gefunden: trojanisches Programm Trojan-Dropper.Win32.Agent.blk URL: http://srv4.bakerlab.org/rosetta/download/rosetta_beta_5.70_windows_intelx86.exe

I think it's a problem with Kaspersky but did not allow the file anyway. Maybe you should check this and contact Kaspersky.

I'm getting the same thing with F-Secure Antivirus.

F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12
Malicious code found in file C:PROGRAM FILESBOINCPROJECTSBOINC.BAKERLAB.ORG_ROSETTAROSETTA_5.68_WINDOWS_INTELX86.EXE.

Infection: Trojan-Dropper.Win32.Agent.blk

F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12
Malicious code found in file C:PROGRAM FILESBOINCPROJECTSBOINC.BAKERLAB.ORG_ROSETTAROSETTA_BETA_5.70_WINDOWS_INTELX86.EXE.

Infection: Trojan-Dropper.Win32.Agent.blk

---

Exactly the same problem with F-Secure Anti-Virus Client Security 6.01 build 11441.
I don't know if it's a problem in the anti-virus, but I suppose that:
- it's not an heuristic detection as the infection name is stated clearly
- so, exactly the signature of the trojan was found in the binary!

Results: Rosetta@Home removed, BOINC removed and I'm not going to participate in that anymore.

I hope people we'll try to find other ways of distributed computing, e.g. some Java code (Java Web Start or something like that), which runs in a security sandbox, could be a solution.

The current model just cannot be trusted!

---

Same problem with ZoneAlarm Antivirus.

---

I think every antivirus program using the Kaspersky-Antivirus-Kernel shows the message that the new beta-client is a trojan.

Here is the message of my antivirus G-Data Internetsecurity 2007:

Beim Öffnen der Datei "C:ProgrammeBOINCprojectsboinc.bakerlab.org_rosettarosetta_beta_5.70_windows_intelx86.exe" wurde der Virus "Trojan-Dropper.Win32.Agent.blk" von der Engine "KAV" entdeckt. Datei gesäubert: nein. Datei gelöscht: nein. Quarantäne: nein.

AV-Version: 17.5878

Update: The AV-Version 17.5880 does not show this message and rosetta_beta_5.70 seems to work.

@Nightwolf: You're right, it was a fault of Kaspersky.

---

Reply from F-Secure:

The file you submitted is indeed clean. Our anti-virus product had a false alarm on this file earlier, however the problem is already fixed in the latest antivirus update.

---

no problems from AVG free virus scanner

---

no problems from AVG free virus scanner

No problems on debian 64 either

Mwahahahaha

[/evil laugh]

---

no problems from AVG free virus scanner

No problems on debian 64 either

Mwahahahaha

[/evil laugh]

double checked with trend micro housecall, nothing found

---

Sounds dodgy, but since all code is is basically 01011010101010010101001110000101010110010 and so on, an anti virus program looks for certain combinations of 0's and 1's, so if a program contains a line of code which is also present in a known virus, then the anti-virus will pick it up. I think it just shows that the anti-virus's are working properly if several of them pick it up. It's no reason to quit DC I don't think

---

i count only 3 programs out of how ever many listed, showing that there was a infection. sounds to me like the AV programs are faulty and don't like the code.
why would baker lab have a virus inserted in a specially coded wu, that is not even windows code? sounds very strange to me that a virus would show up in that.

an example of virus checker software going off its rocker, the two programs i use say that error guard is spyware or adware. well i know its not. it just must be the way its written that the programs think it is such a thing.

---

I also am experiencing no issues with 5.70 BETA being recognized as a trojan by AV software. I use G DATA AV, on access scanner would have picked it up if it were nastily coded methinks?

Antony