Counter Spy detected spyware in Boinc
Message boards : Number crunching : Counter Spy detected spyware in Boinc
| Author | Message |
|---|---|
yoner Send message Joined: 17 Sep 05 Posts: 10 Credit: 2,581,874 RAC: 0 |
Last night when CounterSpy ran, it detected spyware in the Boinc directory. C:Program FilesBOINCzlib1.dll is infected with Partypoker Misc. more info: Threat: PartyPoker Alias: Threat type: Misc - Anything (other than a document) not in another category, perhaps because it falls into mulitple categories, such as a tool suite. Advice: Keep Threat risk: Low Risk Low risk threats should not harm your machine or compromise your privacy and security unless they have been installed without your knowledge and consent. A low risk threat may be a program, network tool, or system utility that you knowingly and deliberately installed and that you wish to keep.Although some low risk programs may track online habits -- as provided for in a privacy policy or End User License Agreement (EULA) -- or display advertising within the applications themselves, these programs have only vague, minimal or negligible effects on your privacy. Low risk threats may also be cookies, which can be used to track your online activities, though without identifying you personally. Description: Author: NULL Author URL: Author description: File Signatures: process: partypokersetup.exe: MD5 Hash: d4fa65957c5d69b2c41... process: partygaming.exe: MD5 Hash: 6719f55809d22f886f1... process: runapp.exe: MD5 Hash: c3ed9f87d8753783a0e... .... Is it possible that the hash on this file happened to be the same, or is something very strange going on with Scientific Research??? 
|
 Dimitris HatzopoulosSend message Joined: 5 Jan 06 Posts: 336 Credit: 80,939 RAC: 0 |
Hmmm, I'm pretty sure it's a "false positive", one can't tell unless we know how CounterSpy works. BOINC is open-source software which anyone can inspect and/or compile for himself and I think it's safe to say that BOINC has no affiliation with Partypoker. Best UFO Resources Wikipedia R@h How-To: Join Distributed Computing projects that benefit humanity |
KSMarksPsych Send message Joined: 15 Oct 05 Posts: 199 Credit: 22,337 RAC: 0 |
FWIW, the same thing was reported on Einstein... This thread. Unless you are the same person with two different screen names, then it's not the same thing... :) Kathryn [edit]added a very important word to clarify[/edit] Kathryn :o) The BOINC FAQ Service The Unofficial BOINC Wiki The Trac System More BOINC information than you can shake a stick of RAM at. |
|
Keith E. Laidig Volunteer moderator Project developer  Send message Joined: 1 Jul 05 Posts: 154 Credit: 117,189,961 RAC: 0 |
Folks, zlib1.dll is the dynamic library for file compression used by R@H on the Windows platform. It is supposed to be there. I don't know if E@H uses the Zlib compression algorithm (or if PartyPoker.net does, for that matter). |
|
Bob Guy Send message Joined: 7 Oct 05 Posts: 39 Credit: 24,895 RAC: 0 |
Looking around in other Boinc threads led me to this explanation of the problem and a possible solution. It is possible (they say) that any of the graphics displayed on the forum pages can be made to contain a process whereby certain malware can be put into your computer without your knowledge or permission. These graphics include any pictures in the text area and the signatures and avatars. This apparently has to do with vulnerabilities in the code used to create and display the forums. The solution is to go to your forum preferences (from Boinc manager or from the front page of the project) and turn off the display of forum (text area) graphics and avatars and signatures. I really don't know if the graphics can do this but I've turned mine off just to be safe. Regarding the zlib1.dll: I believe that if you delete the zlib1 a Boinc project that requires it will download a new one. Or, you can get a new (clean) one directly from Microsoft or from the zlib project here - look for 'zlib compiled DLL, version 1.2.3' download somewhere near the middle of the page. You can get a new zlib1.dll and copy it to your Boinc folder. The file from zlib.net is the exact same file but has a different date than the one from Boinc. |
The Pirate Send message Joined: 22 Sep 05 Posts: 20 Credit: 7,090,933 RAC: 0 |
Get Webroot's SpySweeper. It's the best one out there.  
|
Fuzzy Hollynoodles Send message Joined: 7 Oct 05 Posts: 234 Credit: 15,020 RAC: 0 |
Yes, and this was discussed over at Seti also http://setiathome.berkeley.edu/forum_thread.php?id=29085 Rom Walton, who actually is the very person, who's developing BOINC, answered there in the second post in the thread, that this is a part of BOINC and he has built the zlib1.dll himself. But read the whole thread yourselves. Geeeze! [b]"I'm trying to maintain a shred of dignity in this world." - Me[/b] 
|
|
Aurora Borealis Send message Joined: 7 Oct 05 Posts: 15 Credit: 352,300 RAC: 0 |
I would not suggest, this since the Boinc programmers have compiled their own zlib1.dll for a reason and the Microsoft version may cause some incompatibility. I personally have three programs on my computer using this DLL each is a different size indicating that they have been changed slightly to fit the programs requirement. My system is not infected with anything, and probably neither is yours. It is quite common for these 'Protection' programs to have fouls positive. Example: for more than a year Adaware insisted that Spybot SD was spyware. Questions? Answers are in the BOINC Wiki. Boinc V6.12.41 Win 7 i5 GPU Nvidia 470 |
|
Bob Guy Send message Joined: 7 Oct 05 Posts: 39 Credit: 24,895 RAC: 0 |
I would not suggest, this since the Boinc programmers have compiled their own zlib1.dll for a reason and the Microsoft version may cause some incompatibility. If you do a binary file compare (fc /b at a command prompt) with the Boinc file and the one from zlib.net you will find that they are identical. The reason I've suggested this is that if you suspect that your file might be compromised then this method might help to remove your suspicions or prove that your copy of zlib1 is legitimate. I would hope that all files that call themselves 'zlib1.dll' are functionally the same even if the compiled code might be slightly different. According to the license all compiled versions MUST be functionally identical or MUST have a different name. As to a different Microsoft version: you may be correct - I've long time ago stopped trusting Microsoft code. |
|
Fuzzy Hollynoodles Send message Joined: 7 Oct 05 Posts: 234 Credit: 15,020 RAC: 0 |
I would not suggest, this since the Boinc programmers have compiled their own zlib1.dll for a reason and the Microsoft version may cause some incompatibility. Will you trust the developer/programmer himself? http://setiathome.berkeley.edu/forum_thread.php?id=29085#263203 And another developer? http://setiathome.berkeley.edu/forum_thread.php?id=29085#267204 [b]"I'm trying to maintain a shred of dignity in this world." - Me[/b]
|
|
Bob Guy Send message Joined: 7 Oct 05 Posts: 39 Credit: 24,895 RAC: 0 |
Of course I trust the developers! But, the very first thing I did when I heard of this concern was to compare the zlib.net version, which I know to be good, with the Boinc version just to be sure. I've compiled various versions of the zip libraries for my own use in my own code so I have some experience there. I believe it is a false positive, but it wouldn't be the first time that some bad code got put into a computer by a virus or worm. It's better to check everything carefully and be suspicious than to just ignore it. |
Message boards :
Number crunching :
Counter Spy detected spyware in Boinc
©2024 University of Washington
https://www.bakerlab.org