Pirates@Home logo

Pirates@Home

Berkeley Open Infrastructure
BOINC!
for Network Computing
Home Help Status Forums Glossary Account

starboard_6.01 (Malware?)

log in

Advanced search

Message boards : Pirate Applications : starboard_6.01 (Malware?)

Author Message
littleBouncer
Volunteer tester
Avatar
Send message
Joined: 21 Oct 04
Switzerland
Crunchers@Home
Credit: 3,963.2
RAC: 0.00
Joined: Oct 21, 2004
Verified: Aug 30, 2010
Pieces of Eight: 4
Punishment: Canon Fodder
Message 8222 - Posted: 30 Dec 2008 | 19:44:53 UTC

avast identified the starboard-application as Virus infected:
virus: Win32:SkiMorph[Cryp]

It is real or a test?

greetz littleBouncer
____________

littleBouncer
Volunteer tester
Avatar
Send message
Joined: 21 Oct 04
Switzerland
Crunchers@Home
Credit: 3,963.2
RAC: 0.00
Joined: Oct 21, 2004
Verified: Aug 30, 2010
Pieces of Eight: 4
Punishment: Canon Fodder
Message 8223 - Posted: 30 Dec 2008 | 20:19:28 UTC

and with the next Wu the same. Avast Virus-alert....

BOINC-messages:(Time=UTC+1)
30.12.2008 21:12:24|Pirates@Home|Sending scheduler request: To fetch work. Requesting 37029 seconds of work, reporting 1 completed tasks
30.12.2008 21:12:36|Pirates@Home|Scheduler request succeeded: got 1 new tasks
30.12.2008 21:12:38|Pirates@Home|Started download of starboard_6.01_windows_intelx86.exe
30.12.2008 21:14:01|Pirates@Home|Finished download of starboard_6.01_windows_intelx86.exe
30.12.2008 21:14:01|Pirates@Home|[error] Checksum or signature error for starboard_6.01_windows_intelx86.exe

I stopp (get no new work) on this project...

greetz littleBouncer

Profile Ageless
Chief Petty Officer
Volunteer tester
Avatar
Send message
Joined: 20 Jul 04
Netherlands
Machinae Supremacy
Credit: 1,524.1
RAC: 0.00
Joined: Jul 20, 2004
Verified: Jul 9, 2011
Dubloons: 3
Pieces of Eight: 7
Punishment: Walk Plank
Message 8224 - Posted: 30 Dec 2008 | 20:46:06 UTC

Not a problem here. It's most probably a false positive, as my Antivir doesn't detect a thing. If it were something malicious, all AV packages would scream bloody murder.

I doubt our Captain sends out viruses on purpose. There are easier ways to lessen the burden on the network.

Now then, starboard 6.01 with graphics. It's the impossible cube again. Graphics have textures as well. Really cool.


____________
Jord.

Used to be a single voice that vanished in a crowd. Vague just like a distant sun when hidden by the clouds.
Found a way to surface and to speak my truth aloud. Be powerful. Stand fast and proud

littleBouncer
Volunteer tester
Avatar
Send message
Joined: 21 Oct 04
Switzerland
Crunchers@Home
Credit: 3,963.2
RAC: 0.00
Joined: Oct 21, 2004
Verified: Aug 30, 2010
Pieces of Eight: 4
Punishment: Canon Fodder
Message 8225 - Posted: 30 Dec 2008 | 20:56:35 UTC

I have only reported the behavior. I know from old pirates-application there is something souspicious between Avast-AV and the 'Checksum'.

When I want to let work the starboard-app. I have to shut-down Avast-AV.

greetz littleBouncer

Profile KSMarksPsych
Volunteer tester
Avatar
Send message
Joined: 19 Jan 06
United States
Machinae Supremacy
Credit: 4,127.4
RAC: 0.00
Joined: Jan 19, 2006
Verified: Sep 24, 2010
Dubloons: 3
Pieces of Eight: 8
Punishment: Mess Duty
Message 8226 - Posted: 31 Dec 2008 | 1:01:45 UTC
Last modified: 31 Dec 2008 | 1:10:25 UTC

Running on 32 bit Linux right now. Graphics look good.

