| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: Website Support
Thread: Trojan on BOINC [RESOLVED - FALSE POSITIVE] |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 9
|
|
| Author |
|
|
Anthony Owen
Cruncher United States Joined: Nov 18, 2004 Post Count: 3 Status: Offline Project Badges: 
|
Malware detected this:
----------------------------------------PUP.MyWebSearch... Regitry Data HKCU\SOFTWARE\Microsoft]Internet Explorer\Main}Start Virtool.Agent.bld File D:\Program Files\AutoHotkey\AU3_Spy.exe Trojan.Agent.ED File C:\ProgramData\BOINC\projects \www.worldcommunitygrid tonynemo@galleriarusticana.com [Edit 1 times, last edit by Anthony Owen at Apr 26, 2013 7:46:06 PM] |
|||
|
||||
|
BladeD
Ace Cruncher USA Joined: Nov 17, 2004 Post Count: 28976 Status: Offline Project Badges: 
|
What Malware program are you using?
----------------------------------------I would use the Hijackthis program to find out what is going on. And go here to analyze the log file that's produced. Also, it lists support forums for help, if needed. |
||
|
|
Bearcat
Master Cruncher USA Joined: Jan 6, 2007 Post Count: 2803 Status: Offline Project Badges:
|
This is what I found about this....
----------------------------------------http://www.securelist.com/en/descriptions/106...Downloader.Win32.Agent.ed . I'll be uninstalling boinc if I find any bug from WCG!
Crunching for humanity since 2007!
 |
||
|
|
Steve W
Advanced Cruncher Joined: Dec 9, 2005 Post Count: 110 Status: Offline Project Badges:
|
You don't say where you got your copy of boinc from.
If you downloaded and installed from the WCG site then it is extremely unlikely to include any malware. IBM who provide the power behind WCG are very VERY careful about analyzing everything pushed through boinc, from the project binaries to the boinc software itself. On top of that the WCG recommended version is 6.10.58 for Windows, which hasn't changed for a very long time as they haven't yet got a newer stable version of boinc that passes all their tests - security, stability...etc If you are the only person reporting this problem then I would first check that the malware detection isn't a false positive. You should also make sure you have upto date AV software, and if it has in fact missed a Trojan being downloaded to your system that was first identified in 2004/2005 (from Bearcats link) then I might consider changing AV vendor. Then use HijackThis (provided by TrendMicro) as recommended by BladeD to see what that says. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Unless you, the OP malware reporter, have copy type erred the path, this is *not* the WCG project folder:
C:\ProgramData\BOINC\projects \www.worldcommunitygrid the proper default path on Windows is C:\ProgramData\BOINC\projects\www.worldcommunitygrid Suggest you check if there is a second, possibly hidden folder, *not* owned by WCG. All files by WCG are checksummed and verified and constantly monitored at IBM store side too to ensure no such contamination could take place. The project folder always contains those result / science app BOINC is certain off. Also, to underline, the version of BOINC that WCG endorses, soon 7.0.64 I suspect, current 6.10.58, is code audited by IBM, to include for suspect behavior. Only client packages that come from trusted sources, which there are officially few, can be assured to not have been modified [Open Source]. You can enhance the security yourself by, if not already done so, installing BOINC as service, which further limits privileges [sandbox to the max]. The downside is, that GPGPU computing on Windows is then currently not possible, except with an older version of BOINC combined with XP. The older versions of BOINC of course do not provide the same GPGPU support and detection as the newer v7 releases. BTW, Some "optiz" I'd not trust as far as I could throw a stone, particularly those that arrive through torrent paths. The reported information for now is too sparse to assess if there was something real, or a false positive by a piece of software trying to get you to connect to dubious sites. |
||
|
|
yojimbo197
Advanced Cruncher Joined: Jun 30, 2012 Post Count: 83 Status: Offline Project Badges: 
|
If the OP was using Malwarebytes, he may have run across one of many false positives that have been generated in the past day or so. The Malwarebytes forum as well as others, has reports of false positives. I came across two myself last night, one from a secure download from a vendor software site. And another from CEP.
---------------------------------------- |
||
|
|
Anthony Owen
Cruncher United States Joined: Nov 18, 2004 Post Count: 3 Status: Offline Project Badges:
|
I checked the Malwarebytes forum and there were false positives. As WCG is operating normally, it appears no harm was done.
Total Run Time (y:d:h:m:s) (Rank) 5:136:12:04:09 (#20,797) Registered Member Since: 11/18/04 16:44:09 Points Generated (Rank) 6,212,395 (#17,120) Results Returned (Rank) 8,560 (#22,441) |
||
|
|
Bearcat
Master Cruncher USA Joined: Jan 6, 2007 Post Count: 2803 Status: Offline Project Badges:
|
I got false positives on handbrake, vlc and makemkv, uninstall files. MB's really hurt there reputation on the blunder.
----------------------------------------
Crunching for humanity since 2007!
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
@Anthony Owen,
Please edit the Opening Post title and insert [RESOLVED - FALSE POSITIVE] as what I did with this post. As for the commented reputation, they had none before with me [Never heard of them before]. After visiting and seeing near 5000 topics in their "False Positive" forum, they now have. :O |
||
|
|
|