Trojan.Generic.KD.311346 (Engine A)

Questions and Answers : Windows : Trojan.Generic.KD.311346 (Engine A)
Message board moderation

To post messages, you must log in.

AuthorMessage
Bumbler

Send message
Joined: 31 May 11
Posts: 1
Credit: 3,386,893
RAC: 0
Message 900 - Posted: 14 Aug 2011, 11:31:23 UTC

The download of new wu's (ATI) blocked since two days by G-Data InternetSecurity 2012...

Trojan.Generic.KD.311346 (Engine A)

...and the wu's marked with download error.

Bumbler
ID: 900 · Rating: 0 · rate: Rate + / Rate - Report as offensive
Thomas Turk

Send message
Joined: 27 Jun 11
Posts: 1
Credit: 15,725,443
RAC: 0
Message 901 - Posted: 14 Aug 2011, 16:58:34 UTC - in response to Message 900.  

Me too

Virus: Trojan.Generic.KD.311346 (Engine A)

Virus beim Laden von Web-Inhalten gefunden.

Adresse: moowrap.net
ID: 901 · Rating: 0 · rate: Rate + / Rate - Report as offensive
mikey
Avatar

Send message
Joined: 22 Jun 11
Posts: 1997
Credit: 1,000,866,048
RAC: 0
Message 903 - Posted: 16 Aug 2011, 10:50:22 UTC - in response to Message 901.  

Me too

Virus: Trojan.Generic.KD.311346 (Engine A)

Virus beim Laden von Web-Inhalten gefunden.

Adresse: moowrap.net


These are normally false positives and since the communication is between the Boinc Project and your and no one else everyone would be reporting this problem if it were real. You can either manually ignore it, if your AV program lets you, or just put your Boinc folders in the ignore list of what to scan by your AV program. If it is a real virus it will come out of the Boinc folders and get caught, if it stays there who cares or more likely it is not a real virus.
ID: 903 · Rating: 0 · rate: Rate + / Rate - Report as offensive
Profile Teemu Mannermaa
Project administrator
Project developer
Project tester

Send message
Joined: 20 Apr 11
Posts: 360
Credit: 755,796,644
RAC: 100,183
Message 921 - Posted: 21 Aug 2011, 21:05:10 UTC

Hi,

Distributed.net Clients have had problems with some people spreading them through illegal means* so there are many antivirus-programs that occasionally detects the client binary as a Trojan. As long as you know where the binary came from (in this case from us) these are false positives and can be ignored.

Clients we use come directly from the Distributed.net site and are distributed unaltered by us. They have been signed by our project and BOINC Client will verify their signature before allowing the binary to run.

There has been no change in the binaries we use recently so probably the detection of "G-Data InternetSecurity 2012" was changed. To be certain, you could use some online scanner as well to scan the files.

*They have detailed what they have found at http://www.distributed.net/Trojans.

-w
ID: 921 · Rating: 0 · rate: Rate + / Rate - Report as offensive
john

Send message
Joined: 8 Jul 11
Posts: 36
Credit: 460,467,436
RAC: 3
Message 926 - Posted: 24 Aug 2011, 16:37:31 UTC

The file 'C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.02_windows_intelx86__ati14.exe'
contained a virus or unwanted program 'TR/Gendal.KD.311346' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4b1f88cf.qua'
getting the same from my anti virus
ID: 926 · Rating: 0 · rate: Rate + / Rate - Report as offensive
john

Send message
Joined: 8 Jul 11
Posts: 36
Credit: 460,467,436
RAC: 3
Message 927 - Posted: 24 Aug 2011, 16:40:27 UTC

The file 'C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.02_windows_intelx86__ati14.exe'
contained a virus or unwanted program 'TR/Gendal.KD.311346' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4b1f88cf.qua'
getting the same from my anti virus,guess i should add that this has never happened before on any other boinc based projects
ID: 927 · Rating: 0 · rate: Rate + / Rate - Report as offensive
john

Send message
Joined: 8 Jul 11
Posts: 36
Credit: 460,467,436
RAC: 3
Message 928 - Posted: 24 Aug 2011, 16:40:54 UTC

The file 'C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.02_windows_intelx86__ati14.exe'
contained a virus or unwanted program 'TR/Gendal.KD.311346' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4b1f88cf.qua'
getting the same from my anti virus,guess i should add that this has never happened before on any other boinc based projects,that i run
ID: 928 · Rating: 0 · rate: Rate + / Rate - Report as offensive
mikey
Avatar

Send message
Joined: 22 Jun 11
Posts: 1997
Credit: 1,000,866,048
RAC: 0
Message 933 - Posted: 25 Aug 2011, 12:41:03 UTC - in response to Message 928.  

The file 'C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.02_windows_intelx86__ati14.exe'
contained a virus or unwanted program 'TR/Gendal.KD.311346' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4b1f88cf.qua'
getting the same from my anti virus,guess i should add that this has never happened before on any other boinc based projects,that i run


Did you download the file directly from a Boinc website or copy it over from another pc? No one else is reporting a problem, and you would lots of people would be if they had one, so it seems to be isolated to just you right now.
ID: 933 · Rating: 0 · rate: Rate + / Rate - Report as offensive
Profile michael-u5a1
Avatar

Send message
Joined: 30 May 11
Posts: 1
Credit: 465,632
RAC: 0
Message 935 - Posted: 25 Aug 2011, 16:06:44 UTC
Last modified: 25 Aug 2011, 16:07:10 UTC

My AntiVir found the Trojan TR/Gendal.KD.311346 too!

