NOD32 3 says Virus in file!

Message boards : Number crunching : NOD32 3 says Virus in file!

To post messages, you must log in.

1 · 2 · Next

AuthorMessage
stoneysilence

Send message
Joined: 4 May 07
Posts: 13
Credit: 401,055
RAC: 0
Message 51210 - Posted: 7 Feb 2008, 2:08:15 UTC
Last modified: 7 Feb 2008, 2:16:10 UTC

2/6/2008 11:55:38 AM HTTP filter file http://srv1.bakerlab.org/rosetta/download/minirosetta_1.06_windows_intelx86.exe probably a variant of Win32/Statik application connection terminated - quarantined Eric-PCEric Threat was detected upon access to web by the application: C:Boincboinc.exe.

Came home this afternoon to find my AV Nod32 3.0 saying it had caught a virus trying to enter through HTTP with the above Info.

I submitted the file to ESET for "review". Anybody else see this happen running Rosetta?

EDIT: Well I did a bit more investigating and Boinc redownloaded the file 2 minutes later in which NOD32 didn't have a problem with. I had NOD32 rescan that file again and it found nothing.

Kinda weird that the first file it tried to download got caught with a "virus" and the second time 2 minutes later had no problems.
ID: 51210 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
djbill

Send message
Joined: 2 Apr 07
Posts: 4
Credit: 497,047
RAC: 0
Message 51229 - Posted: 7 Feb 2008, 22:41:31 UTC

Some problem during download the application with nod32 security suite 3.0

http://img168.imageshack.us/img168/9397/87912986df6.jpg
ID: 51229 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
PaperDragon
Avatar

Send message
Joined: 22 Mar 06
Posts: 17
Credit: 2,461,169
RAC: 0
Message 51230 - Posted: 7 Feb 2008, 23:04:22 UTC

False positives occasionally happen with work units from most projects.

To the virus scanner, the work unit is just random data. Given enough work units, you will get the occasional string of bits that a virus scanner has in its databbase flagged as a virus.

Work units should be safe, since they are only read and analysed by another program.
ID: 51230 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Michael

Send message
Joined: 9 Jan 08
Posts: 1
Credit: 374
RAC: 0
Message 51231 - Posted: 7 Feb 2008, 23:07:42 UTC
Last modified: 7 Feb 2008, 23:54:24 UTC

Can somebody reassure me that it's ok to run this
programme as my anti-virus(Nod32) is reporting minirosetta 1.07 as "probably a variant of Win32/Statik application"
Thanks in advance
Mick Dunn
ID: 51231 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Kosh

Send message
Joined: 23 Jun 06
Posts: 3
Credit: 465,525
RAC: 0
Message 51233 - Posted: 8 Feb 2008, 0:33:40 UTC - in response to Message 51229.  

Some problem during download the application with nod32 security suite 3.0

http://img168.imageshack.us/img168/9397/87912986df6.jpg


I also got similar virus warning with nod32 2.7.
ID: 51233 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mod.Sense
Volunteer moderator

Send message
Joined: 22 Aug 06
Posts: 4018
Credit: 0
RAC: 0
Message 51237 - Posted: 8 Feb 2008, 14:16:14 UTC

What specific filename does it flag?
Rosetta Moderator: Mod.Sense
ID: 51237 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
djbill

Send message
Joined: 2 Apr 07
Posts: 4
Credit: 497,047
RAC: 0
Message 51238 - Posted: 8 Feb 2008, 14:19:21 UTC - in response to Message 51237.  

What specific filename does it flag?


minirosetta_1.07_windows_x86_64.exe
ID: 51238 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mod.Sense
Volunteer moderator

Send message
Joined: 22 Aug 06
Posts: 4018
Credit: 0
RAC: 0
Message 51239 - Posted: 8 Feb 2008, 14:22:29 UTC
Last modified: 8 Feb 2008, 14:24:32 UTC

Sorry, I hadn't looked at the referenced image yet.

The file refereneced is the application executable for minirosetta

I've notified DK with this information.
Rosetta Moderator: Mod.Sense
ID: 51239 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
P . P . L .

Send message
Joined: 20 Aug 06
Posts: 581
Credit: 4,865,274
RAC: 0
Message 51247 - Posted: 8 Feb 2008, 20:55:38 UTC

I just D/L the 1.07.exe and A.V.G. is fine with it.

pete.

ID: 51247 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
stoneysilence

Send message
Joined: 4 May 07
Posts: 13
Credit: 401,055
RAC: 0
Message 51253 - Posted: 9 Feb 2008, 0:48:27 UTC

I just got another hit from NOD32 3 on another file:
2/8/2008 3:35:19 PM HTTP filter file http://srv1.bakerlab.org/rosetta/download/minirosetta_1.07_windows_intelx86.exe probably a variant of Win32/Statik application connection terminated - quarantined Eric-PCEric Threat was detected upon access to web by the application: C:Boincboinc.exe.

