Trojans detect when installed and running.
Had to run multiple scans, full page of removed files which were blocked or quarantined.
Attacks did not stop when connected to a network, went airplane mode to isolate and then uninstalled folding@home.
After uninstall all attacks stopped.
no more trojans.
Related to recent server outage? I haven't read up on it yet.
Still running on another system with no threats detected. But might be a hole in the fence... Am I the only one that has experienced this? Are these false positives?
Folding@home used as way to attack my system.
Moderators: Site Moderators, FAHC Science Team
-
JimboPalmer
- Posts: 2522
- Joined: Mon Feb 16, 2009 4:12 am
- Location: Greenwood MS USA
Re: Folding@home used as way to attack my system.
My only thought, are you sure you downloaded the software from the Folding@Home site?
You did not follow some link that claimed to be the Folding@Home site?
https://foldingathome.org/start-folding/
You did not follow some link that claimed to be the Folding@Home site?
https://foldingathome.org/start-folding/
Last edited by JimboPalmer on Sun Mar 15, 2020 9:53 pm, edited 1 time in total.
Tsar of all the Rushers
I tried to remain childlike, all I achieved was childish.
A friend to those who want no friends
I tried to remain childlike, all I achieved was childish.
A friend to those who want no friends
-
Joe_H
- Site Admin
- Posts: 7990
- Joined: Tue Apr 21, 2009 4:41 pm
- Hardware configuration: Mac Studio M1 Max 32 GB smp6
Mac Hack i7-7700K 48 GB smp4 - Location: W. MA
Re: Folding@home used as way to attack my system.
I am making the assumption that you downloaded the client from the official website.
Yes, the random binary data in the WU files can trigger false positives. We usually advise setting antiviral software to exclude the work directory for the F@h software from scans. This is secure as the client will only connect to the F@h servers, and all files transferred are digitally signed for verification.
Yes, the random binary data in the WU files can trigger false positives. We usually advise setting antiviral software to exclude the work directory for the F@h software from scans. This is secure as the client will only connect to the F@h servers, and all files transferred are digitally signed for verification.
Re: Folding@home used as way to attack my system.
Thank you for your prompt reply. yes it was from the official servers.Joe_H wrote:I am making the assumption that you downloaded the client from the official website.
Yes, the random binary data in the WU files can trigger false positives. We usually setting antiviral software to exclude the work directory for the F@h software from scans. This is secure as the client will only connect to the F@h servers, and all files transferred are digitally signed for verification.
My only other question is why did it take a few days to trigger false positives, is it that certain workloads require certain privileges?
Is the following related to folding@home:
\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\680\EFMData\13821.dat
If not i seem to be having a deeper problem then I thought.
-
Joe_H
- Site Admin
- Posts: 7990
- Joined: Tue Apr 21, 2009 4:41 pm
- Hardware configuration: Mac Studio M1 Max 32 GB smp6
Mac Hack i7-7700K 48 GB smp4 - Location: W. MA
Re: Folding@home used as way to attack my system.
That does not look to be related to F@h, a quick google search has it being associated with one of the Windows messaging apps.
Re: Folding@home used as way to attack my system.
Thought maybe a messaging protocol that could have been used or something, I will continue to investigate.
-
JimboPalmer
- Posts: 2522
- Joined: Mon Feb 16, 2009 4:12 am
- Location: Greenwood MS USA
Re: Folding@home used as way to attack my system.
Folding@Home communicates like a browser, using ports 80 and/or 8080.
Tsar of all the Rushers
I tried to remain childlike, all I achieved was childish.
A friend to those who want no friends
I tried to remain childlike, all I achieved was childish.
A friend to those who want no friends