Welcome to MilkyWay@home

MILKYWAY_NBODY_0.03_WINDOWS_X86_64.EXE is a SpyWare?!!!

Message boards : Application Code Discussion : MILKYWAY_NBODY_0.03_WINDOWS_X86_64.EXE is a SpyWare?!!!
Message board moderation

To post messages, you must log in.

AuthorMessage
MayDay.SPb.RU

Send message
Joined: 21 Jul 10
Posts: 8
Credit: 70,984
RAC: 0
Message 41675 - Posted: 22 Aug 2010, 22:51:33 UTC

Today, my Kaspersky Internet Security 2010 prevent read my WebMoney coockie file from personal coockies folder IE8.

KIS2010 has given out the message:
MILKYWAY_NBODY_0.03_WINDOWS_X86_64.EXE attepmt to read protected file in group 'Personal Data'.
File:
D:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@webmoney[1].txt
Sequence of start:
Run Once Wrapper > BOINC Manager for Windows > BOINC Client

D:\ProgramData\BOINC\PROJECTS\MILKYWAY.CS.RPI.EDU_MILKYWAY\MILKYWAY_NBODY_0.03_WINDOWS_X86_64.EXE 3820 projects/milkyway.cs.rpi.edu_milkyway/milkyway_nbody_0.03_windows_x86_64.exe -f json_parameters.txt -h histogram.txt --seed 634624 -np 4 -p 21.0507342998150050000000000 0.2329108663577818500000000 3.9518472752025870000000000 3.8717080194641730000000000

WHAT IS IT ?!!!!!

I have suspended participation in project before finding-out of the reasons
ID: 41675 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile arkayn
Avatar

Send message
Joined: 14 Feb 09
Posts: 999
Credit: 74,932,619
RAC: 0
Message 41676 - Posted: 22 Aug 2010, 23:22:03 UTC

Anti-virus and anti-spyware software are always coming up with wrong info on the applications, they are not spyware or virus.

Your best bet is to exclude the BOINC Data folder from scans as the scans can cause application crashes.


ID: 41676 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile banditwolf
Avatar

Send message
Joined: 12 Nov 07
Posts: 2425
Credit: 524,164
RAC: 0
Message 41677 - Posted: 22 Aug 2010, 23:29:21 UTC

This happens with newer programs.
Doesn't expecting the unexpected make the unexpected the expected?
If it makes sense, DON'T do it.
ID: 41677 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
MayDay.SPb.RU

Send message
Joined: 21 Jul 10
Posts: 8
Credit: 70,984
RAC: 0
Message 41679 - Posted: 22 Aug 2010, 23:56:10 UTC - in response to Message 41676.  

IMHO, arkayn, you wrong

In this case it's not mistake response on spyware signature.
I running untrusted application in sandsink of KIS2010 and BIONC Manager has been started also. KIS2010 sandsink hook syscals and watch to action of applications.

P.S. MILKYWAY_NBODY_0.03_WINDOWS_X86_64.EXE has been last automatically update at 2010-08-19
ID: 41679 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Matt Arsenault
Volunteer moderator
Project developer
Project tester
Project scientist

Send message
Joined: 8 May 10
Posts: 576
Credit: 15,979,383
RAC: 0
Message 41681 - Posted: 23 Aug 2010, 0:53:29 UTC - in response to Message 41679.  

Antivirus programs aren't that smart. I actually think this is pretty funny. I've never written malware before! I've reported it as a false positive to Kaspersky.

All of the code is here if you really want to check for yourself http://github.com/Milkyway-at-home/milkywayathome_client
ID: 41681 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Matt Arsenault
Volunteer moderator
Project developer
Project tester
Project scientist

Send message
Joined: 8 May 10
Posts: 576
Credit: 15,979,383
RAC: 0
Message 41684 - Posted: 23 Aug 2010, 1:36:01 UTC - in response to Message 41681.  

I'm also not getting any warnings from Kaspersky when I try.
ID: 41684 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Matt Arsenault
Volunteer moderator
Project developer
Project tester
Project scientist

Send message
Joined: 8 May 10
Posts: 576
Credit: 15,979,383
RAC: 0
Message 41688 - Posted: 23 Aug 2010, 4:01:48 UTC - in response to Message 41684.  

