After turning on my computer today my anti-virus program, Avast, popped up with a message declaring "hadam3p_afr_7.22_windows_intelx86.exe" is malware:



I haven't taken any action but a google search returned information about "hadam3p_pnw_um_7.22_windows_intelx86.exe," which is listed on a few sites as a threat (and is also in the ProgramData folder for climateprediction.net):

http://winwiki.org/wiki/article.php?kw=hadam3p_pnw_um_7.22_windows_intelx86.exe&

I found this page as well but, honestly, it's Greek to me...

http://climateapps2.oerc.ox.ac.uk/cpdnboinc/result.php?resultid=16281835

Since the zip and exe files are dated 11/06/2014 I'm not sure why Avast detected it today, unless it was downloaded since the last scan...

Any suggestions? I'm assuming it is a false "positive" but just wanted to check Thanks!

Robert

Hi Robert, the project people are 99.99% sure this is a false positive. Because of the number of lines of code involved it is almost inevitable that occasionally, a portion of code will match a portion of code from a virus signature.

Just checked, post a few down from this http://climateapps2.oerc.ox.ac.uk/cpdnboinc/forum_thread.php?id=7908#50243 From Les who has a lot more knowledge and experience in this than I do gives virtually the same answer. Not sure what the best way of excluding the download from being zapped by your AV program is as I haven't used windows this century on my own machines.

Hello Robert

I agree with Dave about this.

Up until a couple of years ago, I was using Avast. Then they posted notice of a new one for year nnnn, so I downloaded and installed it.
It immediately crashed all of my running tasks from POGS, because it had decided that it knew what was best.
Even after using it's options to exclude stuff, (which was easy on my Windows machines, because I'd made two separate partitions for the two parts of BOINC), it kept on quarantining some of the files and crashing their tasks, so I got rid of it, only hours after downloading it.
The new appearance also looked ugly.

I don't know about now, but Norton also used to be notorious for deciding that some file was dangerous and getting rid of it.

The reason that this may have just happened to you, is because of an automatic update to your AV.

Thanks for your prompt responses, Dave and Les! I was relatively certain there wasn't a problem but wanted to check.

I rebooted my computer earlier and was greeted by the following malign message from Avast:




so I sent Avast a "false positive" notification, adding that programs for BOINC from climateprediction.net don't include malware. I also added the BOINC subdirectory of ProgramData to Avast's exclusions list for future scanning.

This is my first experience with Avast - until October I'd used AVG Pro for several years but the 2015 version refused to install on this PC and AVG has become comparable to Norton in that they charge for product support (no thanks, I don't want to pay $25 for tech support on a product I just paid for... they refunded my renewal charge without a hassle, at least).

If this happens again I'll be looking for another AV program or, better yet, ditching Windows and using Linux exclusively.

Thanks again!

Robert

You could try MS Security Essentials on Windows boxes. Its free!! Its what I run, but I also do checks with Malaware Bytes every so often as an additional backup.

I don't know about now, but Norton also used to be notorious for deciding that some file was dangerous and getting rid of it.

I have been running Norton AV for several years and have never had any trouble with false positives.

---

I have had far more problems with antiviruses than with viruses, especially considering that I have never had a virus in 20 years on the Internet. Even the email attachment warnings (which I would never open anyway) are gone due to my ISP's filtering of attachments. I use Windows Defender on Win7, which is spyware only, but that is only because it does not give me any problems. I have found that if you don't install viruses, you don't get them.

I am running Norton 360 - and it just tagged the subject file running - hadam3p_afr_sdvc_2013_1_009348474_1.exe - as a "Trojan.Gen.2" - quarantining it. I thought I had exempted the subject file already - hadam3p_afr_7.22_... but that did not seem to stop a recent detection on 12/25/2014 at about 17:31 hours PST.

Addendum: I forced another machine with a similar "afr" file to start running it. It appears to have taken the other machine (above) about 16-31 minutes of elapsed time before being flagged by Norton 360 and quarantined. The machine I just forced "afr" to run on is a Windows 8.1 OS using on Windows Defender. I'll see what happens.

---

You can report the false positive to Symantec at https://submit.symantec.com/false_positive/.

I have the same problem. Last night Norton Anti=virus killed 3 hadam3p_afr tasks within seconded of beginning to run, stating that they contained a virus.

---

I have the same problem. Last night Norton Anti=virus killed 3 hadam3p_afr tasks within seconded of beginning to run, stating that they contained a virus.

