that I was attempting to execute a suspect program with the free version 2013.0.334, with virus db 3184/6370(30May 2013).
I chose to ignore the warnings, and the affected programs were added to the exclusions list automagically.
Bob Smith
Member of Seti PIPPS (Pluto is a Planet Protest Society)
Somewhere in the (un)known Universe?
ID: 1374435 · Report as offensive
Frank Hudson

Send message
Joined: 20 May 99
Posts: 2
Credit: 5,287,950
RAC: 10
United States
Message 1374577 - Posted: 31 May 2013, 23:34:56 UTC - in response to Message 1374355.  

I tried to download the package last evening. McAfee Internet Security blocked it saying it had a virus.
ID: 1374577 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1374594 - Posted: 1 Jun 2013, 1:14:49 UTC - in response to Message 1374588.  

I haven't seen any problems. It's probably because your app_info.xml for your anonymous platform use doesn't contain any applications for setiathome v7.
@SETIEric@qoto.org (Mastodon)

ID: 1374594 · Report as offensive
SockGap

Send message
Joined: 16 Apr 07
Posts: 14
Credit: 7,700,416
RAC: 0
Australia
Message 1374597 - Posted: 1 Jun 2013, 1:18:45 UTC - in response to Message 1374588.  

Hello Eric,

In a mean while I have no work the whole evening
and there is nothing coming this way.
Is there also a problem with sending new task?


Hi Blue Angel

If you're running the optimised apps then, as per Jason_Gee's post here, you'll need to do the following:
- Set No New tasks
- Wait until tasks all complete, upload & report
- delete app_info.xml from the project directory
- reset the project
- Allow New tasks

Although from what I've ready around the place there's been varying degrees of success with the above steps.

Or wait until whenever the new installers for the optimised apps are released.

Cheers
Jeff

ID: 1374597 · Report as offensive
Anibal

Send message
Joined: 29 Dec 11
Posts: 1
Credit: 47,061
RAC: 0
Nicaragua
Message 1374747 - Posted: 1 Jun 2013, 13:14:21 UTC - in response to Message 1373641.  

gracias por la informacion, es util.
ID: 1374747 · Report as offensive
Claggy
Volunteer tester

Send message
Joined: 5 Jul 99
Posts: 4654
Credit: 47,537,079
RAC: 4
United Kingdom
Message 1374750 - Posted: 1 Jun 2013, 13:27:21 UTC - in response to Message 1374748.  
Last modified: 1 Jun 2013, 13:33:51 UTC

Pierre(XP_Freak) my husband did all that, still no work
and I do the same minutes ago, put it on no task and then
ask for task again, but nothing apear over here on my computer.
Is there something more that I overlook'd maybe??

Make sure you enabled 'SETI@home v7: yes' in your project preferences, you have received Stock work, but only v6 work:

All tasks for computer 5936358

Note on the right where it says SETI@home Enhanced v6.03

Claggy
ID: 1374750 · Report as offensive
Claggy
Volunteer tester

Send message
Joined: 5 Jul 99
Posts: 4654
Credit: 47,537,079
RAC: 4
United Kingdom
Message 1374878 - Posted: 1 Jun 2013, 17:25:38 UTC - in response to Message 1374872.  
Last modified: 1 Jun 2013, 17:53:13 UTC

Pierre(XP_Freak) my husband did all that, still no work
and I do the same minutes ago, put it on no task and then
ask for task again, but nothing apear over here on my computer.
Is there something more that I overlook'd maybe??

Make sure you enabled 'SETI@home v7: yes' in your project preferences, you have received Stock work, but only v6 work:

All tasks for computer 5936358

Note on the right where it says SETI@home Enhanced v6.03

Claggy


I have the Newest v7 and my the work was all done
then XP_Freak started with the v7 and reset everything
by the way I've got 2 task's and then it stopped.


You're talking about BOINC v7, We're talking about the application Setiathome v7, NOT the same thing.

I've you don't enable Setiathome v7 in your project preferences you won't get Setiathome v7 work.

I supplied you with the link to get to the Setiathome preferences in my earlier post.

Run only the selected applications  SETI@home Enhanced: yes
                                    Astropulse v505: no
                                    SETI@home v7: yes
                                    AstroPulse v6: yes 


Claggy
ID: 1374878 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1374993 - Posted: 1 Jun 2013, 22:19:33 UTC - in response to Message 1374180.  

The only 'red' is from ClamAV - PUA.Win32.Packer.UpxProtector


PUA stands for "Potentially Unwanted Application", which means that ClamAV has decided the only use for compressed executables is for "bad things". ClamAV could decompress them and scan the decompressed executable for viruses like nearly every other virus scanner does. I will suggest that to them.
@SETIEric@qoto.org (Mastodon)

ID: 1374993 · Report as offensive
Richard Haselgrove Project Donor
Volunteer tester

Send message
Joined: 4 Jul 99
Posts: 14654
Credit: 200,643,578
RAC: 874
United Kingdom
Message 1375023 - Posted: 1 Jun 2013, 23:06:17 UTC - in response to Message 1374993.  

