Einstein component detected as VIRUS (Suspicious.Lop)

Tictag

Joined: 25 Nov 05

Posts: 1

Credit: 648066

RAC: 0

9 Apr 2009 11:21:27 UTC

Topic 194279

(moderation:

)

Norton Internet Security 2009 has just recognised an Einstein@Home component as a Heuristic Virus, risk name: Suspicious.Lop.

The file name is: einstein_s5r5_3.01_graphics_windows_intelx86.exe
The file path is: C:\programdata\boinc\projects\einstein.phys.uwm.edu\

I'm sure it isn't a virus but it might be worthwhile discussing this false positive with Symantec.

David Adams.

Mike Hewson

Moderator

Joined: 1 Dec 05

Posts: 6592

Credit: 332250890

RAC: 304533

Einstein component detected as VIRUS (Suspicious.Lop)

9 Apr 2009 13:19:57 UTC

Message 92335

(moderation:

)

For what it's worth, Trend Micro Internet Security 2008 has no problem.

Cheers, Mike.

I have made this letter longer than usual because I lack the time to make it shorter ...

... and my other CPU is a Ryzen 5950X :-) Blaise Pascal

kararom

Joined: 20 Dec 08

Posts: 13

Credit: 166291969

RAC: 0

So what? This file infected

9 Apr 2009 14:20:43 UTC

Message 92336

(moderation:

)

So what? This file infected or not?

Dagorath

Joined: 22 Apr 06

Posts: 146

Credit: 226423

RAC: 0

RE: So what? This file

9 Apr 2009 15:10:30 UTC

Message 92337 in response to message 92336

(moderation:

)

Quote:

So what? This file infected or not?

AVG with all updates on the only Windows XP host I own says it's infected.

AVG with all updates on my buddy's Win XP machine (it doesn't crunch but I sent him the file) doesn't complain. No BS!

Seems like the answer to the "Is it infected?" question depends on who you ask, perhaps even when you ask them. Is that special relativity or general mayhem?

Follow Ageless' suggestion in that other thread... ask all the authorities at once and go with the majority. You may want to ask them again tomorrow.

BOINC FAQ Service
Official BOINC wiki
Installing BOINC on Linux

Bikeman (Heinz-...

Moderator

Joined: 28 Aug 06

Posts: 3522

Credit: 802654974

RAC: 1234071

The original file was

9 Apr 2009 15:18:54 UTC

Message 92338

(moderation:

)

The original file was uploaded to a scanning service and not one of the scanners detected a problem:

https://www.virustotal.com/analisis/65ebdea88d3bb22613e60c719d4b2459.

CU
Bikeman

Harvey

Joined: 12 Dec 06

Posts: 4

Credit: 73652

RAC: 0

RE: The original file was

9 Apr 2009 19:12:07 UTC

Message 92339 in response to message 92338

(moderation:

)

Quote:

The original file was uploaded to a scanning service and not one of the scanners detected a problem:

https://www.virustotal.com/analisis/65ebdea88d3bb22613e60c719d4b2459.

CU
Bikeman

As I posted in this post, it is the autodetection software that heuristically detects the file 'while it's active'. IOW, it detects it's behaviour as malware like.

This is most likely a false positive, but it will be good to see why Symantec has ID it specifically.

Harvey

Dagorath

Joined: 22 Apr 06

Posts: 146

Credit: 226423

RAC: 0

Harvey, Thanks for

9 Apr 2009 19:42:25 UTC

Message 92340 in response to message 92339

(moderation:

)

Harvey,

Thanks for investigating and sharing that info. Now I'm convinced it's not a virus/malware. It just happens to make a noise that sounds like a virus to certain detection software(s).

BOINC FAQ Service
Official BOINC wiki
Installing BOINC on Linux

Einstein component detected as VIRUS (Suspicious.Lop)

Forums › Cafe Einstein

Einstein component detected as VIRUS (Suspicious.Lop)

So what? This file infected

RE: So what? This file

The original file was

RE: The original file was

Harvey, Thanks for

Comment viewing options

Forums › Cafe Einstein