Virus Gen:Variant.Kazy:367484
Message boards :
Problems and bug reports :
Virus Gen:Variant.Kazy:367484
Message board moderation
Author | Message |
---|---|
Send message Joined: 3 Nov 13 Posts: 2 Credit: 5,688,937 RAC: 0 |
Hello, Since some days, BitDefender antivirus detects a virus: Gen:Variant.Kazy:367484. By exemple in: asteroidsathome.net/boinc/downLoad/period_search_10210_windows_intelx86__sse3.exe. => no more job runs for asteroids on my computer. The others jobs for Boinc runs fine. What can I do ? Regards. 17/04/2014 12:22:36 | Asteroids@home | Incomplete read of 2076.000000 < 5KB for period_search_10210_windows_intelx86__sse3.exe - truncating 17/04/2014 12:22:36 | Asteroids@home | Finished download of period_search_10210_windows_intelx86__sse3.exe 17/04/2014 12:22:36 | Asteroids@home | Started download of input_101740_12 17/04/2014 12:22:36 | Asteroids@home | [error] File period_search_10210_windows_intelx86__sse3.exe has wrong size: expected 289792, got 0 17/04/2014 12:22:36 | Asteroids@home | [error] Checksum or signature error for period_search_10210_windows_intelx86__sse3.exe Bonjour, Depuis quelques jours, BitDefender bloque systématiquement les calculs envoyés par asteriods. Il détecte un virus de type Gen:Variant.Kazy:367484 Les autres jobs de Boinc se déroulent correctement. Que puis-je faire, sans désactiver l'anti-virus bien sûr !! Cordialement |
Send message Joined: 19 Jun 12 Posts: 221 Credit: 623,640 RAC: 0 |
Last modified: 17 Apr 2014, 16:38:36 UTC What can I do ? You are right, looks like some Antiviruses wrongly think that this file is 'bad': https://www.virustotal.com/en/file/a27ce3d8c5ca4d58bac5d95185b53277ddd2dde5e33f61e151bcc65b28062374/analysis/1397641270/ (I use ESET-NOD32 so have no problem) 1) First what you can do - as you are a customer of BitDefender - send them report about 'False Positive': - send them this file (or URL) for analysis: http://www.bitdefender.com/support/what-to-do-when-bitdefender-detects-legitimate-applications-491.html (if you (temporarily) Disable Bitdefender's real-time protection you will be able to manually Download the file using browser) 2) While you wait for response from BitDefender support you may (temporarily) do this: http://boincwiki.mundayweb.com/index.php?title=Add_the_BOINC_Data_directory_to_the_exclusions_of_my_antivirus_program 3) If the above is not enough to let BOINC contact asteroidsathome.net to get this file do what is written after "Also you can add a Firewall rule for an application" here: http://www.bitdefender.com/support/how-to-add-exceptions-1163.html "3. Browse to the application" means "find boinc.exe and tell BitDefender Firewall to allow all network/Internet communication that boinc.exe want to do" - ALF - "Find out what you don't do well ..... then don't do it!" :) |
Send message Joined: 3 Nov 13 Posts: 2 Credit: 5,688,937 RAC: 0 |
To BilBg Thank you for your answser. 1) => I send a report to Bitdefender. 2) => I add an exception in Bitdefender. 3) => I don't do that today, because boinc manage correctly the others projects. I will contact you again after the answser of Bitdefender. Merci encore. |
Send message Joined: 19 Jun 12 Posts: 221 Credit: 623,640 RAC: 0 |
Last modified: 30 Apr 2014, 3:02:04 UTC I just sent this to BitDefender Customer Care : False Positive on: period_search_10210_windows_intelx86__sse3.exe http://asteroidsathome.net/boinc/download/period_search_10210_windows_intelx86__sse3.exe The following files which do the same computing are declared 'clean': period_search_10210_windows_intelx86__sse2.exe period_search_10210_windows_intelx86.exe Files can be found here: http://asteroidsathome.net/boinc/download/ http://asteroidsathome.net/boinc/download/period_search_10210_windows_intelx86__sse2.exe http://asteroidsathome.net/boinc/download/period_search_10210_windows_intelx86.exe Problem noted here: http://asteroidsathome.net/boinc/forum_thread.php?id=286 https://www.virustotal.com/en/file/a27ce3d8c5ca4d58bac5d95185b53277ddd2dde5e33f61e151bcc65b28062374/analysis/ https://www.virustotal.com/en/file/cf289f8f60e3da1bcdb61007c318635d54a77ca8d0efdd792a62c4405809e6ec/analysis/ https://www.virustotal.com/en/file/7cae1da685be56dbaf440ee79ab387f6a25e8e996522a1a913b95e9fa4675f4d/analysis/ (I do the report on behalf of other user) - ALF - "Find out what you don't do well ..... then don't do it!" :) |
Send message Joined: 19 Jun 12 Posts: 221 Credit: 623,640 RAC: 0 |