However again it downloaded a few minutes later with no problems. I again submitted the file to ESET. Very strange since NOD32 is very well known for it never having false positives.
ID: 51253 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Luuklag

Send message
Joined: 13 Sep 07
Posts: 262
Credit: 4,171
RAC: 0
Message 51299 - Posted: 10 Feb 2008, 12:31:23 UTC - in response to Message 51253.  

I just got another hit from NOD32 3 on another file:
2/8/2008 3:35:19 PM HTTP filter file http://srv1.bakerlab.org/rosetta/download/minirosetta_1.07_windows_intelx86.exe probably a variant of Win32/Statik application connection terminated - quarantined Eric-PCEric Threat was detected upon access to web by the application: C:Boincboinc.exe.

However again it downloaded a few minutes later with no problems. I again submitted the file to ESET. Very strange since NOD32 is very well known for it never having false positives.


everyone makes mistakes, so also nod32, i never encountered this with my norton, or with adaware.
so this must be a nod32 error.
ID: 51299 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
JohnG

Send message
Joined: 22 Jul 07
Posts: 3
Credit: 1,076,801
RAC: 0
Message 51304 - Posted: 10 Feb 2008, 18:21:43 UTC - in response to Message 51195.  

Please post any bugs regarding the new minirosetta application here.

Getting a virus warning from my NOD32 antivirus system regarding minirosetta.The message reads Time Module Object Name Threat Action User Information
10/02/2008 13:03:36 PM IMON file http://srv3.bakerlab.org/rosetta/download/minirosetta_1.07_windows_x86_64.exe probably a variant of Win32/Statik application John-PCJohn
Can you shed some light on this problem ????
ID: 51304 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Paul

Send message
Joined: 29 Oct 05
Posts: 193
Credit: 65,847,569
RAC: 1,229
Message 51316 - Posted: 11 Feb 2008, 2:55:59 UTC - in response to Message 51304.  

Please post any bugs regarding the new minirosetta application here.

Getting a virus warning from my NOD32 antivirus system regarding minirosetta.The message reads Time Module Object Name Threat Action User Information
10/02/2008 13:03:36 PM IMON file http://srv3.bakerlab.org/rosetta/download/minirosetta_1.07_windows_x86_64.exe probably a variant of Win32/Statik application John-PCJohn
Can you shed some light on this problem ????


It looks like someone found some interesting info on this false positive in another message thread.

https://boinc.bakerlab.org/rosetta/forum_thread.php?id=3934&nowrap=true#51314

It looks like it may only be an issue for part of the scanner.

Paul
Thx!

Paul

ID: 51316 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
KALIK

Send message
Joined: 27 Jan 06
Posts: 1
Credit: 319,217
RAC: 0
Message 51392 - Posted: 14 Feb 2008, 7:08:34 UTC

My antivirus NOD32 reperted that http://srv3.bakerlab.org/rosetta/download/minirosetta_1.07_windows_intelx86.exe
probably contain virus Win32/Statik.
ID: 51392 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Ubiknoir

Send message
Joined: 6 Sep 06
Posts: 1
Credit: 149,823
RAC: 0
Message 51395 - Posted: 14 Feb 2008, 13:36:36 UTC

Concerning minirosetta...
My antivirus software detected in it a potential threat... don't know if you're infected and therefore your files are, or if this is a false positive due to a particular signature in the file...
Hope it's a false positive!
Cheers
Ubiknoir
ID: 51395 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Greg_BE
Avatar

Send message
Joined: 30 May 06
Posts: 5664
Credit: 5,790,217
RAC: 2,454
Message 51403 - Posted: 14 Feb 2008, 19:14:41 UTC - in response to Message 51395.  
Last modified: 14 Feb 2008, 19:15:17 UTC

use avg free, just as good or better and none of these errors
ive seen things that Avg picks up on that NOD won't virus wise
avg makes for virus free operations and smooth running for rossie no matter what the program
Concerning minirosetta...
My antivirus software detected in it a potential threat... don't know if you're infected and therefore your files are, or if this is a false positive due to a particular signature in the file...
Hope it's a false positive!
Cheers
Ubiknoir

ID: 51403 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile David E K
Volunteer moderator
Project administrator
Project developer
Project scientist

Send message
Joined: 1 Jul 05
Posts: 1018
Credit: 4,334,829
RAC: 0
Message 51404 - Posted: 14 Feb 2008, 20:00:16 UTC

it's a false positive. I contacted ESET about it and they told me to email their developer group and I did. I'm waiting to hear back from them. I'd send them complaints through whatever channels are available so they are alerted to the problem and hopefully do something about it. You can disable the web scanning for boinc.exe or add our site to be skipped in the NOD32 configuration settings.
ID: 51404 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
stoneysilence

Send message
Joined: 4 May 07
Posts: 13
Credit: 401,055
RAC: 0
Message 51410 - Posted: 15 Feb 2008, 5:31:32 UTC - in response to Message 51403.  
Last modified: 15 Feb 2008, 5:32:22 UTC

I have gotten several Minirosetta's today with no warnings from my AV so I am guessing they fixed it.