CPU usage on the graphics part is pretty low, between 1 and 2%. Smooth too. And we're talking a crappy integrated graphics laptop here.

OK, just reported and awaiting quorum.

64 bit Linux has done two, with one waiting for quorum and the other validating against a Mac.
____________
Kathryn :o)
The BOINC FAQ Service
The Unofficial BOINC Wiki
The Trac System

Profile KSMarksPsych
Volunteer tester
Avatar
Send message
Joined: 19 Jan 06
United States
Machinae Supremacy
Credit: 4,127.4
RAC: 0.00
Joined: Jan 19, 2006
Verified: Sep 24, 2010
Dubloons: 3
Pieces of Eight: 8
Punishment: Mess Duty
Message 8227 - Posted: 31 Dec 2008 | 1:11:31 UTC - in response to Message 8225.

littleBouncer wrote:
I have only reported the behavior. I know from old pirates-application there is something souspicious between Avast-AV and the 'Checksum'.

When I want to let work the starboard-app. I have to shut-down Avast-AV.

greetz littleBouncer


Eric, I use Avast on my Windows partitions (XP on one, Vista on the other). I can boot over there if you'd like.
____________
Kathryn :o)
The BOINC FAQ Service
The Unofficial BOINC Wiki
The Trac System

Profile Wormholio
Captain
Avatar
Send message
Joined: 6 Jun 04
United States
Away
Credit: 4,065.6
RAC: 0.00
Joined: Jun 6, 2004
Verified: Mar 13, 2008
Dubloons: 3
Pieces of Eight: 10
Punishment: Aztec curse
Message 8228 - Posted: 31 Dec 2008 | 2:07:34 UTC - in response to Message 8227.

KSMarksPsych wrote:

Eric, I use Avast on my Windows partitions (XP on one, Vista on the other). I can boot over there if you'd like.

Any testing is good. I would hope it's a false positive. I've seen some WU's fail due to signature errors, and that may mean that the files are being munged in transit. Not necessarily infected, but not transferred correctly. I'm having some network problems here again which might account for that. But nobody should be faulted for caution when downloading anything from known Pirates. :-)

____________
-- Eric Myers

"Education is not the filling of a pail, but the lighting of a fire." -- William Butler Yeats

Profile Wormholio
Captain
Avatar
Send message
Joined: 6 Jun 04
United States
Away
Credit: 4,065.6
RAC: 0.00
Joined: Jun 6, 2004
Verified: Mar 13, 2008
Dubloons: 3
Pieces of Eight: 10
Punishment: Aztec curse
Message 8229 - Posted: 31 Dec 2008 | 2:21:26 UTC - in response to Message 8222.

littleBouncer wrote:
avast identified the starboard-application as Virus infected:
virus: Win32:SkiMorph[Cryp]

It is real or a test?

I hope that it is a false positive. If you can identify the file that is being flagged there are a couple of things you might do to test that hypothesis. One is to see what the checksum is for the file, and we can see if it matches what is expected (or was the file modified in transit?) The other is to submit it to VirusTotal, which will scan it with over 30 different scanners. If only Avast flags it then it's likely a false positive.

____________
-- Eric Myers

"Education is not the filling of a pail, but the lighting of a fire." -- William Butler Yeats

noonway
Send message
Joined: 15 Oct 06
United States
23
Credit: 1,639.2
RAC: 0.00
Joined: Oct 15, 2006
Verified: NEVER
Message 8230 - Posted: 31 Dec 2008 | 2:29:07 UTC - in response to Message 8229.

Wormholio wrote:

I hope that it is a false positive. If you can identify the file that is being flagged there are a couple of things you might do to test that hypothesis. One is to see what the checksum is for the file, and we can see if it matches what is expected (or was the file modified in transit?) The other is to submit it to VirusTotal, which will scan it with over 30 different scanners. If only Avast flags it then it's likely a false positive.


