The download of new wu's (ATI) blocked since two days by G-Data InternetSecurity 2012...

Trojan.Generic.KD.311346 (Engine A)

...and the wu's marked with download error.

Bumbler

Me too

Virus: Trojan.Generic.KD.311346 (Engine A)

Virus beim Laden von Web-Inhalten gefunden.

Adresse: moowrap.net

Me too

Virus: Trojan.Generic.KD.311346 (Engine A)

Virus beim Laden von Web-Inhalten gefunden.

Adresse: moowrap.net

These are normally false positives and since the communication is between the Boinc Project and your and no one else everyone would be reporting this problem if it were real. You can either manually ignore it, if your AV program lets you, or just put your Boinc folders in the ignore list of what to scan by your AV program. If it is a real virus it will come out of the Boinc folders and get caught, if it stays there who cares or more likely it is not a real virus.

Hi,

Distributed.net Clients have had problems with some people spreading them through illegal means* so there are many antivirus-programs that occasionally detects the client binary as a Trojan. As long as you know where the binary came from (in this case from us) these are false positives and can be ignored.

Clients we use come directly from the Distributed.net site and are distributed unaltered by us. They have been signed by our project and BOINC Client will verify their signature before allowing the binary to run.

There has been no change in the binaries we use recently so probably the detection of "G-Data InternetSecurity 2012" was changed. To be certain, you could use some online scanner as well to scan the files.

*They have detailed what they have found at http://www.distributed.net/Trojans.

-w

The file 'C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.02_windows_intelx86__ati14.exe'
contained a virus or unwanted program 'TR/Gendal.KD.311346' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4b1f88cf.qua'
getting the same from my anti virus

The file 'C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.02_windows_intelx86__ati14.exe'
contained a virus or unwanted program 'TR/Gendal.KD.311346' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4b1f88cf.qua'
getting the same from my anti virus,guess i should add that this has never happened before on any other boinc based projects

The file 'C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.02_windows_intelx86__ati14.exe'
contained a virus or unwanted program 'TR/Gendal.KD.311346' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4b1f88cf.qua'
getting the same from my anti virus,guess i should add that this has never happened before on any other boinc based projects,that i run

The file 'C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.02_windows_intelx86__ati14.exe'
contained a virus or unwanted program 'TR/Gendal.KD.311346' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4b1f88cf.qua'
getting the same from my anti virus,guess i should add that this has never happened before on any other boinc based projects,that i run

Did you download the file directly from a Boinc website or copy it over from another pc? No one else is reporting a problem, and you would lots of people would be if they had one, so it seems to be isolated to just you right now.

My AntiVir found the Trojan TR/Gendal.KD.311346 too!

C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.2_windows_intelx86.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Gendal.KD.311346' [trojan].

Avira is giving me a similar alert. So, no, it's NOT just one or two people.

My AntiVir found the Trojan TR/Gendal.KD.311346 too!

C:\ProgramData\BOINC\projects\moowrap.net\dnetc_1.2_windows_intelx86.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Gendal.KD.311346' [trojan].

Okay what AV are you using? Which one is everyone else using? Let's see if we can narrow this down then. I am using Microsoft Security Essentials, on most of my pc's, and the free version of Avast on one pc, and none of them found a problem. I have also run MalwareBytes Malware finder on all of my pc's and no problems were found.

same with bitdefender since a while, i have stopped the project for a while hoping it would solve in the meantime, now after a couple of weks-months tried to restart the jobs, without any luck.

seems i will suppress the whole thing again then in the meanwhile it is solved, or to have a antivirus that stops the detection of trojans.. :)

regards,

seems that last valid upload was 03-08-11 then virus definitions where updated reporting the virus detection.

Hi,

Oh wait, that's our wrapper and not the client. Looks like some virus scanners indeed think there's somekind of trojan in the file: http://www.virustotal.com/file-scan/report.html?id=212e0d9feeb69c76c12b2c94f10f7d401e159beccc2e4a93c6de57ee9a300867-1314444480

I'll verify their hashes against our original file and see if I can rerun the test using the file from our download server (and latest signatures by those scanners). I still think this is a false positive (only few detections and only generic trojan signature) but I'll investigate anyway.

-w

glad i was able to help in the right direction, as for the false positive, i am not sure , since i have tried not to click the ok button when it informed me of the trojan, which then ended up in having onother type of warning concerning tempting with the searchprotocolhost which it blocked.

regards
roger

Hi,

Just a quick update as I did verify earlier that their sample matches what's in our download site and also rerun their scan. The same six scanners still think our wrapper is doing something trojan-like. :( Most likely a false positive that sneak into their generic signatures via automation or matching behavior of a real trojan.

Anybody who is affected by these reports can try to report the sample to their vendor and ask them to verify if these are indeed something real or false positives like I think. That's probably the only way to get them correct their signatures since it has been this long. :( I can't do that reporting since I'm not their customer.

Perhaps the only thing I can do is to compile a new version that hopefully no longer matches their signatures.

Oh, and BTW, I did scan these with my Panda Antivirus and it reported that everything is fine. Which is not surprising since the site says Panda doesn't think these are malicious. :)

-w