PrimeGrid
Please visit donation page to help the project cover running costs for this month

Toggle Menu

Join PrimeGrid

Returning Participants

Community

Leader Boards

Results

Other

drummers-lowrise

Advanced search

Message boards : Problems and Help : trojans on boinc/primegrid?

Author Message
sab
Send message
Joined: 10 Jul 09
Posts: 16
ID: 43207
Credit: 374,254
RAC: 0
PPS LLR Silver: Earned 100,000 credits (368,054)
Message 17845 - Posted: 2 Sep 2009 | 23:54:06 UTC

So I am going to college so I decided to take a prolonged break from primegrid :( (im still testing numbers manually tho)

Anyway, I got some really good anti-virus and anti-malware software from the college and ran the scan.

It found and deleted FIVE trojan viruses that are attributed to BOINC and more specifically PRIMEGRID!!!!!

Can someone explain this?

sab
Send message
Joined: 10 Jul 09
Posts: 16
ID: 43207
Credit: 374,254
RAC: 0
PPS LLR Silver: Earned 100,000 credits (368,054)
Message 17846 - Posted: 3 Sep 2009 | 0:18:36 UTC - in response to Message 17845.

So I am going to college so I decided to take a prolonged break from primegrid :( (im still testing numbers manually tho)

Anyway, I got some really good anti-virus and anti-malware software from the college and ran the scan.

It found and deleted FIVE trojan viruses that are attributed to BOINC and more specifically PRIMEGRID!!!!!

Can someone explain this?


by the way, the trojan looks like: Artemis! [and then a bunch of numbers in hexadecimal form]
it was found in the "wrapper" files of the various primality testing programs.

Scott BrownProject donor
Volunteer moderator
Project administrator
Volunteer tester
Project scientist
Avatar
Send message
Joined: 17 Oct 05
Posts: 2165
ID: 1178
Credit: 8,777,295,508
RAC: 0
Discovered the World's First base 116 Generalized Cullen prime!!!Discovered 26 mega primesEliminated 7 conjecture "k"sDiscovered 1 Sophie Germain pairDiscovered 2 Fermat divisors2012 Tour de Primes highest prime count2012 Tour de Primes most Mountain Stage primes2015 Tour de Primes highest prime count2016 Tour de Primes highest prime countFound 23 primes in the 2018 Tour de PrimesFound 1 mega prime in the 2018 Tour de PrimesFound 2 primes in the 2018 Tour de Primes Mountain Stage2019 Tour de Primes highest prime countFound 22 primes in the 2019 Tour de Primes2020 Tour de Primes highest prime scoreFound 21 primes in the 2020 Tour de PrimesFound 4 mega primes in the 2020 Tour de Primes321 LLR Double Silver: Earned 200,000,000 credits (201,403,028)Cullen LLR Double Bronze: Earned 100,000,000 credits (188,339,206)ESP LLR Double Silver: Earned 200,000,000 credits (203,249,784)Generalized Cullen/Woodall LLR Double Bronze: Earned 100,000,000 credits (109,580,172)PPS LLR Double Gold: Earned 500,000,000 credits (647,115,820)PSP LLR Double Bronze: Earned 100,000,000 credits (126,982,721)SoB LLR Double Bronze: Earned 100,000,000 credits (135,747,083)SR5 LLR Double Silver: Earned 200,000,000 credits (214,194,272)SGS LLR Double Silver: Earned 200,000,000 credits (200,731,695)TPS LLR (retired) Silver: Earned 100,000 credits (235,439)TRP LLR Double Silver: Earned 200,000,000 credits (201,215,056)Woodall LLR Double Bronze: Earned 100,000,000 credits (101,447,725)321 Sieve Double Silver: Earned 200,000,000 credits (235,451,253)Cullen/Woodall Sieve (suspended) Emerald: Earned 50,000,000 credits (83,794,448)Generalized Cullen/Woodall Sieve (suspended) Double Silver: Earned 200,000,000 credits (285,139,652)PPS Sieve Double Ruby: Earned 2,000,000,000 credits (2,728,039,937)Sierpinski (ESP/PSP/SoB) Sieve (suspended) Double Silver: Earned 200,000,000 credits (203,523,358)TRP Sieve (suspended) Double Silver: Earned 200,000,000 credits (201,489,157)AP 26/27 Double Silver: Earned 200,000,000 credits (385,720,907)GFN Double Amethyst: Earned 1,000,000,000 credits (1,984,821,252)PSA Double Silver: Earned 200,000,000 credits (259,058,048)
Message 17848 - Posted: 3 Sep 2009 | 2:35:50 UTC
Last modified: 3 Sep 2009 | 2:38:13 UTC

Which AV program are you using? In the past, various BOINC project applications have been reported as viruses that were actually fine...the AV program just detected a false positive. As I recall, this used to be somewhat frequent with AVAST and sometimes Norton.