Getting same thing here with my Avast. I have reported it as a false positive so hopefully ALWIL will accept the .exe and flag it as such in a future update.
____________

Milky^
Send message
Joined: 30 Dec 08
United Kingdom
OcUK - Overclockers UK
Credit: 55.7
RAC: 0.00
Joined: Dec 30, 2008
Verified: Dec 30, 2008
Punishment: Scour Bilge
Message 8231 - Posted: 31 Dec 2008 | 3:26:11 UTC - in response to Message 8230.





Try submitting the main exe to VirusTotal, starboard_6.01_windows_intelx86.exe keeps denying me (the owner) to open/submit the file and Avast keeps throwing up warnings about it being a trojan

Profile Daniel Michel
Volunteer tester
Avatar
Send message
Joined: 27 Jan 06
United States
The Final Front Ear
Credit: 1,904.0
RAC: 0.00
Joined: Jan 27, 2006
Verified: NEVER
Dubloons: 3
Punishment: Mess Duty
Message 8232 - Posted: 31 Dec 2008 | 5:47:52 UTC

I'm seeing starboard being reported as a trojan as well on Norton Internet Security 2009...It keeps sending 'em to quaranteen.
____________

Richard Prins
Volunteer tester
Avatar
Send message
Joined: 1 Apr 08
Canada
Credit: 200.9
RAC: 0.00
Joined: Apr 1, 2008
Verified: Apr 2, 2008
Pieces of Eight: 5
Message 8233 - Posted: 31 Dec 2008 | 7:54:17 UTC
Last modified: 31 Dec 2008 | 7:55:26 UTC

Same thing here with Avast:


Scary coming from pirates on spy-hill! ;)

Profile KSMarksPsych
Volunteer tester
Avatar
Send message
Joined: 19 Jan 06
United States
Machinae Supremacy
Credit: 4,127.4
RAC: 0.00
Joined: Jan 19, 2006
Verified: Sep 24, 2010
Dubloons: 3
Pieces of Eight: 8
Punishment: Mess Duty
Message 8234 - Posted: 31 Dec 2008 | 8:47:11 UTC

Yup. Got it on Avast as well.

I've asked Eric for a copy of the exe so I can send it to Avast. I'm over on the Linux side of my computer now, so no worries there.
____________
Kathryn :o)
The BOINC FAQ Service
The Unofficial BOINC Wiki
The Trac System

Profile Ageless
Chief Petty Officer
Volunteer tester
Avatar
Send message
Joined: 20 Jul 04
Netherlands
Machinae Supremacy
Credit: 1,524.1
RAC: 0.00
Joined: Jul 20, 2004
Verified: Jul 9, 2011
Dubloons: 3
Pieces of Eight: 7
Punishment: Walk Plank
Message 8235 - Posted: 31 Dec 2008 | 10:56:49 UTC

If you want to send it to Avast, do take heed of these steps:

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here.

If it is indeed a false positive (only detected by avast in VT above), add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Send the sample to virus <at> avast <dot> com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already in the chest) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). The new submission process doesn't actually email it but uploads it to avast during the Auto or Manual update process.

So no need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

____________
Jord.

Used to be a single voice that vanished in a crowd. Vague just like a distant sun when hidden by the clouds.
Found a way to surface and to speak my truth aloud. Be powerful. Stand fast and proud

Profile Ageless
Chief Petty Officer
Volunteer tester
Avatar
Send message
Joined: 20 Jul 04
Netherlands
Machinae Supremacy
Credit: 1,524.1
RAC: 0.00
Joined: Jul 20, 2004
Verified: Jul 9, 2011
Dubloons: 3
Pieces of Eight: 7
Punishment: Walk Plank
Message 8236 - Posted: 31 Dec 2008 | 11:09:47 UTC
Last modified: 31 Dec 2008 | 11:34:16 UTC

I am testing with some online scanners now. Will report back.

Norton's Security Check doesn't work (redirect loop).
McAfee Freescan demands I enable ActiveX... um no.
Trendmicro's Housecall has been trying to load I don't know what for the past 40 minutes.

