climateprediction.net (CPDN) home page
Thread 'why does my anti-virus program think "hadam3p_afr_7.22_windows_intelx86.exe" is malware?'

Thread 'why does my anti-virus program think "hadam3p_afr_7.22_windows_intelx86.exe" is malware?'

Questions and Answers : Windows : why does my anti-virus program think "hadam3p_afr_7.22_windows_intelx86.exe" is malware?
Message board moderation

To post messages, you must log in.

1 · 2 · Next

AuthorMessage
robertNOLA

Send message
Joined: 12 Sep 14
Posts: 2
Credit: 478,856
RAC: 0
Message 50911 - Posted: 1 Dec 2014, 19:02:21 UTC

After turning on my computer today my anti-virus program, Avast, popped up with a message declaring "hadam3p_afr_7.22_windows_intelx86.exe" is malware:



I haven't taken any action but a google search returned information about "hadam3p_pnw_um_7.22_windows_intelx86.exe," which is listed on a few sites as a threat (and is also in the ProgramData folder for climateprediction.net):

http://winwiki.org/wiki/article.php?kw=hadam3p_pnw_um_7.22_windows_intelx86.exe&

I found this page as well but, honestly, it's Greek to me...

http://climateapps2.oerc.ox.ac.uk/cpdnboinc/result.php?resultid=16281835

Since the zip and exe files are dated 11/06/2014 I'm not sure why Avast detected it today, unless it was downloaded since the last scan...

Any suggestions? I'm assuming it is a false "positive" but just wanted to check Thanks!

Robert
ID: 50911 · Report as offensive     Reply Quote
ProfileDave Jackson
Volunteer moderator

Send message
Joined: 15 May 09
Posts: 4542
Credit: 19,039,635
RAC: 18,944
Message 50912 - Posted: 1 Dec 2014, 19:30:29 UTC

Hi Robert, the project people are 99.99% sure this is a false positive. Because of the number of lines of code involved it is almost inevitable that occasionally, a portion of code will match a portion of code from a virus signature.

Just checked, post a few down from this http://climateapps2.oerc.ox.ac.uk/cpdnboinc/forum_thread.php?id=7908#50243 From Les who has a lot more knowledge and experience in this than I do gives virtually the same answer. Not sure what the best way of excluding the download from being zapped by your AV program is as I haven't used windows this century on my own machines.
ID: 50912 · Report as offensive     Reply Quote
Les Bayliss
Volunteer moderator

Send message
Joined: 5 Sep 04
Posts: 7629
Credit: 24,240,330
RAC: 0
Message 50913 - Posted: 1 Dec 2014, 20:35:21 UTC

Hello Robert

I agree with Dave about this.

Up until a couple of years ago, I was using Avast. Then they posted notice of a new one for year nnnn, so I downloaded and installed it.
It immediately crashed all of my running tasks from POGS, because it had decided that it knew what was best.
Even after using it's options to exclude stuff, (which was easy on my Windows machines, because I'd made two separate partitions for the two parts of BOINC), it kept on quarantining some of the files and crashing their tasks, so I got rid of it, only hours after downloading it.
The new appearance also looked ugly.

I don't know about now, but Norton also used to be notorious for deciding that some file was dangerous and getting rid of it.

The reason that this may have just happened to you, is because of an automatic update to your AV.

ID: 50913 · Report as offensive     Reply Quote
robertNOLA

Send message
Joined: 12 Sep 14
Posts: 2
Credit: 478,856
RAC: 0
Message 50917 - Posted: 2 Dec 2014, 0:24:07 UTC

Thanks for your prompt responses, Dave and Les! I was relatively certain there wasn't a problem but wanted to check.

I rebooted my computer earlier and was greeted by the following malign message from Avast:




so I sent Avast a "false positive" notification, adding that programs for BOINC from climateprediction.net don't include malware. I also added the BOINC subdirectory of ProgramData to Avast's exclusions list for future scanning.

This is my first experience with Avast - until October I'd used AVG Pro for several years but the 2015 version refused to install on this PC and AVG has become comparable to Norton in that they charge for product support (no thanks, I don't want to pay $25 for tech support on a product I just paid for... they refunded my renewal charge without a hassle, at least).