For example, see here
____________
141941*2^4299438-1 is prime!


sab
Send message
Joined: 10 Jul 09
Posts: 16
ID: 43207
Credit: 374,254
RAC: 0
PPS LLR Silver: Earned 100,000 credits (368,054)
Message 17849 - Posted: 3 Sep 2009 | 4:24:41 UTC - in response to Message 17848.

Which AV program are you using? In the past, various BOINC project applications have been reported as viruses that were actually fine...the AV program just detected a false positive. As I recall, this used to be somewhat frequent with AVAST and sometimes Norton.

For example, see here


It's most likely a false positive. I just started using McAfee enterprise edition, plus malwarebytes and virusbusters. Pretty intense stuff. I'm sure its ok, but you can't be too careful these days.

Profile mfl0pProject donor
Project administrator
Volunteer developer
Send message
Joined: 5 Apr 09
Posts: 224
ID: 38042
Credit: 860,116,790
RAC: 0
Discovered 1 mega primeDiscovered 2 AP26sFound 1 prime in the 2019 Tour de PrimesFound 2 primes in the 2020 Tour de PrimesFound 1 prime in the 2020 Tour de Primes Mountain Stage321 LLR Silver: Earned 100,000 credits (317,098)Cullen LLR Amethyst: Earned 1,000,000 credits (1,930,420)ESP LLR Ruby: Earned 2,000,000 credits (3,689,780)Generalized Cullen/Woodall LLR Amethyst: Earned 1,000,000 credits (1,696,299)PPS LLR Sapphire: Earned 20,000,000 credits (34,955,626)PSP LLR Silver: Earned 100,000 credits (413,594)SoB LLR Jade: Earned 10,000,000 credits (11,581,286)SR5 LLR Gold: Earned 500,000 credits (690,610)SGS LLR Amethyst: Earned 1,000,000 credits (1,086,646)TRP LLR Turquoise: Earned 5,000,000 credits (5,648,504)Woodall LLR Silver: Earned 100,000 credits (218,868)321 Sieve Turquoise: Earned 5,000,000 credits (5,425,049)PPS Sieve Emerald: Earned 50,000,000 credits (57,903,667)Sierpinski (ESP/PSP/SoB) Sieve (suspended) Bronze: Earned 10,000 credits (47,384)TRP Sieve (suspended) Bronze: Earned 10,000 credits (49,560)AP 26/27 Double Gold: Earned 500,000,000 credits (599,347,310)GFN Double Bronze: Earned 100,000,000 credits (123,519,380)PSA Silver: Earned 100,000 credits (456,000)
Message 17857 - Posted: 3 Sep 2009 | 23:54:49 UTC - in response to Message 17849.

This is an example of why I don't recommend any anti-virus programs. False positives, deletes random files, sometimes your computer won't even boot after the "cleaning". What a joke.

Anti-virus is the snake oil product of the computer industry that preys on the paranoia of the public.
____________

John
Send message
Joined: 2 Jul 09
Posts: 1
ID: 42867
Credit: 27,923
RAC: 0

Message 17939 - Posted: 10 Sep 2009 | 17:14:13 UTC - in response to Message 17857.

I'm having the same problem. I'm using McAfee too.

Rob
Send message
Joined: 17 Jul 08
Posts: 1
ID: 25718
Credit: 1,640,517
RAC: 0
321 LLR Silver: Earned 100,000 credits (297,520)Cullen LLR Bronze: Earned 10,000 credits (42,165)PPS LLR Bronze: Earned 10,000 credits (39,722)PSP LLR Gold: Earned 500,000 credits (582,792)SGS LLR Bronze: Earned 10,000 credits (18,328)TRP LLR Silver: Earned 100,000 credits (109,695)Woodall LLR Silver: Earned 100,000 credits (187,158)Cullen/Woodall Sieve (suspended) Silver: Earned 100,000 credits (307,022)TRP Sieve (suspended) Bronze: Earned 10,000 credits (41,050)
Message 18157 - Posted: 24 Sep 2009 | 16:35:09 UTC

I am having the same issue. McAfee Security (from ISP) is flagging only the 321 workunits as having the Artemis trojan embedded.

McAfee 'cleans' the infection and causes the download to fail.

It looks like it has been going on since I have installed McAfee. Will try putting another computer on PrimeGrid (that doesn't have McAfee) and post the results.

