Questions and Answers :
Windows :
AVG 2016 detected virus after install of BOINC 7.6.22 (x64) running seti@home v8
Message board moderation
Author | Message |
---|---|
Charles Lawrence Send message Joined: 9 Oct 00 Posts: 7 Credit: 9,756,616 RAC: 0 |
My AVG Internet Security package detected a virus upon starting seti@home v8 immediately after updating to BOINC 7.6.22 (x64). My AVG is version 2016.0.7294 with virus database version 4522/11459 just updated today. The process running was setiathome_8.00_windows_intelx86-cuda42.exe. I do have an NVIDIA GeForce GTX 980 GPU. The virus detected, if it really is a virus, was called IDP.ARES.Generic. I allowed the process to continue, since it came from the seti@home project. Is this a real virus, and do I need to be concerened? I have seen no ill effects from letting the process continue. This is the first time I have ever gotten any warning from AVG concerning seti@home. Thanks. |
rob smith Send message Joined: 7 Mar 03 Posts: 22456 Credit: 416,307,556 RAC: 380 |
I'm suffering the same - it would appear that the current release of AVG free doesn't obey the folder exclusions that I've st up. Bob Smith Member of Seti PIPPS (Pluto is a Planet Protest Society) Somewhere in the (un)known Universe? |
Alienmoon Send message Joined: 14 Oct 13 Posts: 14 Credit: 386,618 RAC: 0 |
My AVG Internet Security package detected a virus upon starting seti@home v8 immediately after updating to BOINC 7.6.22 (x64). My AVG is version 2016.0.7294 with virus database version 4522/11459 just updated today. The process running was setiathome_8.00_windows_intelx86-cuda42.exe. I do have an NVIDIA GeForce GTX 980 GPU. The virus detected, if it really is a virus, was called IDP.ARES.Generic. I allowed the process to continue, since it came from the seti@home project. Is this a real virus, and do I need to be concerened? I have seen no ill effects from letting the process continue. This is the first time I have ever gotten any warning from AVG concerning seti@home. Thanks. I'd be more inclined to say False Positive, Also I'm running the same BOINC 7.6.22 (x64) & have never detected nothing, Even uploading the install files to Virustotal only to find nothing. after that I'd 100% say False Positive. How can we introduce an Alien Race to the people of Earth, Without the power-hungry Governments of this Planet fighting for control & Technology? all because people Fear what they do NOT Understand! |
BarnySwain Send message Joined: 1 Nov 99 Posts: 7 Credit: 2,268,559 RAC: 1 |
I clicked the nuke it button and all my SETI CUDA jobs failed. What now? I noted the jobs using Intel HD all work, is this an anti NVIDIA policy? |
Alienmoon Send message Joined: 14 Oct 13 Posts: 14 Credit: 386,618 RAC: 0 |
I clicked the nuke it button and all my SETI CUDA jobs failed. What now? I noted the jobs using Intel HD all work, is this an anti NVIDIA policy? Why would Seti@home make an anti NVIDIA policy, That doesn't make any sense, saying we rely on that brand of card more than ATI. How can we introduce an Alien Race to the people of Earth, Without the power-hungry Governments of this Planet fighting for control & Technology? all because people Fear what they do NOT Understand! |
Bernie Vine Send message Joined: 26 May 99 Posts: 9956 Credit: 103,452,613 RAC: 328 |
I clicked the nuke it button and all my SETI CUDA jobs failed. What now? I noted the jobs using Intel HD all work, is this an anti NVIDIA policy? I will paste this advice given by Ageless in another thread. We always tell people to exclude the BOINC data directory, its sub-directories and its files from being scanned by the anti-virus software. You can do this from within the AV software, look for an option to set up an exclusive directory, exceptions list or DMZ (demilitarized zone). The default BOINC directory path is to the hidden C:\Programdata\BOINC\ directory. |
BarnySwain Send message Joined: 1 Nov 99 Posts: 7 Credit: 2,268,559 RAC: 1 |
OK, I have excluded BOINC .. I have been bitten in the past so I might be a bit over-zealous. |
Hugo Blasdel Send message Joined: 15 Oct 15 Posts: 3 Credit: 10,086,155 RAC: 0 |
Is c:\windows\system32\conhost.exe also a BOINC item? It was blocked by AVG at the same time as C;\programdata\BOINC\...\..._CUDA42.exe. Curiously CUDA42 was blocked three times and conhost was blocked twice between those three. Now that AVG has blocked them, I too want to know what next to do to recover from the status "scheduler request pending". Blockages were identified as "Identity Protection" which may be the underlying anti-virus issue and a way to more narrowly focus the AntiVirus exclusion. Could the Ageless advice be part of the setup instructions or an option that is part of the setup itself. I have a photo of AVGs on-screen response if that would help. |
rob smith Send message Joined: 7 Mar 03 Posts: 22456 Credit: 416,307,556 RAC: 380 |
Yes, this update by AVG has been a real pain, and it picks up, apparently at random, the application as having a potential generic identity threat. This detection appears to happen each time the application is down loaded, which in the case of the "stock" applications is after removed by AVG :-( First you exclude the BOINC data directory from being scanned by AVG, make sure you include "identity threats" in the list of exclude scans. As you are running the stock applications you have to shut down BOINC and restart it - this will clear the current download record and download what is needed. Bob Smith Member of Seti PIPPS (Pluto is a Planet Protest Society) Somewhere in the (un)known Universe? |
triplemmm Send message Joined: 21 Nov 00 Posts: 27 Credit: 8,764,139 RAC: 13 |
i noticed that we now have a v8 but still running boinic 7.6.22 the problem i am having is that all the v8 WU are not being proceeded and ending up invalid or incomplete. i have allowed the new v8 thru my firewalls etc but i am at a lost as to why i can not get the new WU up and running. Anyone got any hints or have i missed a download or upgrade to cope with v8 WU. |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
Is c:\windows\system32\conhost.exe also a BOINC item? No, BOINC don't put anything in that directory Seems conhost.exe is part of Windows but your copy may be infected http://www.howtogeek.com/howto/4996/what-is-conhost.exe-and-why-is-it-running/ Can you send conhost.exe to VirusTotal for scan? https://www.virustotal.com/en/ Â - ALF - "Find out what you don't do well ..... then don't do it!" :) Â |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
i noticed that we now have a v8 but still running boinic 7.6.22 BOINC is the managing program and is at version 7.6.22 Seti has science applications that are at version 8.0x Seti science applications run under BOINC, but both don't need to be the same version number. Seti has even got two different science applications with different version numbers: Multibeam is now at version 8 for all major hardware. Astropulse is still at version 7. Other projects capable of running under BOINC all have their own version numbers for their science applications. They don't all need to follow the numbering of other projects or of BOINC. |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
Is c:\windows\system32\conhost.exe also a BOINC item? It was blocked by AVG at the same time as C;\programdata\BOINC\...\..._CUDA42.exe. conhost.exe is the console wrapper Windows uses for console based applications. BOINC doesn't start it directly. When an application is launched, the Windows application loader determines what sub-system the application belongs to and then proceeds to launch the correct sub-system before launching the application. All of the files in ..\windows\system, ..\windows\system32\ and ..\windows\sysWOW64 are Windows system files. Drivers will be able to write to these directories, but BOINC cannot. Project science applications also cannot be written to these directories. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.