If this happens again I'll be looking for another AV program or, better yet, ditching Windows and using Linux exclusively.

Thanks again!

Robert
ID: 50917 · Report as offensive     Reply Quote
ProfileAlan K

Send message
Joined: 22 Feb 06
Posts: 492
Credit: 31,500,747
RAC: 15,338
Message 50918 - Posted: 2 Dec 2014, 10:46:50 UTC - in response to Message 50917.  

You could try MS Security Essentials on Windows boxes. Its free!! Its what I run, but I also do checks with Malaware Bytes every so often as an additional backup.
ID: 50918 · Report as offensive     Reply Quote
ProfileJIM

Send message
Joined: 31 Dec 07
Posts: 1152
Credit: 22,363,583
RAC: 5,022
Message 50923 - Posted: 2 Dec 2014, 15:01:34 UTC - in response to Message 50913.  



I don't know about now, but Norton also used to be notorious for deciding that some file was dangerous and getting rid of it.



I have been running Norton AV for several years and have never had any trouble with false positives.


ID: 50923 · Report as offensive     Reply Quote
Jim1348

Send message
Joined: 15 Jan 06
Posts: 637
Credit: 26,751,529
RAC: 653
Message 50926 - Posted: 2 Dec 2014, 21:25:07 UTC

I have had far more problems with antiviruses than with viruses, especially considering that I have never had a virus in 20 years on the Internet. Even the email attachment warnings (which I would never open anyway) are gone due to my ISP's filtering of attachments. I use Windows Defender on Win7, which is spyware only, but that is only because it does not give me any problems. I have found that if you don't install viruses, you don't get them.
ID: 50926 · Report as offensive     Reply Quote
MichaelO

Send message
Joined: 8 Aug 05
Posts: 12
Credit: 24,554,040
RAC: 2,537
Message 51043 - Posted: 26 Dec 2014, 1:34:13 UTC
Last modified: 26 Dec 2014, 2:12:12 UTC

I am running Norton 360 - and it just tagged the subject file running - hadam3p_afr_sdvc_2013_1_009348474_1.exe - as a "Trojan.Gen.2" - quarantining it. I thought I had exempted the subject file already - hadam3p_afr_7.22_... but that did not seem to stop a recent detection on 12/25/2014 at about 17:31 hours PST.

Addendum: I forced another machine with a similar "afr" file to start running it. It appears to have taken the other machine (above) about 16-31 minutes of elapsed time before being flagged by Norton 360 and quarantined. The machine I just forced "afr" to run on is a Windows 8.1 OS using on Windows Defender. I'll see what happens.
ID: 51043 · Report as offensive     Reply Quote
Jesse Viviano

Send message
Joined: 20 Dec 14
Posts: 23
Credit: 2,450,095
RAC: 296
Message 51071 - Posted: 29 Dec 2014, 18:52:35 UTC - in response to Message 51043.  
Last modified: 29 Dec 2014, 18:52:43 UTC

You can report the false positive to Symantec at https://submit.symantec.com/false_positive/.
ID: 51071 · Report as offensive     Reply Quote
ProfileJIM

Send message
Joined: 31 Dec 07
Posts: 1152
Credit: 22,363,583
RAC: 5,022
Message 51081 - Posted: 30 Dec 2014, 15:36:49 UTC

I have the same problem. Last night Norton Anti=virus killed 3 hadam3p_afr tasks within seconded of beginning to run, stating that they contained a virus.

ID: 51081 · Report as offensive     Reply Quote
ProfileJIM

Send message
Joined: 31 Dec 07
Posts: 1152
Credit: 22,363,583
RAC: 5,022
Message 51082 - Posted: 30 Dec 2014, 19:09:45 UTC - in response to Message 51081.  

I have the same problem. Last night Norton Anti=virus killed 3 hadam3p_afr tasks within seconded of beginning to run, stating that they contained a virus.