C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.2_windows_intelx86.exe'
enthielt einen Virus oder unerw├╝nschtes Programm 'TR/Gendal.KD.311346' [trojan].
ID: 935 · Rating: 0 · rate: Rate + / Rate - Report as offensive
A.M.

Send message
Joined: 20 Jun 11
Posts: 2
Credit: 4,199,383
RAC: 0
Message 937 - Posted: 25 Aug 2011, 19:49:56 UTC

Avira is giving me a similar alert. So, no, it's NOT just one or two people.
ID: 937 · Rating: 0 · rate: Rate + / Rate - Report as offensive
mikey
Avatar

Send message
Joined: 22 Jun 11
Posts: 1997
Credit: 1,000,866,048
RAC: 0
Message 938 - Posted: 26 Aug 2011, 11:36:30 UTC - in response to Message 935.  

My AntiVir found the Trojan TR/Gendal.KD.311346 too!

C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.2_windows_intelx86.exe'
enthielt einen Virus oder unerw├╝nschtes Programm 'TR/Gendal.KD.311346' [trojan].


Okay what AV are you using? Which one is everyone else using? Let's see if we can narrow this down then. I am using Microsoft Security Essentials, on most of my pc's, and the free version of Avast on one pc, and none of them found a problem. I have also run MalwareBytes Malware finder on all of my pc's and no problems were found.
ID: 938 · Rating: 0 · rate: Rate + / Rate - Report as offensive
Roger Vanderseypen [PI_BELUX]

Send message
Joined: 2 May 11
Posts: 3
Credit: 117,294,331
RAC: 0
Message 947 - Posted: 30 Aug 2011, 18:58:05 UTC - in response to Message 938.  

same with bitdefender since a while, i have stopped the project for a while hoping it would solve in the meantime, now after a couple of weks-months tried to restart the jobs, without any luck.

seems i will suppress the whole thing again then in the meanwhile it is solved, or to have a antivirus that stops the detection of trojans.. :)

regards,
ID: 947 · Rating: 0 · rate: Rate + / Rate - Report as offensive
Roger Vanderseypen [PI_BELUX]

Send message
Joined: 2 May 11
Posts: 3
Credit: 117,294,331
RAC: 0
Message 948 - Posted: 30 Aug 2011, 19:08:19 UTC - in response to Message 947.  

seems that last valid upload was 03-08-11 then virus definitions where updated reporting the virus detection.
ID: 948 · Rating: 0 · rate: Rate + / Rate - Report as offensive
Profile Teemu Mannermaa
Project administrator
Project developer
Project tester

Send message
Joined: 20 Apr 11
Posts: 360
Credit: 755,796,644
RAC: 100,183
Message 952 - Posted: 31 Aug 2011, 14:59:52 UTC

Hi,

Oh wait, that's our wrapper and not the client. Looks like some virus scanners indeed think there's somekind of trojan in the file: http://www.virustotal.com/file-scan/report.html?id=212e0d9feeb69c76c12b2c94f10f7d401e159beccc2e4a93c6de57ee9a300867-1314444480

I'll verify their hashes against our original file and see if I can rerun the test using the file from our download server (and latest signatures by those scanners). I still think this is a false positive (only few detections and only generic trojan signature) but I'll investigate anyway.

-w
ID: 952 · Rating: 0 · rate: Rate + / Rate - Report as offensive
Roger Vanderseypen [PI_BELUX]

Send message
Joined: 2 May 11
Posts: 3
Credit: 117,294,331
RAC: 0
Message 957 - Posted: 31 Aug 2011, 19:13:06 UTC - in response to Message 952.  

glad i was able to help in the right direction, as for the false positive, i am not sure , since i have tried not to click the ok button when it informed me of the trojan, which then ended up in having onother type of warning concerning tempting with the searchprotocolhost which it blocked.

regards
roger
ID: 957 · Rating: 0 · rate: Rate + / Rate - Report as offensive
Profile Teemu Mannermaa
Project administrator
Project developer
Project tester

Send message
Joined: 20 Apr 11
Posts: 360
Credit: 755,796,644
RAC: 100,183
Message 959 - Posted: 31 Aug 2011, 22:33:09 UTC

Hi,

Just a quick update as I did verify earlier that their sample matches what's in our download site and also rerun their scan. The same six scanners still think our wrapper is doing something trojan-like. :( Most likely a false positive that sneak into their generic signatures via automation or matching behavior of a real trojan.

Anybody who is affected by these reports can try to report the sample to their vendor and ask them to verify if these are indeed something real or false positives like I think. That's probably the only way to get them correct their signatures since it has been this long. :( I can't do that reporting since I'm not their customer.

Perhaps the only thing I can do is to compile a new version that hopefully no longer matches their signatures.

Oh, and BTW, I did scan these with my Panda Antivirus and it reported that everything is fine. Which is not surprising since the site says Panda doesn't think these are malicious. :)

-w
ID: 959 · Rating: 0 · rate: Rate + / Rate - Report as offensive

Questions and Answers : Windows : Trojan.Generic.KD.311346 (Engine A)


 
Copyright © 2011-2017 Moo! Wrapper Project