AVG 2016 detected virus after install of BOINC 7.6.22 (x64) running seti@home v8

Questions and Answers : Windows : AVG 2016 detected virus after install of BOINC 7.6.22 (x64) running seti@home v8
Message board moderation

To post messages, you must log in.

AuthorMessage
Charles Lawrence

Send message
Joined: 9 Oct 00
Posts: 7
Credit: 9,756,616
RAC: 0
United States
Message 1758213 - Posted: 22 Jan 2016, 15:18:34 UTC

My AVG Internet Security package detected a virus upon starting seti@home v8 immediately after updating to BOINC 7.6.22 (x64). My AVG is version 2016.0.7294 with virus database version 4522/11459 just updated today. The process running was setiathome_8.00_windows_intelx86-cuda42.exe. I do have an NVIDIA GeForce GTX 980 GPU. The virus detected, if it really is a virus, was called IDP.ARES.Generic. I allowed the process to continue, since it came from the seti@home project. Is this a real virus, and do I need to be concerened? I have seen no ill effects from letting the process continue. This is the first time I have ever gotten any warning from AVG concerning seti@home. Thanks.
ID: 1758213 · Report as offensive
rob smith Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer moderator
Volunteer tester

Send message
Joined: 7 Mar 03
Posts: 22456
Credit: 416,307,556
RAC: 380
United Kingdom
Message 1758218 - Posted: 22 Jan 2016, 15:48:37 UTC

I'm suffering the same - it would appear that the current release of AVG free doesn't obey the folder exclusions that I've st up.
Bob Smith
Member of Seti PIPPS (Pluto is a Planet Protest Society)
Somewhere in the (un)known Universe?
ID: 1758218 · Report as offensive
Profile Alienmoon
Avatar

Send message
Joined: 14 Oct 13
Posts: 14
Credit: 386,618
RAC: 0
United Kingdom
Message 1758678 - Posted: 23 Jan 2016, 15:14:23 UTC - in response to Message 1758213.  

My AVG Internet Security package detected a virus upon starting seti@home v8 immediately after updating to BOINC 7.6.22 (x64). My AVG is version 2016.0.7294 with virus database version 4522/11459 just updated today. The process running was setiathome_8.00_windows_intelx86-cuda42.exe. I do have an NVIDIA GeForce GTX 980 GPU. The virus detected, if it really is a virus, was called IDP.ARES.Generic. I allowed the process to continue, since it came from the seti@home project. Is this a real virus, and do I need to be concerened? I have seen no ill effects from letting the process continue. This is the first time I have ever gotten any warning from AVG concerning seti@home. Thanks.


I'd be more inclined to say False Positive, Also I'm running the same BOINC 7.6.22 (x64) & have never detected nothing, Even uploading the install files to Virustotal only to find nothing.
after that I'd 100% say False Positive.
How can we introduce an Alien Race to the people of Earth, Without the power-hungry Governments of this Planet fighting for control & Technology? all because people Fear what they do NOT Understand!
ID: 1758678 · Report as offensive
BarnySwain

Send message
Joined: 1 Nov 99
Posts: 7
Credit: 2,268,559
RAC: 1
United Kingdom
Message 1758680 - Posted: 23 Jan 2016, 15:15:30 UTC - in response to Message 1758213.  

I clicked the nuke it button and all my SETI CUDA jobs failed. What now? I noted the jobs using Intel HD all work, is this an anti NVIDIA policy?
ID: 1758680 · Report as offensive
Profile Alienmoon
Avatar

Send message
Joined: 14 Oct 13
Posts: 14
Credit: 386,618
RAC: 0
United Kingdom
Message 1758681 - Posted: 23 Jan 2016, 15:18:25 UTC - in response to Message 1758680.  

I clicked the nuke it button and all my SETI CUDA jobs failed. What now? I noted the jobs using Intel HD all work, is this an anti NVIDIA policy?


Why would Seti@home make an anti NVIDIA policy, That doesn't make any sense, saying we rely on that brand of card more than ATI.
How can we introduce an Alien Race to the people of Earth, Without the power-hungry Governments of this Planet fighting for control & Technology? all because people Fear what they do NOT Understand!
ID: 1758681 · Report as offensive
Profile Bernie Vine
Volunteer moderator
Volunteer tester
Avatar

Send message
Joined: 26 May 99
Posts: 9956
Credit: 103,452,613
RAC: 328
United Kingdom
Message 1758696 - Posted: 23 Jan 2016, 16:04:38 UTC - in response to Message 1758680.  

I clicked the nuke it button and all my SETI CUDA jobs failed. What now? I noted the jobs using Intel HD all work, is this an anti NVIDIA policy?

I will paste this advice given by Ageless in another thread.

We always tell people to exclude the BOINC data directory, its sub-directories and its files from being scanned by the anti-virus software. You can do this from within the AV software, look for an option to set up an exclusive directory, exceptions list or DMZ (demilitarized zone). The default BOINC directory path is to the hidden C:\Programdata\BOINC\ directory.

Then only scan the Data directory manually, when BOINC isn't running.

