| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: Website Support
Thread: Trojan.Packed.13 |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 11
|
|
| Author |
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Norton Internet Security just flagged my computer as having a Trojan virus on a file with a label associated with the World Community Grid (wrld community grid agent.lnk). I have no idea if this is real or not. Someone a WCG needs to get on top of this immediately. I do not want to set off alarms unnecessarily, but if you are distributing files infected with nefarious stuff, you need to fix it now. Otherwise, you need to figure out why Norton says your file is contaminated.
|
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
The same has been reported multiple times at Grid.org where they also run UD agent. The readings are, that it supposedly is a variation of the Storm Worm spreading via specially crafted posts. So far no other AV has reported this.... do a thorough scan, but for now consider it a false positive.
----------------------------------------I'm running 2 UD agents presently and did a full scan with another AV and several other online checkers and nothing came up.
WCG
Please help to make the Forums an enjoyable experience for All! |
||
|
|
MarshallW
Cruncher Joined: Nov 16, 2004 Post Count: 13 Status: Offline Project Badges: 
|
I, too, am getting this on one of my 3 computers running research. It started with the scan last night. I have shut down the research on the computer that is 'infected.' If no news by Monday night, I will remove all research related files from all my computers.
This is not a good situation. |
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
I, too, am getting this on one of my 3 computers running research. It started with the scan last night. I have shut down the research on the computer that is 'infected.' If no news by Monday night, I will remove all research related files from all my computers. This is not a good situation. This is a post from someone who submitted the supposedly infected files: [quote="djgs"]Symantec AV scan claimed to have found "Trojan.Packed.13" in UD.EXE for me as well - and it deleted it from three machines before I realised what was going on. I have submitted the file to VirusTotal.com where it was scanned by a range of Antivirus products - with only a couple regarding it as "suspicious" and the rest giving it the all-clear. I am pretty sure that this is a "false positive" coming from over-enthusiastic heuristic scanning - so I have retrieved the file from the Symantec Quarantine store and reinstalled it - but so far only on a non-critical machine. It's only Symantec / Norton reporting.... not the first time they point finger at UD agent ----------------------------------------
WCG
Please help to make the Forums an enjoyable experience for All! |
||
|
|
Dirk Gently
Senior Cruncher England Joined: Mar 1, 2005 Post Count: 153 Status: Offline Project Badges: 
|
AV scanners seem to be getting a little paranoid - I have had a few false positives myself. One was in another BOINC project, and one in a DIVX update download. I use a Radial Point scanner.
----------------------------------------Norton reported them as OK! Point is - scan with a different AV. Let's not panic  |
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
Fortunately, but we already knew that, Symantec confirmed the false positive:
----------------------------------------"..... it has to do with the last update concerning a security update to the Microsoft .Net Framework 3.0: x86 (KB928416) which should only affect 32-bit WinXP users." Yep, the old flow chart surfaced again.... If you can blame it on someone else, do so! In other thread, a user here simply put an exception into his AV for UD.exe
WCG
Please help to make the Forums an enjoyable experience for All! |
||
|
|
Viktors
Former World Community Grid Tech Joined: Sep 20, 2004 Post Count: 653 Status: Offline Project Badges: 
|
The UD.EXE file on your system should have an MD5SUM value of 60faafa129e28a0b6991f0ea605f759e. This can be checked with an md5sum program such as one found here: md5sum info . If the md5sum for yours is different. Just delete it the file and reinstall the agent. However, first update your virus scanner with the latest virus signatures and rescan your system thoroughly. If you have an infection, it usually arrives via some other means and then attaches itself to various other programs on your system. These viruses like to attach to programs running all the time so they do not get noticed as easily and that is why they sometimes attach to the agent.
|
||
|
|
Viktors
Former World Community Grid Tech Joined: Sep 20, 2004 Post Count: 653 Status: Offline Project Badges:
|
P.S. And, yes from time to time we have seen some anti-virus products give false positives. We used the March 19, 2007 rev 16 definition file for Symantec Antivirus in our check. If your md5sum was ok, which version of the Antivirus Definition File were you using at the time? Thanks.
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Hi. FYI I've got the same issue where Symantec AV using virus def 2007/03/19 rev 16 reports Trojan.Packed.13 in UD.exe, which has md5 checksum of 60faafa129e28a0b6991f0ea605f759e. This happens on both Windows XP and Windows 2000 systems, which a previous post implies shouldn't happen.
I can ignore it for a while but what if it really does get infected??? I certainly don't want to tell AV scan to ignore anything - have Symantec/Microsoft given any hint about when the issue will be resolved? Thanks |
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
No indication, but usually the (good) AV makers are responsive and fix their libraries pretty quick. Will keep an eye out for any news on this.
----------------------------------------Whilst an exception is okay, believe that some AV makers are smarter..... if the exempted file has changed, it should flag it again. If they dont, well, that's than wishful thinking :O
WCG
Please help to make the Forums an enjoyable experience for All! |
||
|
|
|