Pages: [1]
BAM!ID: 79444
Joined: 2009-12-30
Posts: 9
Credits: 15,088,836
World-rank: 33,267

2010-12-21 18:08:51

I got the following message from my Trend Micro Antivirus progam today;
12/21/2010 12:44 AM,C:\ProgramData\BOINC\projects\\setiathome_6.03_windows_intelx86.exe,TROJ_GEN.FA2CZLJ,Threat,Removed

I did a check of the Bonic and Seti forums and found that others are having the same problem on the SETI forums and volunteers' are saying that it is a false positive yet there is not a single post by Bonic/SETI employee addressing the posts. I have been running SETI since long before there was Bonic and I have been running Trend Micro as my Antivirus for almost the same amount of time and I have never until today gotten any messages as to a problem with any SETI file. I would like to hear for a Bonic/SETI employee on this either by e-mail to the address linked to my account or here in the forums. Until such time as I get a satisfactory answer from same I can not allow SETI to run on my computer. I work as a video game designer for a large wintery weather company, WoW it sure is cold if you catch my drift, and since I run upcoming patches of Cataclysmic import I must put system and job security first.
BAM!ID: 13859
Joined: 2006-12-03
Posts: 827
Credits: 173,737,941
World-rank: 5,668

2010-12-22 03:39:07
last modified: 2010-12-22 03:39:23

Ah, so you're one of the evil geniuses who drain our lives away...
BAM!ID: 79444
Joined: 2009-12-30
Posts: 9
Credits: 15,088,836
World-rank: 33,267

2010-12-22 06:45:59
last modified: 2010-12-22 06:47:07

I would not say I'm a genius, I'm just EVIL life drainer! (insert evil laugh track here)
BAM!ID: 76666
Joined: 2009-10-30
Posts: 619
Credits: 287,367,952
World-rank: 3,969

2010-12-22 10:05:15
last modified: 2010-12-22 10:08:25

QuestorWI wrote:
... I can not allow SETI to run on my computer.

I would have to agree with you, BUT ONLY for the reasons you yourself stated.
I must put system and job security first.

HOWEVER, having said that ... I would also echo the sentiments already expressed in multiple replies over at the SETI forums -- namely, that this most likely is a situation of a "false positive".

You should understand that typically a project's executable file is not downloaded to your machine every time you get a new work unit from them. It is only downloaded once when you attach to the project, and after that ONLY when the excutable is updated (not since 21 Aug 2008 in the case of this one) or any time you reset or re-attach to the project. What that means is the file in question has likely been resident on your host for several weeks (if not several months or more -- when was the last time you attached or reset?).

So either one of two things has happened. The file became infected AFTER it was installed on your machine -- which implies infection from another source resident on your machine, OR (much more likely) it was suddenly marked by your AV as being infected because your AV signature data base was updated to include this file for some reason -- a false positive.

If you only received a warning for that one lone file from Trend Micro (as your post seems to imply) I highly suspect a "false positive". Typically, if you had a genuine infection, you would see multiple warnings from Trend Micro. One for the actual payload (executable) file, one or two (or more) for various keys in your Windows Registry where this executable starts up, at least one for the memory resident portion of the virus, and more for the other crucial Windows dll's that virii typically infect. In other words, if you really had a virus or trojan, you would expect to see anywhere from a half-dozen to hundreds of hits from your AV, not just the one executable.

With your concerns (as already stated), I would stop running SETI and isolate that host from any others on the same network. I would then submit the sample/quarantined file to Trend or whoever your AV supplier is for further analysis. I am willing to bet you will find that after complaints/reports from you, and others like you, that they will adjust/correct their "virus signature database" in a day or two and you will see these warnings disappear again after your next AV update.

Either way .. Good luck!

Pages: [1]

Index :: BOINC :: Virus Scan finds Trojan in SETI file