| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Retired Forums
Forum: UD Windows Agent Support [Read Only]
Thread: possible virus in data stream - xpost |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 13
|
|
| Author |
|
|
cmosentine
Cruncher Joined: Dec 31, 2004 Post Count: 8 Status: Offline Project Badges: 
|
I thought this important enough to cross-post this in the portien folder forum, sorry if I offend.
My anti-virus is reporting the following: The Win32/Anserin!HookDLL.Variant!Tr was detected in D:\APPS\WORLDCOMMUNITYGRID\UDTAPI.DLL. Machine: GR_IS_N, User: System. File Status: File is cured and the machine needs to reboot to complete cure. What is goiing on here??? thanks, Chris. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
The following quote is from a response Viktors posted in Suggestions/Feedback to user Didactylos:
Which antivirus program are you using? We have seen at least one less often used virus checker falsely tag some portion of World Community Grid files. If you truly have been infected with the virus you mention, you might want to scan your system with a second antivirus product, just to check if the first virus checker missed something. In particular, there may be another file somewhere on your system which contains the original infection. If you run md5sum on the udtapi.dll file, it should show the following value: dd39700773325b2651ed9e878c366a5c If this file is modified or deleted, the agent software restores it to the correct content the next time the agent runs. |
||
|
|
cmosentine
Cruncher Joined: Dec 31, 2004 Post Count: 8 Status: Offline Project Badges:
|
We use CA's eTrust AV 7.1 running on windows XP.
Chris |
||
|
|
cmosentine
Cruncher Joined: Dec 31, 2004 Post Count: 8 Status: Offline Project Badges:
|
Hello: udtapi.dll is not present in the wcgrid program folder but my av is flagging it. Could this be a root kit??
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Did your anti-virus program do anything to it when it flagged it? It is present in mine.
----------------------------------------Volume in drive D has no label. Volume Serial Number is 70AE-6E52 Directory of D:\Program Files\WorldCommunityGrid 12/08/2005 12:03 PM <DIR> . 12/08/2005 12:03 PM <DIR> .. 12/08/2005 11:32 AM 6,690 cs.ud 12/08/2005 12:03 PM 0 tkcp.ud~ 12/08/2005 12:13 PM 42,252 tklg.ud 12/08/2005 12:03 PM 16,843,264 tkop.ud~ 12/08/2005 12:03 PM 146 tkst.ud 05/07/2005 06:55 PM 482,816 UD.exe 05/07/2005 06:55 PM 78,721 UDAGENT.HLP 04/29/2005 02:11 PM 175,104 udtapi.dll 05/07/2005 06:55 PM 69,632 ud_1582754.scr 05/07/2005 06:55 PM 78,721 ud_1582755.hlp 06/29/2005 12:08 AM 2,849,888 ud_1582756.exe 06/29/2005 12:08 AM 1,212,416 ud_1582757.dll 06/29/2005 12:08 AM 1,098 ud_21401.bmp 11/19/2005 11:53 AM 632,578 ud_3434601.exe 12/08/2005 11:49 AM <DIR> ud_3434601_0.dir 11/19/2005 11:53 AM 2,334,720 ud_3434602.dll 11/19/2005 11:53 AM 1,098 ud_3434603.bmp 11/19/2005 11:53 AM 8,278 ud_3434604.bmp 11/19/2005 11:53 AM 10,240 ud_3434605 12/08/2005 11:32 AM 44,032 ud_3669719 06/29/2005 12:08 AM 8,276 ud_686.bmp 06/29/2005 12:08 AM 782,848 ud_687 21 File(s) 25,662,818 bytes 3 Dir(s) 36,639,449,088 bytes free [Edit 2 times, last edit by Former Member at Dec 8, 2005 5:15:39 PM] |
||
|
|
cmosentine
Cruncher Joined: Dec 31, 2004 Post Count: 8 Status: Offline Project Badges:
|
Yes, my AV is delting the file as a cure. When I restart the process the file gets created and then the cycle starts all over.
BTW, CA etrust AV has 2 scanning engines. The Innoculateit engineflags the file while the vet engine does not. This may indeed be AV related, but for now I must assume a virus is present until I am 100% sure. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
I understand your caution. I would suggest that you send a "Contact Us" message to the project team (go to any non-forum page and click "Contact Us" to initiate it). I would include your phone number as I know they are anxious to address any virus issues. By the way -- I did an MD5 on my copy and the sum came out as Viktors indicated.
Good luck. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Chris --
I've been following this conversation and cannot add anything to it, but I have sent an e-mail to the project team asking that they become involved with you. Hopefully one of them will be available to work with you. I tried to contact Viktors by telephone and it appears that he is out of the office somewhere. Best Regards, |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Hello cmosentine,
----------------------------------------Just an update. Viktors has tried to talk with your antivirus supplier about their heuristic checking method, but they want money upfront, so he will try to find another way to contact them. The business, as usual. Added: But for your comfort, the program is downloaded over an encrypted link and has to have the correct checksum (as computed by MD5) or UD.exe will kill it and download a replacement over the link. So this seems most likely a problem with the antivirus heuristic engine. mycrofth [Edit 1 times, last edit by Former Member at Dec 8, 2005 11:50:38 PM] |
||
|
|
cmosentine
Cruncher Joined: Dec 31, 2004 Post Count: 8 Status: Offline Project Badges:
|
Hi everyone: THANKS SO MUCH for all the input and help on this. I am pretty sure this is a CA Antivirus false positive detection. I really appreciate the effort. Will keep the work units rolling.
Chris |
||
|
|
|