The Scottish Boinc Team

Welcome to the forum of Scotland's biggest, oldest and best distributed computing team.
https://tsbt.co.uk/forum/

Gerasim ODLS BS might be compromised

https://tsbt.co.uk/forum/viewtopic.php?t=36192

Page 1 of 1

#1 Gerasim ODLS BS might be compromised

Posted: Tue Jan 11, 2022 1:48 am
by Dirk Broer
I couldn't get the exe for this app downloaded and kept getting download errors.

Code: Select all

Boinc Manager 7.16.11
<message>
app_version download error: couldn't get input files:
<file_xfer_error>
  <file_name>ho_prop_1.4.7_windows_intelx86_64.exe</file_name>
  <error_code>-108 (fopen() failed)</error_code>
</file_xfer_error>
</message>
It appeared that Windows Defender has it down as containing a Trojan.

ho_prop_1.4.7_windows_intelx86_64.exe
Detected: Trojan:Win32/Caynamer.A!ml
This program is dangerous and executes commands from an attacker.

#2 Re: Gerasim ODLS BS might be compromised

Posted: Tue Jan 11, 2022 2:20 am
by scole of TSBT
Is it a real trojan or a false positive, which has happened before

#3 Re: Gerasim ODLS BS might be compromised

Posted: Tue Jan 11, 2022 2:33 am
by Dirk Broer
If it really contains Win32/Caynamer.A!ml, it is a real problem.

#4 Re: Gerasim ODLS BS might be compromised

Posted: Tue Jan 11, 2022 10:49 am
by Megacruncher
I’ll maybe lay off it for a day or two until the situation is clearer. It certainly wouldn’t be the first time that Windows has identified a boinc activity as viral.

#5 Re: Gerasim ODLS BS might be compromised

Posted: Tue Jan 11, 2022 1:03 pm
by Dirk Broer
It isn't so much the BOINC activity as well as the specific identified Win32/Caynamer.A!ml, that is also linked to ransomware when you search on it.

Malwarebytes didn't find anything on the PC that had Microsoft Defender detect the (possible) Trojan, checking further....

#6 Re: Gerasim ODLS BS might be compromised

Posted: Fri Jan 14, 2022 11:26 am
by Dirk Broer
Appears to be a false positive for the time being. Only Sophos anti-virus backed up the claim made by Microsoft Defender.

#7 Re: Gerasim ODLS BS might be compromised

Posted: Sun Jan 16, 2022 2:46 am
by Alez
I've been running it on one of my win machines for a while and so far, no issues. Of course, my BOINC machines don't matter. If they were to be infected, I'd simply wipe and start again.
I know it's a Russian project, but it's been around a while so hopefully it can be trusted. Not sure I'd say the same about any new projects out of China.
Using AVG for virus detection but the BOINC folders are excluded from checking so can't say what AVG thinks of the file.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited