Gerasim ODLS BS might be compromised

Forum rules
User avatar
Dirk Broer
Corsair
Corsair
Posts: 1707
Joined: Thu Feb 20, 2014 11:24 pm
Location: Leiden, South Holland, Netherlands
Has thanked: 29 times
Been thanked: 41 times
Contact:

#1 Gerasim ODLS BS might be compromised

Post by Dirk Broer »

I couldn't get the exe for this app downloaded and kept getting download errors.

Code: Select all

Boinc Manager 7.16.11
<message>
app_version download error: couldn't get input files:
<file_xfer_error>
  <file_name>ho_prop_1.4.7_windows_intelx86_64.exe</file_name>
  <error_code>-108 (fopen() failed)</error_code>
</file_xfer_error>
</message>
It appeared that Windows Defender has it down as containing a Trojan.

ho_prop_1.4.7_windows_intelx86_64.exe
Detected: Trojan:Win32/Caynamer.A!ml
This program is dangerous and executes commands from an attacker.
Image
User avatar
scole of TSBT
Boinc Major General
Boinc Major General
Posts: 5597
Joined: Mon Feb 03, 2014 2:38 pm
Location: Goldsboro, (Eastern) North Carolina, USA
Has thanked: 16 times
Been thanked: 29 times

#2 Re: Gerasim ODLS BS might be compromised

Post by scole of TSBT »

Is it a real trojan or a false positive, which has happened before
Image
User avatar
Dirk Broer
Corsair
Corsair
Posts: 1707
Joined: Thu Feb 20, 2014 11:24 pm
Location: Leiden, South Holland, Netherlands
Has thanked: 29 times
Been thanked: 41 times
Contact:

#3 Re: Gerasim ODLS BS might be compromised

Post by Dirk Broer »

If it really contains Win32/Caynamer.A!ml, it is a real problem.
Image
User avatar
Megacruncher
G.L.S.B.
G.L.S.B.
Posts: 4488
Joined: Mon May 29, 2006 11:33 pm
Location: Edinburgh, Scotland
Has thanked: 11 times
Been thanked: 15 times
Contact:

#4 Re: Gerasim ODLS BS might be compromised

Post by Megacruncher »

I’ll maybe lay off it for a day or two until the situation is clearer. It certainly wouldn’t be the first time that Windows has identified a boinc activity as viral.
Willie the Megacruncher
Image
User avatar
Dirk Broer
Corsair
Corsair
Posts: 1707
Joined: Thu Feb 20, 2014 11:24 pm
Location: Leiden, South Holland, Netherlands
Has thanked: 29 times
Been thanked: 41 times
Contact:

#5 Re: Gerasim ODLS BS might be compromised

Post by Dirk Broer »

It isn't so much the BOINC activity as well as the specific identified Win32/Caynamer.A!ml, that is also linked to ransomware when you search on it.

Malwarebytes didn't find anything on the PC that had Microsoft Defender detect the (possible) Trojan, checking further....
Image
User avatar
Dirk Broer
Corsair
Corsair
Posts: 1707
Joined: Thu Feb 20, 2014 11:24 pm
Location: Leiden, South Holland, Netherlands
Has thanked: 29 times
Been thanked: 41 times
Contact:

#6 Re: Gerasim ODLS BS might be compromised

Post by Dirk Broer »

Appears to be a false positive for the time being. Only Sophos anti-virus backed up the claim made by Microsoft Defender.
Image
User avatar
Alez
[ TSBT's Pirate ]
[ TSBT's Pirate ]
Posts: 10332
Joined: Thu Oct 04, 2012 1:22 pm
Location: roaming the planet
Has thanked: 21 times
Been thanked: 53 times

#7 Re: Gerasim ODLS BS might be compromised

Post by Alez »

I've been running it on one of my win machines for a while and so far, no issues. Of course, my BOINC machines don't matter. If they were to be infected, I'd simply wipe and start again.
I know it's a Russian project, but it's been around a while so hopefully it can be trusted. Not sure I'd say the same about any new projects out of China.
Using AVG for virus detection but the BOINC folders are excluded from checking so can't say what AVG thinks of the file.
Image
The best form of help from above is a sniper on the rooftop....
Post Reply Previous topicNext topic

Return to “Gerasim”