AVG detecting/blocking Milkyway App due to malware/virus?

Author	Message
ncoded.com Send message Joined: 26 Mar 17 Posts: 8 Credit: 391,928,170 RAC: 0	Message 66349 - Posted: 3 May 2017, 19:55:57 UTC Last modified: 3 May 2017, 20:24:02 UTC Hi, In the last hour, AVG has starting blocking/detecting Viruses/Malware in the NVidia app. Original file name: milkyway_1.46_windows_x86_64__opencl_nvidia_101.exe Original folder: C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway Size of file: 1184768 Category: Infected files Virus description: IDP.ARES.Generic Please note that this machine was nearly built and had a fresh install of Windows a couple of weeks ago. We have two machines, E5-2683v3-1 and E5-2683v3-2, exactly the same, both running the NVidia app so we are not sure why one would be detecting viruses but not the other. To be safe, until this can be resolved Milkyway will have to be blocked across all machines. The GPUs we are running on MW on these two machines are three GTX 970's, and sometimes a GTX 1080. Could someone advise us on this? ID: 66349 · Rating: 0 · rate: / Reply Quote

mikey Send message Joined: 8 May 09 Posts: 3339 Credit: 524,010,781 RAC: 0	Message 66360 - Posted: 4 May 2017, 10:20:15 UTC - in response to Message 66349. Hi, In the last hour, AVG has starting blocking/detecting Viruses/Malware in the NVidia app. Original file name: milkyway_1.46_windows_x86_64__opencl_nvidia_101.exe Original folder: C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway Size of file: 1184768 Category: Infected files Virus description: IDP.ARES.Generic Please note that this machine was nearly built and had a fresh install of Windows a couple of weeks ago. We have two machines, E5-2683v3-1 and E5-2683v3-2, exactly the same, both running the NVidia app so we are not sure why one would be detecting viruses but not the other. To be safe, until this can be resolved Milkyway will have to be blocked across all machines. The GPUs we are running on MW on these two machines are three GTX 970's, and sometimes a GTX 1080. Could someone advise us on this? Do an exception to not scan or check the Boinc directories, this is pretty normal with lots of new updates, it's most likely a false positive due to the way Boinc works. If you add the exception any false positive will be ignored and any REAL virus trying to get out of the Boinc directories will still get caught. You need to do the exception for the hidden Boinc directory located at c:/program data/Boinc as that's where all the projects folders are. ID: 66360 · Rating: 0 · rate: / Reply Quote

ncoded.com Send message Joined: 26 Mar 17 Posts: 8 Credit: 391,928,170 RAC: 0	Message 66366 - Posted: 4 May 2017, 14:04:53 UTC - in response to Message 66360. Hi Mikey, Thanks for your advice. I took a HASH of both files and they are (binary) identical. And yet AVG reports one as having a virus, and the other as not. So I guess the proves the issue is with AVG rather than this exe file. ID: 66366 · Rating: 0 · rate: / Reply Quote

Jesse Viviano Send message Joined: 4 Feb 11 Posts: 86 Credit: 60,913,150 RAC: 0	Message 66370 - Posted: 4 May 2017, 23:09:32 UTC Submit the false positive at https://secure.avg.com/submit-sample. ID: 66370 · Rating: 0 · rate: / Reply Quote

ncoded.com Send message Joined: 26 Mar 17 Posts: 8 Credit: 391,928,170 RAC: 0	Message 66387 - Posted: 5 May 2017, 19:21:45 UTC Thank you Jesse, that would seem a useful thing to do. ID: 66387 · Rating: 0 · rate: / Reply Quote