Last modified: 3 May 2014, 19:58:28 UTC Answer from today: _________________ Date: 2014 May 3 05:43:21 EEST Dear BilBg, Please be informed that we are currently working on resolving your Customer Care request, ticket no: 20140430..., and will be getting back to you shortly. Thank you for your patience. Regards, Bitdefender Customer Care Team _________________ P.S. I have suspicion that all six Antiviruses which report 'Gen:Variant.Kazy.367484' are using the BitDefender engine. So if BitDefender removes the wrong detection the 'Detection ratio: 13 / 52' will fall to 'Detection ratio: 7 / 52' https://www.virustotal.com/en/file/a27ce3d8c5ca4d58bac5d95185b53277ddd2dde5e33f61e151bcc65b28062374/analysis/1399145129/ The remaining 7 Antiviruses are not 'famous' (Not used by many people, except McAfee and TrendMicro. But who uses McAfee or TrendMicro deserves to be bombed with the famous False Positives like 'Artemis!' or 'TROJ_GEN' which they give for many innocent programs) - ALF - "Find out what you don't do well ..... then don't do it!" :) |
Send message Joined: 19 Jun 12 Posts: 32 Credit: 5,725,862 RAC: 1,413 |
Dear BilBg, I use TrendMicro and do not have any problems with false positives on any BOINC projects. I used to use McAfee but it is not as good as it once was and is resource hungry. I would prefer if you bombed me with money so I can pay the electricity bill. Bombing me with false positives I haven't heard of (even from the company), or encountered (the problem you claim in your last sentence), will serve no purpose. Asteroids runs fine for me. Conan |
Send message Joined: 19 Jun 12 Posts: 221 Credit: 623,640 RAC: 0 |
"false positive identification of Windows systems files by Trend Micro Internet Security" http://www.zdnet.com/trend-micro-gives-false-positive-details-4010009280/ "Trend Micro Office Scan blocks uploads as malicious" http://setiathome.berkeley.edu/forum_thread.php?id=52047 "Trend Micro Office Scan reports TROJ_GEN.FA2CZLJ in BOINC file" http://setiathome.berkeley.edu/forum_thread.php?id=62433 "Trend Micro Anti-virus issues with boinc2 download" http://boinc.berkeley.edu/dev/forum_thread.php?id=3670 "3 different people had started 3 different threads already complaining how their Trend Micro would all of a sudden make a fuss of Seti's app" http://boinc.berkeley.edu/dev/forum_thread.php?id=6246&postid=36176#36176 http://community.trendmicro.com/t5/Malware-Discussions/OfficeScan-False-Positive/td-p/62042 http://www.wilderssecurity.com/threads/trendmicro-false-positive.348378/ I do not say that TrendMicro is the worst, there are many other (McAfee, Comodo, Norton, Kaspersky): http://setiathome.berkeley.edu/forum_thread.php?id=69133&postid=1276595#1276595 "AVG 2013 virus scanner false positive on SETI@home 7 for Windows" http://setiathome.berkeley.edu/forum_thread.php?id=71784&postid=1373641#1373641 I often see TrendMicro-HouseCall and McAfee-GW-Edition in the VirusTotal results: https://www.virustotal.com/en/file/110ad1536cef122e890ba0952600600cc767a229a196e5f5dd11b85195833a4f/analysis/1398152630/ https://www.virustotal.com/en/file/d29bcfa967c23c7264592576d62d95fa8c687e8662d19dccc73653a9efb6340d/analysis/1367663376/ - ALF - "Find out what you don't do well ..... then don't do it!" :) |
Send message Joined: 1 Jan 14 Posts: 302 Credit: 32,701,790 RAC: 2,815 |
Last modified: 4 May 2014, 13:06:25 UTC
AND McAfee is free for Verizon and some other smaller internet providers customers, so is used by ALOT of people. It used to be free for Comcast people too but I don't use them anymore so don't know. Using a free a/v is MUCH better then not using one at all. Personally I just exclude the Boinc directories from my a/v altogether, that way any false positives are ignored and any real virus that then tries to infect the rest of my system will get caught. I don't care if a Boinc project sends me a real virus as long as it stays in the Boinc set of directories, if it comes out it will get caught and stopped. If it doesn't then I got it from them anyway and they can have it back! MOST Boinc projects are VERY good at running a/v protection, they don't want US sending them a virus either. I was going to say all instead of most, but there could be that 0.01% that doesn't. |
Send message Joined: 19 Jun 12 Posts: 221 Credit: 623,640 RAC: 0 |