The Kaspersky people responded:

Hello,

We were unable to reproduce the detection.
Please update your antivirus bases.
If the problem persists, please send a screenshot of detection.

Please quote all when answering.
-----------------
Regards, Baranov Artiom
Virus Analyst, Kaspersky Lab.
ID: 41688 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
MayDay.SPb.RU

Send message
Joined: 21 Jul 10
Posts: 8
Credit: 70,984
RAC: 0
Message 41694 - Posted: 23 Aug 2010, 11:35:18 UTC

Please, those who doesn't know how to anti-virus products work and don't understand a difference between the anti-virus monitor and the control application monitor, don't flood here.

Question to code experts:
Whether it is possible, what someone uses the MILKYWAY_NBODY_0.03_WINDOWS_X86_64 as backdoor?
ID: 41694 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
MayDay.SPb.RU

Send message
Joined: 21 Jul 10
Posts: 8
Credit: 70,984
RAC: 0
Message 41695 - Posted: 23 Aug 2010, 11:43:08 UTC - in response to Message 41688.  

Thnx, Matt!

I will necessarily communicate with experts in safety of Kaspersky Lab and I will send them alarm screenshot & log file.
ID: 41695 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Haris Dublas

Send message
Joined: 25 Feb 10
Posts: 49
Credit: 10,137,837
RAC: 0
Message 41699 - Posted: 23 Aug 2010, 16:27:23 UTC

PC Tools, Avast and Avira didnt detect anything.
ID: 41699 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
MayDay.SPb.RU

Send message
Joined: 21 Jul 10
Posts: 8
Credit: 70,984
RAC: 0
Message 41702 - Posted: 23 Aug 2010, 18:54:40 UTC - in response to Message 41699.  

Once again I repeat - don't confuse the anti-virus monitor to the control application monitor.
ID: 41702 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Haris Dublas

Send message
Joined: 25 Feb 10
Posts: 49
Credit: 10,137,837
RAC: 0
Message 41717 - Posted: 24 Aug 2010, 5:38:28 UTC

You are just assuming that we didnt do a full system scan on our PCs. I even tried the online scanner of Bitdefender. MBAM also didnt detect anything.
ID: 41717 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
MayDay.SPb.RU

Send message
Joined: 21 Jul 10
Posts: 8
Credit: 70,984
RAC: 0
Message 41722 - Posted: 24 Aug 2010, 15:13:28 UTC - in response to Message 41717.  

Haris, are you really don't understand about what speech or are you scoff?
ID: 41722 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Mutiny32*

Send message
Joined: 13 Aug 10
Posts: 15
Credit: 122,278
RAC: 0
Message 41735 - Posted: 25 Aug 2010, 4:05:58 UTC - in response to Message 41722.  

Fine. You want a reply? It's the way the json handler scans your appdata folder for relevant pieces of the app and data. There's your answer. If you weren't so busy arguing semantics and being generally obtuse, you could have looked through the github repo and found that information in the source code.
ID: 41735 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
MayDay.SPb.RU

Send message
Joined: 21 Jul 10
Posts: 8
Credit: 70,984
RAC: 0
Message 41753 - Posted: 26 Aug 2010, 10:10:08 UTC - in response to Message 41735.  

Really? Therefore subj attempt to read not to something, but namely to cookie file of WebMoney??? LOL!
I have no time and desire to investigate a project code on vulnerability
ID: 41753 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Len LE/GE

Send message
Joined: 8 Feb 08
Posts: 261
Credit: 104,050,322
RAC: 0
Message 41757 - Posted: 26 Aug 2010, 17:03:34 UTC

Smells like you got caught by a Trojan ... ZBOT variant from 1 or 2 month ago?

Advice 1: Full system scan with more than 1 AV tool and check for rootkits too

Advice 2: Change your browser (IE8) and email program to a more secure one.
ID: 41757 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Mutiny32*

Send message
Joined: 13 Aug 10
Posts: 15
Credit: 122,278
RAC: 0
Message 41764 - Posted: 26 Aug 2010, 18:43:37 UTC - in response to Message 41757.  

Ah, good 'ol Zbot.
ID: 41764 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote

Message boards : Application Code Discussion : MILKYWAY_NBODY_0.03_WINDOWS_X86_64.EXE is a SpyWare?!!!

©2024 Astroinformatics Group