Rytis
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 22 Jun 05
Posts: 2649
ID: 1
Credit: 26,363,112
RAC: 0
321 LLR Silver: Earned 100,000 credits (104,475)Cullen LLR Silver: Earned 100,000 credits (291,372)ESP LLR Bronze: Earned 10,000 credits (18,156)Generalized Cullen/Woodall LLR Bronze: Earned 10,000 credits (15,259)PPS LLR Silver: Earned 100,000 credits (113,978)PSP LLR Silver: Earned 100,000 credits (116,517)SoB LLR Silver: Earned 100,000 credits (282,655)SR5 LLR Bronze: Earned 10,000 credits (14,071)SGS LLR Silver: Earned 100,000 credits (100,082)TPS LLR (retired) Silver: Earned 100,000 credits (111,607)TRP LLR Sapphire: Earned 20,000,000 credits (20,681,766)Woodall LLR Silver: Earned 100,000 credits (101,463)321 Sieve Silver: Earned 100,000 credits (201,501)Cullen/Woodall Sieve (suspended) Silver: Earned 100,000 credits (214,653)Generalized Cullen/Woodall Sieve (suspended) Bronze: Earned 10,000 credits (14,200)PPS Sieve Silver: Earned 100,000 credits (491,193)Sierpinski (ESP/PSP/SoB) Sieve (suspended) Silver: Earned 100,000 credits (200,232)TRP Sieve (suspended) Ruby: Earned 2,000,000 credits (2,453,872)AP 26/27 Silver: Earned 100,000 credits (473,058)GFN Silver: Earned 100,000 credits (197,387)PSA Bronze: Earned 10,000 credits (97,541)
Message 18160 - Posted: 25 Sep 2009 | 5:31:43 UTC

It shouldn't be happening anymore, because we replaced the app and it reported as clean on virusdepot. But, I guess, McAfee once again decided that our app is malicious :S
____________

Nuadormrac
Send message
Joined: 23 May 06
Posts: 10
ID: 2885
Credit: 100,442,069
RAC: 0
321 LLR Bronze: Earned 10,000 credits (49,471)PPS LLR Bronze: Earned 10,000 credits (89,650)PSP LLR Bronze: Earned 10,000 credits (70,082)SoB LLR Gold: Earned 500,000 credits (593,411)SGS LLR Bronze: Earned 10,000 credits (25,826)Woodall LLR Bronze: Earned 10,000 credits (86,511)PPS Sieve Emerald: Earned 50,000,000 credits (99,060,206)GFN Silver: Earned 100,000 credits (463,588)
Message 18180 - Posted: 26 Sep 2009 | 14:04:35 UTC
Last modified: 26 Sep 2009 | 14:16:51 UTC

tbh, Norton or McCaffee wouldn't be my first choices for an AV program. They're more wide known and commercially available. Personally, I use Kaspersky antivirus, and haven't run into an auto-delete like this. The only false positive it detected was Ventrillo where it warned of "suspicscious behaviour", but it only warned/alerted me, didn't delete or take any action on it's own in that case. It also provides virus definition updates multiple times per day.

NOD32 has a reputation for being as good. Norton and McCaffee, pfft....
____________

MC707
Avatar
Send message
Joined: 6 Jun 09
Posts: 2
ID: 41343
Credit: 5,768,153
RAC: 0
PPS LLR Silver: Earned 100,000 credits (295,766)SGS LLR Silver: Earned 100,000 credits (203,435)PPS Sieve Turquoise: Earned 5,000,000 credits (5,268,384)
Message 18715 - Posted: 27 Oct 2009 | 1:30:53 UTC
Last modified: 27 Oct 2009 | 1:31:59 UTC

That's why I use Linux 95% of time ^_^ Though when I boot to Windows to play some games, I always keep avast up. It's the best AV I've had.
____________

Profile John M. Johnson "Novex"Project donor
Volunteer tester
Avatar
Send message
Joined: 16 Aug 07
Posts: 625
ID: 10876
Credit: 1,066,951
RAC: 0
321 LLR Bronze: Earned 10,000 credits (50,802)Cullen LLR Silver: Earned 100,000 credits (111,106)PPS LLR Silver: Earned 100,000 credits (101,350)PSP LLR Bronze: Earned 10,000 credits (15,210)SGS LLR Bronze: Earned 10,000 credits (27,055)TPS LLR (retired) Bronze: Earned 10,000 credits (67,826)Woodall LLR Bronze: Earned 10,000 credits (10,609)321 Sieve Bronze: Earned 10,000 credits (70,873)Cullen/Woodall Sieve (suspended) Bronze: Earned 10,000 credits (20,185)PPS Sieve Bronze: Earned 10,000 credits (20,034)Sierpinski (ESP/PSP/SoB) Sieve (suspended) Bronze: Earned 10,000 credits (24,551)TRP Sieve (suspended) Bronze: Earned 10,000 credits (40,040)AP 26/27 Silver: Earned 100,000 credits (159,148)PSA Silver: Earned 100,000 credits (344,961)
Message 18873 - Posted: 4 Nov 2009 | 22:35:00 UTC
Last modified: 4 Nov 2009 | 22:39:35 UTC