Kaspersky Anti-Virus has not detected any viruses at this time in the file you submitted

Scanned file: starboard_6.01_windows_intelx86.exe

Statistics: Known viruses: 1537584 Updated: 31-12-2008 File size (Kb): 316 Virus bodies: 0 Files: 1 Warnings: 0 Archives: 0 Suspicious: 0


Bitdefender wants to scan my whole computer, which will take close to 8 hours.
Pandasoftware Activescan 2.0 gives an error on its own update. Clicking through some more ActiveX plugins to install, it will also try to scan my computer with a very annoying soundbyte. Get off you!
RAV is forbidden.

Still waiting for Trendmicro to go do something. I asked it to go scan only my BOINC Data directory. So far, bupkiss.

____________
Jord.

Used to be a single voice that vanished in a crowd. Vague just like a distant sun when hidden by the clouds.
Found a way to surface and to speak my truth aloud. Be powerful. Stand fast and proud

Profile Mete
Send message
Joined: 17 Dec 08
Germany
SETI.Germany
Credit: 1,247.5
RAC: 0.00
Joined: Dec 17, 2008
Verified: Dec 31, 2008
Dubloons: 3
Message 8237 - Posted: 31 Dec 2008 | 15:32:25 UTC - in response to Message 8236.
Last modified: 31 Dec 2008 | 15:32:49 UTC

VirusTotal is stating that the file is good:

http://www.virustotal.com/analisis/611195155628fb32c69360f05007d59e

Zero matches out of 39 Scanners.

Profile Wormholio
Captain
Avatar
Send message
Joined: 6 Jun 04
United States
Away
Credit: 4,065.6
RAC: 0.00
Joined: Jun 6, 2004
Verified: Mar 13, 2008
Dubloons: 3
Pieces of Eight: 10
Punishment: Aztec curse
Message 8241 - Posted: 31 Dec 2008 | 19:08:40 UTC - in response to Message 8237.

Mete wrote:
VirusTotal is stating that the file is good:
http://www.virustotal.com/analisis/611195155628fb32c69360f05007d59e
Zero matches out of 39 Scanners.

I'm afraid that is the graphics program, not the compute program. (In BOINC 6 the screensaver is now a separate program, not just a thread of a single program.) The graphics program is "clean", while the compute program scores 3/39. But I think it is clear this is a false positive. I don't know why.

It is ironic (and a shame) that a Pirates application would be treated poorly by a program called "Avast!".


____________
-- Eric Myers

"Education is not the filling of a pail, but the lighting of a fire." -- William Butler Yeats

Profile Daniel
Send message
Joined: 10 Aug 07
United States
Calm Chaos
Credit: 4,035.2
RAC: 0.00
Joined: Aug 10, 2007
Verified: NEVER
Pieces of Eight: 2
Punishment: Mess Duty
Message 8242 - Posted: 31 Dec 2008 | 19:19:02 UTC

Avast! here too. Throwing fits on xp64 and xp pro. I even have BOINC in the exclusions list but still no go.

Profile Wormholio
Captain
Avatar
Send message
Joined: 6 Jun 04
United States
Away
Credit: 4,065.6
RAC: 0.00
Joined: Jun 6, 2004
Verified: Mar 13, 2008
Dubloons: 3
Pieces of Eight: 10
Punishment: Aztec curse
Message 8243 - Posted: 31 Dec 2008 | 21:59:01 UTC

To follow up I will also note that on the machine on which I build the Windows app I have Symantec AntiVirus Corporate Edition, with LiveUpdate to get their latest virus definitions. While I run regular scans, I also ran one manually after this was reported, and found no problems.

Captain: This is not a virus you are looking for.

Avast: This is not a virus I am looking for.

Captain: Move along now.

Avast: Move along now.

