Pages: [1]
glaesum
BOINCstats SOFA member
BAM!ID: 9069
Joined: 2006-10-16
Posts: 768
Credits: 836,678
World-rank: 233,265

2011-03-04 01:44:28

a full scan on my system with Microsoft Security Essentials (MSE) thinks the zip folder "chp-0.1.1.13-create hidden process.zip" is a 'potential threat'. Is this a bona-fide Boinc utility and is it necessary or vital to be there? It would be nice to know if the warning is safe to ignore, thanks.
Jeff17
 
Tester - BOINCstats SOFA member
BAM!ID: 47291
Joined: 2008-03-03
Posts: 441
Credits: 11,393,676,907
World-rank: 360

2011-03-04 04:44:47

glaesum wrote:
a full scan on my system with Microsoft Security Essentials (MSE) thinks the zip folder "chp-0.1.1.13-create hidden process.zip" is a 'potential threat'. Is this a bona-fide Boinc utility and is it necessary or vital to be there? It would be nice to know if the warning is safe to ignore, thanks.


Just based on the file name it looks like it could be a real threat. Which BOINC folder is it in? If it is really from a project that is a horrible name to have chosen.
BAM!ID: 64136
Joined: 1970-01-01
Posts: 0
Credits: 0
World-rank: 0

2011-03-04 10:02:14

@glaesum:

If you want to do an extra scan on that file, you could upload the file here for threat scanning.

glaesum
BOINCstats SOFA member
BAM!ID: 9069
Joined: 2006-10-16
Posts: 768
Credits: 836,678
World-rank: 233,265

2011-03-04 19:14:03
last modified: 2011-03-04 19:44:00

Crystal Pellet wrote:
@glaesum:
If you want to do an extra scan on that file, you could upload the file here for threat scanning.

thnx CP, I tried that. Sorry I should also have said I'm running boinc 6.10.58 and the zip file is in the boinc root folder.
I'll PM you something SOFA related which might explain why I have this and the contents of the read.me file.

Virustotal response is thus:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: d8cd05308fd2ad6e768945e3b02ce6e5
Date first seen: 2008-07-25 20:37:52 (UTC)
Date last seen: 2010-12-16 09:32:57 (UTC)
Detection ratio: 6/43
no comments from VT community
6/43 = 14% of a/v progs reported it ~
these were: Avast5, MSE, NOD32, Rising, Symantec, VIPRE (no other majors like sophos, kapersky, AVG, TrendMicro etc. were worried)

one file contains a "GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007"
all files are dated 19th or 28th oct 2007.
magyarficko
 
BAM!ID: 76666
Joined: 2009-10-30
Posts: 619
Credits: 287,367,952
World-rank: 5,510

2011-03-05 06:18:00
last modified: 2011-03-05 06:25:47

The program is NOT a virus as such, however it can be used for "nasty" purposes. Essentially, if you didn't install it yourself it shouldn't be there.

I use this program to create hidden processes, just as the executable name implies. I use it to run command line batch files to run BOINC Command scripts without opening a command.com window on my desktop. See more here ...


http://www.commandline.co.uk/chp/

http://img684.imageshack.us/f/chpyy.jpg/




Pages: [1]

Index :: BOINC :: MSE scan thinks 'Create Hidden Process' a threat
Reason: