Page 1 of 1
Folding@home used as way to attack my system.
Posted: Sun Mar 15, 2020 9:43 pm
by jradx
Trojans detect when installed and running.
Had to run multiple scans, full page of removed files which were blocked or quarantined.
Attacks did not stop when connected to a network, went airplane mode to isolate and then uninstalled folding@home.
After uninstall all attacks stopped.
no more trojans.
Related to recent server outage? I haven't read up on it yet.
Still running on another system with no threats detected. But might be a hole in the fence... Am I the only one that has experienced this? Are these false positives?
Re: Folding@home used as way to attack my system.
Posted: Sun Mar 15, 2020 9:51 pm
by JimboPalmer
My only thought, are you sure you downloaded the software from the Folding@Home site?
You did not follow some link that claimed to be the Folding@Home site?
https://foldingathome.org/start-folding/
Re: Folding@home used as way to attack my system.
Posted: Sun Mar 15, 2020 9:52 pm
by Joe_H
I am making the assumption that you downloaded the client from the official website.
Yes, the random binary data in the WU files can trigger false positives. We usually advise setting antiviral software to exclude the work directory for the F@h software from scans. This is secure as the client will only connect to the F@h servers, and all files transferred are digitally signed for verification.
Re: Folding@home used as way to attack my system.
Posted: Sun Mar 15, 2020 10:06 pm
by jradx
Joe_H wrote:I am making the assumption that you downloaded the client from the official website.
Yes, the random binary data in the WU files can trigger false positives. We usually setting antiviral software to exclude the work directory for the F@h software from scans. This is secure as the client will only connect to the F@h servers, and all files transferred are digitally signed for verification.
Thank you for your prompt reply. yes it was from the official servers.
My only other question is why did it take a few days to trigger false positives, is it that certain workloads require certain privileges?
Is the following related to folding@home:
\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\680\EFMData\13821.dat
If not i seem to be having a deeper problem then I thought.
Re: Folding@home used as way to attack my system.
Posted: Sun Mar 15, 2020 10:12 pm
by Joe_H
That does not look to be related to F@h, a quick google search has it being associated with one of the Windows messaging apps.
Re: Folding@home used as way to attack my system.
Posted: Sun Mar 15, 2020 10:15 pm
by jradx
Thought maybe a messaging protocol that could have been used or something, I will continue to investigate.
Re: Folding@home used as way to attack my system.
Posted: Sun Mar 15, 2020 10:17 pm
by JimboPalmer
Folding@Home communicates like a browser, using ports 80 and/or 8080.