More info:

12/30/2014 2:06:07 AM | climateprediction.net | Started download of hadam3p_afr_7.22_windows_intelx86.exe
12/30/2014 2:06:07 AM | climateprediction.net | Computation for task hadam3p_afr_sbxo_2013_1_009345966_1 finished
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_1.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_2.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_3.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_4.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_5.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_6.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_7.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_8.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_9.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_10.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_11.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_12.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | Output file hadam3p_afr_sbxo_2013_1_009345966_1_13.zip for task hadam3p_afr_sbxo_2013_1_009345966_1 absent
12/30/2014 2:06:07 AM | climateprediction.net | [error] Process creation failed: The process cannot access the file because it is being used by another process. (0x20) - error code 32 (0x20)
12/30/2014 2:06:07 AM | climateprediction.net | [error] Process creation failed: The process cannot access the file because it is being used by another process. (0x20) - error code 32 (0x20)
12/30/2014 2:06:07 AM | climateprediction.net | [error] Process creation failed: The process cannot access the file because it is being used by another process. (0x20) - error code 32 (0x20)
12/30/2014 2:06:07 AM | climateprediction.net | [error] Process creation failed: The process cannot access the file because it is being used by another process. (0x20) - error code 32 (0x20)
12/30/2014 2:06:07 AM | climateprediction.net | [error] Process creation failed: The process cannot access the file because it is being used by another process. (0x20) - error code 32 (0x20)
12/30/2014 2:06:11 AM | climateprediction.net | Computation for task hadam3p_afr_sbxd_2013_1_009345955_1 finished
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_1.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_2.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_3.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_4.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_5.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_6.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_7.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_8.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_9.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_10.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_11.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_12.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent
12/30/2014 2:06:11 AM | climateprediction.net | Output file hadam3p_afr_sbxd_2013_1_009345955_1_13.zip for task hadam3p_afr_sbxd_2013_1_009345955_1 absent

Messages indicate that the tasks failed because Norton AV either deleted or locked some file in the mistaken belief that it contained a Trojan.

ID: 51082 · Report as offensive     Reply Quote
Les Bayliss
Volunteer moderator

Send message
Joined: 5 Sep 04
Posts: 7629
Credit: 24,240,330
RAC: 0
Message 51083 - Posted: 30 Dec 2014, 19:19:47 UTC - in response to Message 51082.  

Which is why the long standing advice is: Don't let AV programs have access to the BOINC folders.

ID: 51083 · Report as offensive     Reply Quote
ProfileJIM

Send message
Joined: 31 Dec 07
Posts: 1152
Credit: 22,363,583
RAC: 5,022
Message 51084 - Posted: 30 Dec 2014, 20:43:55 UTC

I long ago excluded the Boinc folders (both in �Programs� and �ProgramData�) from scans. The problem seems to be that as the file open Norton scans it anyway. There doesn�t appear anyway to stop it from doing this.

ID: 51084 · Report as offensive     Reply Quote
Les Bayliss
Volunteer moderator

Send message
Joined: 5 Sep 04
Posts: 7629
Credit: 24,240,330
RAC: 0
Message 51085 - Posted: 30 Dec 2014, 20:54:46 UTC - in response to Message 51084.  

Ah, that sounds similar to the problem that I had with AVG a long time ago.
And it took a lot of work to get rid of all the bits of AVG.

After running without an AV for a few days, I ended up using Microsoft's Security Essentials, which they were advertising for "the sum of Free". I figured that an MS program should work OK on an MS OS. Best part was that it didn't keep wanting to reboot the computer after every upgrade.

The latest Norton seems to be quite aggressive and bossy.

ID: 51085 · Report as offensive     Reply Quote
ProfileastroWX
Volunteer moderator

Send message
Joined: 5 Aug 04
Posts: 1496
Credit: 95,522,203
RAC: 0
Message 51092 - Posted: 1 Jan 2015, 0:06:43 UTC
Last modified: 1 Jan 2015, 0:10:14 UTC

My experience with avast! is that it honors exclusions (I exclude the entire boinc partition) but was bitten yesterday because I didn't think things through.

Thanks to several 'Africa' tasks hung in download of this topic's .exe file, an attempt was made to copy the file to a thumbdrive from a machine with a good download. Well that gave avast! license to stomp on the transfer.

A 'false positive' report was made to the folks in Prague identifying the file as being from a "trusted source" and also checked the "I know what I'm doing" box. (The latter claim is debatable.) An auto-generated come-back message said the file would be evaluated.