More info:

12/30/2014 2:06:07 AM | climateprediction.net | Started download of hadam3p_afr_7.22_windows_intelx86.exe
12/30/2014 2:06:07 AM | climateprediction.net | Computation for task hadam3p_afr_sbxo_2013_1_009345966_1 finished
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_1.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_2.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_3.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_4.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_5.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_6.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_7.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_8.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_9.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_10.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_11.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_12.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_13.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | [error] Process creation failed: The process cannot access the file because it is being used by another process. (0x20) - error code 32 (0x20)
12/30/2014 2:06:07 AM | climateprediction.net | [error] Process creation failed: The process cannot access the file because it is being used by another process. (0x20) - error code 32 (0x20)
12/30/2014 2:06:07 AM | climateprediction.net | [error] Process creation failed: The process cannot access the file because it is being used by another process. (0x20) - error code 32 (0x20)
12/30/2014 2:06:07 AM | climateprediction.net | [error] Process creation failed: The process cannot access the file because it is being used by another process. (0x20) - error code 32 (0x20)
12/30/2014 2:06:07 AM | climateprediction.net | [error] Process creation failed: The process cannot access the file because it is being used by another process. (0x20) - error code 32 (0x20)
12/30/2014 2:06:11 AM | climateprediction.net | Computation for task hadam3p_afr_sbxd_2013_1_009345955_1 finished
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_1.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_2.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_3.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_4.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_5.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_6.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_7.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_8.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_9.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_10.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_11.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_12.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_13.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent

Messages indicate that the tasks failed because Norton AV either deleted or locked some file in the mistaken belief that it contained a Trojan.

---

Which is why the long standing advice is: Don't let AV programs have access to the BOINC folders.

I long ago excluded the Boinc folders (both in �Programs� and �ProgramData�) from scans. The problem seems to be that as the file open Norton scans it anyway. There doesn�t appear anyway to stop it from doing this.

---

Ah, that sounds similar to the problem that I had with AVG a long time ago.
And it took a lot of work to get rid of all the bits of AVG.

After running without an AV for a few days, I ended up using Microsoft's Security Essentials, which they were advertising for "the sum of Free". I figured that an MS program should work OK on an MS OS. Best part was that it didn't keep wanting to reboot the computer after every upgrade.

The latest Norton seems to be quite aggressive and bossy.

My experience with avast! is that it honors exclusions (I exclude the entire boinc partition) but was bitten yesterday because I didn't think things through.

Thanks to several 'Africa' tasks hung in download of this topic's .exe file, an attempt was made to copy the file to a thumbdrive from a machine with a good download. Well that gave avast! license to stomp on the transfer.

A 'false positive' report was made to the folks in Prague identifying the file as being from a "trusted source" and also checked the "I know what I'm doing" box. (The latter claim is debatable.) An auto-generated come-back message said the file would be evaluated.


Les,
Microsoft Essentials is no more than its name implies: "essentials." Even M$ says it isn't meant as a substitute for regular AV programs. (I read-up on it when considering it as a replacement for avast! on all but my Vista boxes.


HAPPY NEW YEAR, everyone.

---

"We have met the enemy and he is us." -- Pogo
Greetings from coastal Washington state, the scenic US Pacific Northwest.

Three more _afr_ tasks downloaded to a machine but were, as before, stuck on download with this file, hung ~99%.

This time, the file was copied from another machine and written over the partial file on the troubled machine. Unlike last time, avast! was temporarily suspended to save a copy and same to overwrite the partial copy on the receiving machine. (To be sure, on both machines, I was quick to reactivate avast!) The stalled download was forced to restart and its download entry immediately disappeared.

The three tasks were forced to start, in turn, to test whether the procedure worked. Two survived; the third suffered stillbirth with "Model crashed: INITTIME: Atmosphere basis time mismatch" same as first iteration in the work unit.

Anyway, the work-around works.

---

"We have met the enemy and he is us." -- Pogo
Greetings from coastal Washington state, the scenic US Pacific Northwest.

As this is ongoing, and there appears to be difficulty in excluding that area from scanning, I'm going to ask that the Africa models be made exclusively Linux for awhile.

This procedure was successfully used thrice more to rescue machines with this file's download.

The 'workaround' works but, as Les says, it shouldn't be necessary to play games to get these puppies to play. Such is life at CPDN when tasks aren't all generated at Oxford ...

---

"We have met the enemy and he is us." -- Pogo
Greetings from coastal Washington state, the scenic US Pacific Northwest.

As a non-avast W7 user that is not good news. Wouldn't a better option for the time being be for Avast users to remove Afr models from their "to do" list.

As a non-avast W7 user that is not good news. Wouldn't a better option for the time being be for Avast users to remove Afr models from their "to do" list.

If a much larger part of the user base for CPDN were more computer literate yes. As it is while some write in to the boards and are able to follow instruction, many install and forget which is not ideal for this project, creating lots of downloads to no good purpose. At the moment there are a plenty of tasks which do not have this problem so no shortage of work.

I suspect that the users who have no problems using their project specific preferences to exclude these models are the same ones who have few problems working around their antivirus's foibles.