The only 'red' is from ClamAV - PUA.Win32.Packer.UpxProtector

PUA stands for "Potentially Unwanted Application", which means that ClamAV has decided the only use for compressed executables is for "bad things". ClamAV could decompress them and scan the decompressed executable for viruses like nearly every other virus scanner does. I will suggest that to them.

I was using executable compression 20+ years ago so my entire program suite would fit on a single 5.25" standard-density floppy disk.
ID: 1375023 · Report as offensive
Eric Korpela Project Donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar

Send message
Joined: 3 Apr 99
Posts: 1382
Credit: 54,506,847
RAC: 60
United States
Message 1375036 - Posted: 1 Jun 2013, 23:18:10 UTC - in response to Message 1375023.  

Apparently ClamAV doesn't allow submission of a false detection report for PUAs because ClamAV doesn't consider PUA detections to be virus detections.


@SETIEric@qoto.org (Mastodon)

ID: 1375036 · Report as offensive
Profile David Shanholtzer

Send message
Joined: 23 Nov 03
Posts: 2
Credit: 4,400,520
RAC: 1
Message 1375099 - Posted: 2 Jun 2013, 3:00:54 UTC - in response to Message 1373693.  

FWI Just scanned the first one. AVG v. 2012.0.2242, database v.3184/5875 (June 1, 2013) reported no virus detected.
ID: 1375099 · Report as offensive
Profile BilBg
Volunteer tester
Avatar

Send message
Joined: 27 May 07
Posts: 3720
Credit: 9,385,827
RAC: 0
Bulgaria
Message 1375111 - Posted: 2 Jun 2013, 4:46:21 UTC - in response to Message 1375023.  

The only 'red' is from ClamAV - PUA.Win32.Packer.UpxProtector

PUA stands for "Potentially Unwanted Application", which means that ClamAV has decided the only use for compressed executables is for "bad things". ClamAV could decompress them and scan the decompressed executable for viruses like nearly every other virus scanner does. I will suggest that to them.

I was using executable compression 20+ years ago so my entire program suite would fit on a single 5.25" standard-density floppy disk.

Me too. I used PKLite and LZEXE

Packers & Unpackers:
http://www.woodmann.com/crackz/Packers.htm

http://bellard.org/lzexe.html


P.S.
PUA stands for "Potentially Unwanted Application"

For those that don't know - sometimes it is called PUP (depends on the terminology of the antivirus)
PUP (Potentially Unwanted Program)
http://en.wikipedia.org/wiki/Potentially_Unwanted_Program#Grayware


Personal opinion:
I think that some antivirus vendors intentionally report anything that looks slightly suspicious
(e.g. Packers; or BOINC downloading .exe and .dll files in the background and starting/using them)
so unexperienced users are convinced "Oh, yes, MY antivirus is working, I spend my money for a good" ;)


 


- ALF - "Find out what you don't do well ..... then don't do it!" :)
 
ID: 1375111 · Report as offensive
Jasper
Avatar

Send message
Joined: 29 Nov 11
Posts: 8
Credit: 1,026,591
RAC: 0
Switzerland
Message 1375162 - Posted: 2 Jun 2013, 7:15:56 UTC - in response to Message 1374993.  

The only 'red' is from ClamAV - PUA.Win32.Packer.UpxProtector


PUA stands for "Potentially Unwanted Application", which means that ClamAV has decided the only use for compressed executables is for "bad things". ClamAV could decompress them and scan the decompressed executable for viruses like nearly every other virus scanner does. I will suggest that to them.


Indeed. I ran ClamAV (0.97.8) after the download, nothing to report as almost usual.
ID: 1375162 · Report as offensive
Profile Larry Sugden

Send message
Joined: 19 May 11
Posts: 2
Credit: 1,403,586
RAC: 0
United States
Message 1375328 - Posted: 2 Jun 2013, 12:50:04 UTC - in response to Message 1373693.  

I am running AVG 2013 under Windows 8. I have no problems downloading the file. I do get a warning on the certificate, but still allowed to download and run the file. I did a file scan with AVG 2013 and it reported no threats.

Also, sometime yesterday while I was away from my PC my system updated to version 7 without any issues. It is running smoothly now. No problems here.

Larry Sugden
ID: 1375328 · Report as offensive
Profile GaryB

Send message
Joined: 27 May 99
Posts: 1
Credit: 11,036,890
RAC: 0
Canada
Message 1375524 - Posted: 2 Jun 2013, 19:01:08 UTC - in response to Message 1373693.  

Both files scanned with AVG Free 2013 and both passed No Problem, how do I get BOINC to resume work?

Gary B

ID: 1375524 · Report as offensive
Previous · 1 · 2 · 3 · 4 · 5 · 6 · Next

Message boards : News : AVG 2013 virus scanner false positive on SETI@home 7 for Windows


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.