Last modified: 5 May 2014, 2:47:14 UTC If some project start to deliver a keylogger (or other form of info stealing) it does not need to spread (infect) outside the BOINC directory to do its 'job' ____________ Funny thing: - the EICAR test file http://en.wikipedia.org/wiki/EICAR_test_file ... have to be detected by all Antiviruses but some (McAfee among them) do not detect it when the file is in a .rar: https://www.virustotal.com/en/file/462996fa40509762ca96597fa1b2c6131abc847cfc0146828e53d13ea159e6a2/analysis/1399255625/ ... but detect it when in 'naked' form: https://www.virustotal.com/en/file/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f/analysis/1399255626/ EICAR test file (totally harmless file to test your Antivirus - expect a warning from it) https://secure.eicar.org/eicar.com.txt - ALF - "Find out what you don't do well ..... then don't do it!" :) |
Send message Joined: 1 Jan 14 Posts: 302 Credit: 32,701,790 RAC: 2,815 |
|
Send message Joined: 19 Jun 12 Posts: 32 Credit: 5,725,862 RAC: 1,413 |
"false positive identification of Windows systems files by Trend Micro Internet Security" Well that is all news to me, have not struck any of this. I use the Platinum version, perhaps that may be the reason. It has more of an overhead than normal version, perhaps doing a bit more work. I needed to do a small bit of extra work to set it up the way I wanted it to run, but now it is running fine. Each to their own I suppose. Conan |
Send message Joined: 19 Jun 12 Posts: 221 Credit: 623,640 RAC: 0 |
I found another much easier form for False Positive or False Negative report to BitDefender, "Sample or URL Submit": http://www.bitdefender.com/site/Main/automaticSampleUploader/ - ALF - "Find out what you don't do well ..... then don't do it!" :) |
Send message Joined: 19 Jun 12 Posts: 221 Credit: 623,640 RAC: 0 |
I still don't have another answer from BitDefender and it still shows Gen:Variant.Kazy.367484 for period_search_10210_windows_intelx86__sse3.exe The only Antivirus which fixed this False Positive is McAfee Compare: https://www.virustotal.com/en/file/a27ce3d8c5ca4d58bac5d95185b53277ddd2dde5e33f61e151bcc65b28062374/analysis/1399145129/ https://www.virustotal.com/en/file/a27ce3d8c5ca4d58bac5d95185b53277ddd2dde5e33f61e151bcc65b28062374/analysis/1399439314/ - ALF - "Find out what you don't do well ..... then don't do it!" :) |
Send message Joined: 19 Jun 12 Posts: 221 Credit: 623,640 RAC: 0 |
Last modified: 7 May 2014, 6:24:45 UTC I sent similar report to Lavasoft / Ad-Aware (easy: they accept URL to get the file, no need to send Zip) http://lavasoft.com/support/securitycenter/report_false_positives.php Ad-Aware - Gen:Variant.Kazy.367484 - 20140507 : https://www.virustotal.com/en/file/a27ce3d8c5ca4d58bac5d95185b53277ddd2dde5e33f61e151bcc65b28062374/analysis/1399439314/ SHA256: a27ce3d8c5ca4d58bac5d95185b53277ddd2dde5e33f61e151bcc65b28062374 File size 283.0 KB ( 289792 bytes ) File name: period_search_10210_windows_intelx86__sse3.exe URL to get the file: http://asteroidsathome.net/boinc/download/period_search_10210_windows_intelx86__sse3.exe Problem noted here: http://asteroidsathome.net/boinc/forum_thread.php?id=286 And another similar report to Trend Micro (they insist to get password-protected Zip) http://www.trendmicro.com/us/about-us/detection-reevaluation/index.html - ALF - "Find out what you don't do well ..... then don't do it!" :) |
Send message Joined: 19 Jun 12 Posts: 221 Credit: 623,640 RAC: 0 |
Reports sent also to G Data and MicroWorld-eScan https://su.gdatasoftware.com/us/sample-submission/ http://support.mwti.net/support/index.php?/Tickets/Submit - ALF - "Find out what you don't do well ..... then don't do it!" :) |
Send message Joined: 19 Jun 12 Posts: 221 Credit: 623,640 RAC: 0 |
OK, after all these reports the issue is now fixed for the most part but McAfee is back again in the False Positive 'business' (Artemis!F4A88BF8B5CE) ;) https://www.virustotal.com/en/file/a27ce3d8c5ca4d58bac5d95185b53277ddd2dde5e33f61e151bcc65b28062374/analysis/1399507771/ Now 'Detection ratio: 6 / 51' If someone (e.g. the admin of this project; or people using McAfee) want to rule-out the remaining 6 False Positives use the big table on this page (use Ctrl+F to find the product) - it have links for every Antivirus directly to False Positive Submission: http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm - ALF - "Find out what you don't do well ..... then don't do it!" :) |
Send message Joined: 19 Jun 12 Posts: 221 Credit: 623,640 RAC: 0 |
Only 3 False Positives remained, who did the reports? (probably virustotal itself is notifying the vendors when 'Detection ratio' of some file go too much up or down): https://www.virustotal.com/en/file/a27ce3d8c5ca4d58bac5d95185b53277ddd2dde5e33f61e151bcc65b28062374/analysis/1399628625/ - ALF - "Find out what you don't do well ..... then don't do it!" :) |
Message boards :
Problems and bug reports :
Virus Gen:Variant.Kazy:367484