use avg free, just as good or better and none of these errors
ive seen things that Avg picks up on that NOD won't virus wise
avg makes for virus free operations and smooth running for rossie no matter what the program


AVG sucks. It takes more ram, is slower and in tests has more false positives on average then NOD32 does.
In this test AVG catches 25% of the stuff while NOD32 catches 71%
http://www.av-comparatives.org/seiten/ergebnisse_2007_11.php
In the pure Virus test they come out neck and neck (except Polymorphic Virus' in which AVG misses a lot):
http://www.av-comparatives.org/seiten/ergebnisse_2007_08.php

And again at another 3rd party AV testing site NOD32 out does AVG:
http://www.checkvir.com/index.php?CN=30.3.69&CIE=0

And again NOD32 outdoes AVG in another 3rd party AV tester as well (to see any of the detailed results requires free registration):
http://www.virusbtn.com/vb100/index

I can go on. I did a lot of research before buying a AV. NOD32 is hands down the BEST AV out there when compared as a whole package (ram usage, speed, false positives, catches, cleaning, etc...).

This is the first time I have ever had a false positive with NOD32 and have been using it for about a 8 months now. Wouldn't go back to AVG even if they gave it away for free. Wait, they do! Still would rather pay $40 for NOD32. You get what you pay for.
ID: 51410 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Klimax

Send message
Joined: 27 Apr 07
Posts: 38
Credit: 2,524,105
RAC: 39
Message 51422 - Posted: 16 Feb 2008, 6:27:13 UTC - in response to Message 51410.  

I have gotten several Minirosetta's today with no warnings from my AV so I am guessing they fixed it.

use avg free, just as good or better and none of these errors
ive seen things that Avg picks up on that NOD won't virus wise
avg makes for virus free operations and smooth running for rossie no matter what the program


AVG sucks. It takes more ram, is slower and in tests has more false positives on average then NOD32 does.
In this test AVG catches 25% of the stuff while NOD32 catches 71%
http://www.av-comparatives.org/seiten/ergebnisse_2007_11.php
In the pure Virus test they come out neck and neck (except Polymorphic Virus' in which AVG misses a lot):
http://www.av-comparatives.org/seiten/ergebnisse_2007_08.php

And again at another 3rd party AV testing site NOD32 out does AVG:
http://www.checkvir.com/index.php?CN=30.3.69&CIE=0

And again NOD32 outdoes AVG in another 3rd party AV tester as well (to see any of the detailed results requires free registration):
http://www.virusbtn.com/vb100/index

I can go on. I did a lot of research before buying a AV. NOD32 is hands down the BEST AV out there when compared as a whole package (ram usage, speed, false positives, catches, cleaning, etc...).

This is the first time I have ever had a false positive with NOD32 and have been using it for about a 8 months now. Wouldn't go back to AVG even if they gave it away for free. Wait, they do! Still would rather pay $40 for NOD32. You get what you pay for.

Hmmm....Somehow you had to see some really old version,since I run in company AVG as primary AV and no problems even on very old computers(talking about 128-192MB) and it is not memory hog at any time.(Not even during tests.)

I watch those tests,but real experience tels me that 7.0 from start was able to fully clean computer of >20 with 100%(First job-virus and malware infested comp.)
We use AVG pro-costs maybe 10USD and never had to clean any computer again.(Sofar no virus made it to inbox and patched Windows and AVG will take care of rest...)

Oh,by the way it does catch even potencially unwanted programs like certain adware,hack-tools,flooders(of any service) and so on.

And never ever there was false positive or false negative!
So you might do yourself a favour and try it before bashing...

(You see I have not said anything about NOD because I never used it and never saw in action.)
ID: 51422 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
stoneysilence

Send message
Joined: 4 May 07
Posts: 13
Credit: 401,055
RAC: 0
Message 51492 - Posted: 18 Feb 2008, 23:31:03 UTC - in response to Message 51422.  

Hmmm....Somehow you had to see some really old version,since I run in company AVG as primary AV and no problems even on very old computers(talking about 128-192MB) and it is not memory hog at any time.(Not even during tests.)

I watch those tests,but real experience tels me that 7.0 from start was able to fully clean computer of >20 with 100%(First job-virus and malware infested comp.)
We use AVG pro-costs maybe 10USD and never had to clean any computer again.(Sofar no virus made it to inbox and patched Windows and AVG will take care of rest...)

Oh,by the way it does catch even potencially unwanted programs like certain adware,hack-tools,flooders(of any service) and so on.

And never ever there was false positive or false negative!
So you might do yourself a favour and try it before bashing...

(You see I have not said anything about NOD because I never used it and never saw in action.)


I have used it, never said I didn't. Used it for about a year before buying NOD32. Used the latest version available. Only benefit of AVG is it is free and that is the only reason why I would recommend somebody use it.
ID: 51492 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
1 · 2 · Next

Message boards : Number crunching : NOD32 3 says Virus in file!



©2024 University of Washington
https://www.bakerlab.org