Yeah Norton Corporate has never given me any issues nor has it ever found Boinc to be a virus, but I know for a fact McAfee has in the past. It is the worst anti-virus imo. I worked at Circuit City's Firedog team for over a year before they closed and laid me off and we only ever got computers with viruses that either didn't have anti-virus, or had never updated, and or had McAfee. Never once did we get a Norton or Kaspersky with viruses to clean. And we did over 30 computers a day there multi-tasking, and thats not to say cleaning computers is all we did but it was about 40% if not higher of the time spent there, thats for sure. Just my 2 cents :)
____________


John M. Johnson "Novex"

Profile Lonely
Avatar
Send message
Joined: 27 Feb 08
Posts: 2
ID: 19560
Credit: 358,396
RAC: 0
Woodall LLR Bronze: Earned 10,000 credits (10,744)PPS Sieve Silver: Earned 100,000 credits (225,857)Sierpinski (ESP/PSP/SoB) Sieve (suspended) Bronze: Earned 10,000 credits (45,933)GFN Bronze: Earned 10,000 credits (56,950)
Message 20298 - Posted: 6 Jan 2010 | 22:18:28 UTC

RE: The 'apparent' wrapper virus. I too am having the same problem but the AV in use is THREATFIRE. Everything becomes erratic on the download and the computer becomes unusable. A Dell intel 2.4 dual-core using Vista. The same download onto an Apple Mac an intel dual core 2.4 doesn't appear to manifest the same problem.
____________

JohnProject donor
Honorary cruncher
Avatar
Send message
Joined: 21 Feb 06
Posts: 2875
ID: 2449
Credit: 2,681,934
RAC: 0
321 LLR Bronze: Earned 10,000 credits (11,773)Cullen LLR Bronze: Earned 10,000 credits (14,945)ESP LLR Bronze: Earned 10,000 credits (26,855)PPS LLR Bronze: Earned 10,000 credits (84,876)PSP LLR Bronze: Earned 10,000 credits (15,311)SoB LLR Bronze: Earned 10,000 credits (21,440)SR5 LLR Bronze: Earned 10,000 credits (29,270)SGS LLR Bronze: Earned 10,000 credits (26,616)TPS LLR (retired) Bronze: Earned 10,000 credits (36,288)TRP LLR Bronze: Earned 10,000 credits (41,655)Woodall LLR Bronze: Earned 10,000 credits (15,807)321 Sieve Bronze: Earned 10,000 credits (20,014)Cullen/Woodall Sieve (suspended) Bronze: Earned 10,000 credits (23,405)PPS Sieve Bronze: Earned 10,000 credits (36,192)Sierpinski (ESP/PSP/SoB) Sieve (suspended) Bronze: Earned 10,000 credits (20,306)TRP Sieve (suspended) Bronze: Earned 10,000 credits (21,738)GFN Bronze: Earned 10,000 credits (86,217)PSA Ruby: Earned 2,000,000 credits (2,143,756)
Message 20302 - Posted: 7 Jan 2010 | 0:14:24 UTC

This came in last week through a PM from a PG user:

I'll just have to watch the first time the .exe runs. Kaspersky Internet Security is VERY suspicious of a BOINC project application with a large memory footprint. The BOINC client is Trusted, but not the project apps (no digital signature+high memory footprint=a high "danger index" ~=100). KIS will automatically Block it the first time it runs, unless an Administrator forces it into the Low Restricted category. I have the same problem with Einstein@home, every time an update to the .exe is deployed. The price of security I guess. Thats a good tip for other subscribers who use KIS with Application Control turned on.

I think this can be generalized to all AV products.
____________

Message boards : Problems and Help : trojans on boinc/primegrid?

[Return to PrimeGrid main page]
DNS Powered by DNSEXIT.COM
Copyright © 2005 - 2022 Rytis Slatkevičius (contact) and PrimeGrid community. Server load 0.01, 0.01, 0.00
Generated 27 Sep 2022 | 17:37:57 UTC