____________
-- Eric Myers

"Education is not the filling of a pail, but the lighting of a fire." -- William Butler Yeats

littleBouncer
Volunteer tester
Avatar
Send message
Joined: 21 Oct 04
Switzerland
Crunchers@Home
Credit: 3,963.2
RAC: 0.00
Joined: Oct 21, 2004
Verified: Aug 30, 2010
Pieces of Eight: 4
Punishment: Canon Fodder
Message 8244 - Posted: 1 Jan 2009 | 4:14:11 UTC

Sorry for the 'big disturbance'.
Meanwhile Avast let download the starboard-executable and my machine can crunch the WU's as it should...:)

greetz littleBouncer

Profile Kinguni
Volunteer tester
Avatar
Send message
Joined: 16 Sep 06
Canada
Team Starfire World BOINC
Credit: 4,127.0
RAC: 0.00
Joined: Sep 16, 2006
Verified: Mar 29, 2009
Dubloons: 3
Punishment: Canon Fodder
Message 8245 - Posted: 1 Jan 2009 | 6:13:40 UTC

Aye cap'n, she seems to be fixed now! Avast!
____________
Team Starfire World BOINC!

Profile Daniel Michel
Volunteer tester
Avatar
Send message
Joined: 27 Jan 06
United States
The Final Front Ear
Credit: 1,904.0
RAC: 0.00
Joined: Jan 27, 2006
Verified: NEVER
Dubloons: 3
Punishment: Mess Duty
Message 8248 - Posted: 1 Jan 2009 | 14:01:50 UTC

I had one AMD 3700+ machine running NIS 1009 and Windows XP that has had no trouble at all with any Pirate's Wu'a....But my AMD 6000+ Dual core running Vista and NIS 2009 got every WU mashed by the antivirua.
____________

Profile Daniel Michel
Volunteer tester
Avatar
Send message
Joined: 27 Jan 06
United States
The Final Front Ear
Credit: 1,904.0
RAC: 0.00
Joined: Jan 27, 2006
Verified: NEVER
Dubloons: 3
Punishment: Mess Duty
Message 8251 - Posted: 2 Jan 2009 | 2:47:39 UTC
Last modified: 2 Jan 2009 | 2:49:17 UTC



This is what i've been seeing...I have submitted the file to Symantec so hopefully they can fix this detection.
____________

Profile Daniel Michel
Volunteer tester
Avatar
Send message
Joined: 27 Jan 06
United States
The Final Front Ear
Credit: 1,904.0
RAC: 0.00
Joined: Jan 27, 2006
Verified: NEVER
Dubloons: 3
Punishment: Mess Duty
Message 8256 - Posted: 3 Jan 2009 | 17:24:21 UTC

NIS 2009 seems to be leaving starboard alone now...I've had several WU's complete successfully on the machine that was mashing them before.
____________

Profile Brian Uitti
Volunteer tester
Avatar
Send message
Joined: 9 Sep 04
United States
Project Blue Book
Credit: 4,573.7
RAC: 0.00
Joined: Sep 9, 2004
Verified: Mar 4, 2010
Punishment: Canon Fodder
Message 8257 - Posted: 3 Jan 2009 | 20:53:05 UTC

My detailed report on the Q&A board with Scott Brown's link-back to here:

Questions and Answers : Pirates@Home Problems Link

// Brian
____________

Profile Pepo
Chief Petty Officer
Volunteer tester
Avatar
Send message
Joined: 13 Sep 04
Slovakia
TeamVision42
Credit: 928.1
RAC: 0.00
Joined: Sep 13, 2004
Verified: Aug 4, 2009
Dubloons: 3
Pieces of Eight: 5
Punishment: Cat o' Nine Tails
Message 8982 - Posted: 29 Jan 2011 | 23:15:48 UTC - in response to Message 8241.

Wormholio wrote:
Mete wrote:
VirusTotal is stating that the file is good:
http://www.virustotal.com/analisis/611195155628fb32c69360f05007d59e
Zero matches out of 39 Scanners.


It is ironic (and a shame) that a Pirates application would be treated poorly by a program called "Avast!".


Maybe the avast! Antivirus wanted to make it good ,-) so (I've noticed it just now, I've no idea since when already) it contains a "Pirate talk" language among its available languages, with nice "Talk Like a Pirate" logo visible on the title bar, when the Pirates' dialect is active .-)
____________
Peter .-)

Post to thread

Message boards : Pirate Applications : starboard_6.01 (Malware?)

Home Help Status Forums Glossary Account


Return to Pirates@Home main page


Copyright © 2017 Capt. Jack Sparrow