And yes, they are false positives, because of the way that the science software looks at the data, this is flagged by overzealous anti virus software as malicious, when it isn't. This happens with each new iteration of the science software.

ID: 1758696 · Report as offensive
BarnySwain

Send message
Joined: 1 Nov 99
Posts: 7
Credit: 2,268,559
RAC: 1
United Kingdom
Message 1758704 - Posted: 23 Jan 2016, 16:40:41 UTC - in response to Message 1758696.  

OK, I have excluded BOINC .. I have been bitten in the past so I might be a bit over-zealous.
ID: 1758704 · Report as offensive
Hugo Blasdel

Send message
Joined: 15 Oct 15
Posts: 3
Credit: 10,086,155
RAC: 0
United States
Message 1759967 - Posted: 28 Jan 2016, 10:52:19 UTC - in response to Message 1758696.  

Is c:\windows\system32\conhost.exe also a BOINC item? It was blocked by AVG at the same time as C;\programdata\BOINC\...\..._CUDA42.exe.

Curiously CUDA42 was blocked three times and conhost was blocked twice between those three.

Now that AVG has blocked them, I too want to know what next to do to recover from the status "scheduler request pending".

Blockages were identified as "Identity Protection" which may be the underlying anti-virus issue and a way to more narrowly focus the AntiVirus exclusion.

Could the Ageless advice be part of the setup instructions or an option that is part of the setup itself.

I have a photo of AVGs on-screen response if that would help.
ID: 1759967 · Report as offensive
rob smith Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer moderator
Volunteer tester

Send message
Joined: 7 Mar 03
Posts: 22456
Credit: 416,307,556
RAC: 380
United Kingdom
Message 1759976 - Posted: 28 Jan 2016, 11:38:15 UTC

Yes, this update by AVG has been a real pain, and it picks up, apparently at random, the application as having a potential generic identity threat. This detection appears to happen each time the application is down loaded, which in the case of the "stock" applications is after removed by AVG :-(

First you exclude the BOINC data directory from being scanned by AVG, make sure you include "identity threats" in the list of exclude scans. As you are running the stock applications you have to shut down BOINC and restart it - this will clear the current download record and download what is needed.
Bob Smith
Member of Seti PIPPS (Pluto is a Planet Protest Society)
Somewhere in the (un)known Universe?
ID: 1759976 · Report as offensive
triplemmm

Send message
Joined: 21 Nov 00
Posts: 27
Credit: 8,764,139
RAC: 13
Australia
Message 1759984 - Posted: 28 Jan 2016, 12:20:05 UTC

i noticed that we now have a v8 but still running boinic 7.6.22
the problem i am having is that all the v8 WU are not being proceeded and ending up invalid or incomplete. i have allowed the new v8 thru my firewalls etc but i am at a lost as to why i can not get the new WU up and running. Anyone got any hints or have i missed a download or upgrade to cope with v8 WU.
ID: 1759984 · Report as offensive
Profile BilBg
Volunteer tester
Avatar

Send message
Joined: 27 May 07
Posts: 3720
Credit: 9,385,827
RAC: 0
Bulgaria
Message 1760032 - Posted: 28 Jan 2016, 16:22:36 UTC - in response to Message 1759967.  

Is c:\windows\system32\conhost.exe also a BOINC item?

No, BOINC don't put anything in that directory
Seems conhost.exe is part of Windows but your copy may be infected
http://www.howtogeek.com/howto/4996/what-is-conhost.exe-and-why-is-it-running/

Can you send conhost.exe to VirusTotal for scan?
https://www.virustotal.com/en/
 


- ALF - "Find out what you don't do well ..... then don't do it!" :)
 
ID: 1760032 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1760042 - Posted: 28 Jan 2016, 16:58:39 UTC - in response to Message 1759984.  

i noticed that we now have a v8 but still running boinic 7.6.22

BOINC is the managing program and is at version 7.6.22
Seti has science applications that are at version 8.0x

Seti science applications run under BOINC, but both don't need to be the same version number. Seti has even got two different science applications with different version numbers: Multibeam is now at version 8 for all major hardware. Astropulse is still at version 7.

Other projects capable of running under BOINC all have their own version numbers for their science applications. They don't all need to follow the numbering of other projects or of BOINC.
ID: 1760042 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1760109 - Posted: 28 Jan 2016, 21:52:53 UTC - in response to Message 1759967.  

Is c:\windows\system32\conhost.exe also a BOINC item? It was blocked by AVG at the same time as C;\programdata\BOINC\...\..._CUDA42.exe.

conhost.exe is the console wrapper Windows uses for console based applications.

BOINC doesn't start it directly. When an application is launched, the Windows application loader determines what sub-system the application belongs to and then proceeds to launch the correct sub-system before launching the application.

All of the files in ..\windows\system, ..\windows\system32\ and ..\windows\sysWOW64 are Windows system files. Drivers will be able to write to these directories, but BOINC cannot. Project science applications also cannot be written to these directories.
ID: 1760109 · Report as offensive

Questions and Answers : Windows : AVG 2016 detected virus after install of BOINC 7.6.22 (x64) running seti@home v8


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.