climateprediction.net home page
Virus after more than 3200 h of calculation?!

Virus after more than 3200 h of calculation?!

Questions and Answers : Windows : Virus after more than 3200 h of calculation?!
Message board moderation

To post messages, you must log in.

AuthorMessage
Harald von Priesdorff

Send message
Joined: 10 Nov 05
Posts: 7
Credit: 2,204,711
RAC: 0
Message 26148 - Posted: 18 Jan 2007, 20:00:02 UTC

1. Message by anti-virus sytem, that there is
Virus.DOS.Urugay.Poly
in file yabfg.aswap in directory hadcm3lbrr, process hadcm3.. (see below)
I asked to do nothing with this file!
2.windows message:
hadcm3transum_508_windows_instelx86.exe
has a problem and stopped. On the message I asked to inform Microsoft of this problem.
3. Anti-virus-message:
Virus.DOS...
is in yabf... prozess: Explorer.exe (MS-answer on 2?!)
I had to shut down my PC. After Reboot this evening same procedure, problem1. Now climaprediction cancelled with an recoverrable error.
Some days ago I had already this problem, anti-virus-+messages and finally a Fortran-runtime-error, I/O on a dummy file, I did not count the number of windows.
Because I backed up before, I was able to try to provoke this error. For the moment I\'m just idle waiting what to do. May this virus\' simply be crated by an unpredictable binary write or is this more serious. And what about the erro cancellation. Sorry, just 390 hours before the estimated end.




ID: 26148 · Report as offensive     Reply Quote
Les Bayliss
Volunteer moderator

Send message
Joined: 5 Sep 04
Posts: 7629
Credit: 24,240,330
RAC: 0
Message 26150 - Posted: 18 Jan 2007, 20:35:11 UTC

yabfg.aswap is a text file, not an executable file. It CANNOT contain a virus.
The situation you have is called a \'false positive\'.
One AV program,, Sophos, keeps finding it, and automatically deletes the file.
This causes the program to crash.

There are two cures:
A) In the options of the AV, exclude the entire BOINC folder from scanning.
B) If it is Sophos, update to the latest version, which is supposed to be fixed.

Then reload BOINC from your backup.

ID: 26150 · Report as offensive     Reply Quote
Harald von Priesdorff

Send message
Joined: 10 Nov 05
Posts: 7
Credit: 2,204,711
RAC: 0
Message 26154 - Posted: 18 Jan 2007, 21:57:11 UTC - in response to Message 26150.  

yabfg.aswap is a text file, not an executable file. It CANNOT contain a virus.
The situation you have is called a \'false positive\'.
One AV program,, Sophos, keeps finding it, and automatically deletes the file.
This causes the program to crash.

There are two cures:
A) In the options of the AV, exclude the entire BOINC folder from scanning.
B) If it is Sophos, update to the latest version, which is supposed to be fixed.

Then reload BOINC from your backup.


Sorry, as I told, I configured anti-virus programme (Power AntiVirus) not to delete, modify.. this infected file. That\'s why I got the warning several times!
ID: 26154 · Report as offensive     Reply Quote
Harald von Priesdorff

Send message
Joined: 10 Nov 05
Posts: 7
Credit: 2,204,711
RAC: 0
Message 26156 - Posted: 18 Jan 2007, 22:09:53 UTC - in response to Message 26150.  

First of all, the simulation cancelled with an irrecoverable error.
And try to edit yabfgf.aswap, it\'s not really a text file. By the name I suppose it must be a swap-file, thus contains part of the real memory and so executable code.




ID: 26156 · Report as offensive     Reply Quote
Les Bayliss
Volunteer moderator

Send message
Joined: 5 Sep 04
Posts: 7629
Credit: 24,240,330
RAC: 0
Message 26159 - Posted: 18 Jan 2007, 22:39:48 UTC
Last modified: 18 Jan 2007, 22:40:28 UTC

I KNOW that the file isn\'t a .txt file, but it IS used just for storing DATA.

You\'ll continue to get warning messages until you exclude the BOINC folder from scanning.

A second problem with some AVs, e.g. Norton Anti Virus, is that they lock each file before scanning.
The program is a massive supercomputer based program written in Fortran, and the code doesn\'t like being denied access to it\'s files when it needs them. So the model crashes.

I haven\'t heard of your AV before, so I don\'t know anything about it.
AVs and virii have been talked about in the past on our php board here.

ID: 26159 · Report as offensive     Reply Quote
Harald von Priesdorff

Send message
Joined: 10 Nov 05
Posts: 7
Credit: 2,204,711
RAC: 0
Message 26164 - Posted: 19 Jan 2007, 0:16:15 UTC - in response to Message 26159.  

I KNOW that the file isn\'t a .txt file, but it IS used just for storing DATA.

You\'ll continue to get warning messages until you exclude the BOINC folder from scanning.

A second problem with some AVs, e.g. Norton Anti Virus, is that they lock each file before scanning.
The program is a massive supercomputer based program written in Fortran, and the code doesn\'t like being denied access to it\'s files when it needs them. So the model crashes.

I haven\'t heard of your AV before, so I don\'t know anything about it.
AVs and virii have been talked about in the past on our php board here.


Thanks, my AV is a german programm, so far running well on my PC for 2 years, I force it to ask what to do when finding suspicious things, so I may avoid handling of those simulation files. As for Fortran on supercomputer, that reminds me the past. Well in Fortran you may by iostating test on accessibility of some files, so manage error handlng yourself. I suppose that this will even run on these ugly PCs boxes.
But I was really astonished about the fact that I had been running this example for over 3200 h without any problem and suddenly there is this virus warning and the simulation dies! As I stated with my backup files I was able to repeat this error calculation. My suggestion was, that in binary datas you may not really controll whether you generate codes that another programme f.i. in ASCII-interpretation finds as indication of viruses.
Harald

ID: 26164 · Report as offensive     Reply Quote
Les Bayliss
Volunteer moderator

Send message
Joined: 5 Sep 04
Posts: 7629
Credit: 24,240,330
RAC: 0
Message 26165 - Posted: 19 Jan 2007, 3:06:00 UTC

My suggestion was, that in binary datas you may not really controll whether you generate codes that another programme f.i. in ASCII-interpretation finds as indication of viruses.


Exactly. Which is why it\'s up to the users to find a way around it. The data keeps changing, and so do the AVs.
Perhaps the problem only happened now because of a recent update to your AV, and/or starting a new version of the model.
There were major changes between the 5.08 models and the present 5.15 models.
And more changes are currently being tested.

The Sophos AV kept finding a \"pinwheel\" virus in yabfgf.aswap
It took months, and lots of posts from people using their AV before they would do something about it.
I think that one of the Unversities in Southern England was using it in large numbers, and when they complained, the Sophos people \"sat up and took notice\".

Good luck with fixing it.

ID: 26165 · Report as offensive     Reply Quote

Questions and Answers : Windows : Virus after more than 3200 h of calculation?!

©2024 cpdn.org