Les,
Microsoft Essentials is no more than its name implies: "essentials." Even M$ says it isn't meant as a substitute for regular AV programs. (I read-up on it when considering it as a replacement for avast! on all but my Vista boxes.


HAPPY NEW YEAR, everyone.
"We have met the enemy and he is us." -- Pogo
Greetings from coastal Washington state, the scenic US Pacific Northwest.
ID: 51092 · Report as offensive     Reply Quote
ProfileastroWX
Volunteer moderator

Send message
Joined: 5 Aug 04
Posts: 1496
Credit: 95,522,203
RAC: 0
Message 51113 - Posted: 4 Jan 2015, 0:46:09 UTC - in response to Message 51092.  

Three more _afr_ tasks downloaded to a machine but were, as before, stuck on download with this file, hung ~99%.

This time, the file was copied from another machine and written over the partial file on the troubled machine. Unlike last time, avast! was temporarily suspended to save a copy and same to overwrite the partial copy on the receiving machine. (To be sure, on both machines, I was quick to reactivate avast!) The stalled download was forced to restart and its download entry immediately disappeared.

The three tasks were forced to start, in turn, to test whether the procedure worked. Two survived; the third suffered stillbirth with "Model crashed: INITTIME: Atmosphere basis time mismatch" same as first iteration in the work unit.

Anyway, the work-around works.

"We have met the enemy and he is us." -- Pogo
Greetings from coastal Washington state, the scenic US Pacific Northwest.
ID: 51113 · Report as offensive     Reply Quote
Les Bayliss
Volunteer moderator

Send message
Joined: 5 Sep 04
Posts: 7629
Credit: 24,240,330
RAC: 0
Message 51281 - Posted: 19 Jan 2015, 20:02:24 UTC

As this is ongoing, and there appears to be difficulty in excluding that area from scanning, I'm going to ask that the Africa models be made exclusively Linux for awhile.

ID: 51281 · Report as offensive     Reply Quote
ProfileastroWX
Volunteer moderator

Send message
Joined: 5 Aug 04
Posts: 1496
Credit: 95,522,203
RAC: 0
Message 51282 - Posted: 20 Jan 2015, 2:45:07 UTC - in response to Message 51113.  

This procedure was successfully used thrice more to rescue machines with this file's download.

The 'workaround' works but, as Les says, it shouldn't be necessary to play games to get these puppies to play. Such is life at CPDN when tasks aren't all generated at Oxford ...
"We have met the enemy and he is us." -- Pogo
Greetings from coastal Washington state, the scenic US Pacific Northwest.
ID: 51282 · Report as offensive     Reply Quote
ProfileAlan K

Send message
Joined: 22 Feb 06
Posts: 492
Credit: 31,500,747
RAC: 15,338
Message 51283 - Posted: 20 Jan 2015, 9:42:51 UTC - in response to Message 51281.  

As a non-avast W7 user that is not good news. Wouldn't a better option for the time being be for Avast users to remove Afr models from their "to do" list.
ID: 51283 · Report as offensive     Reply Quote
ProfileDave Jackson
Volunteer moderator

Send message
Joined: 15 May 09
Posts: 4542
Credit: 19,039,635
RAC: 18,944
Message 51284 - Posted: 20 Jan 2015, 10:01:59 UTC - in response to Message 51283.  

As a non-avast W7 user that is not good news. Wouldn't a better option for the time being be for Avast users to remove Afr models from their "to do" list.


If a much larger part of the user base for CPDN were more computer literate yes. As it is while some write in to the boards and are able to follow instruction, many install and forget which is not ideal for this project, creating lots of downloads to no good purpose. At the moment there are a plenty of tasks which do not have this problem so no shortage of work.

I suspect that the users who have no problems using their project specific preferences to exclude these models are the same ones who have few problems working around their antivirus's foibles.
ID: 51284 · Report as offensive     Reply Quote
1 · 2 · Next

Questions and Answers : Windows : why does my anti-virus program think "hadam3p_afr_7.22_windows_intelx86.exe" is malware?

©2024 cpdn.org