Currently I'm monitoring all but FAH* processes on my Atom330 to see if I can catch any illegitimate process(es) tampering with the work directory. Got to drop unfiltered events from the log though, otherwise it would swamp my system pretty quickly:06:39:01:WU01:FS00:0x11:Completed 100%
06:39:01:WU01:FS00:0x11:Successful run
06:39:01:WU01:FS00:0x11:DynamicWrapper: Finished Work Unit: sleep=10000
06:39:11:WU01:FS00:0x11:Reserved 75808 bytes for xtc file; Cosm status=0
06:39:11:WU01:FS00:0x11:Allocated 75808 bytes for xtc file
06:39:11:WU01:FS00:0x11:- Reading up to 75808 from "01/wudata_01.xtc": Read 75808
06:39:11:WU01:FS00:0x11:Read 75808 bytes from xtc file; available packet space=786354656
06:39:11:WU01:FS00:0x11:xtc file hash check passed.
06:39:11:WU01:FS00:0x11:Reserved 15168 15168 786354656 bytes for arc file=<01/wudata_01.trr> Cosm status=0
06:39:11:WU01:FS00:0x11:Allocated 15168 bytes for arc file
06:39:11:WU01:FS00:0x11:- Reading up to 15168 from "01/wudata_01.trr": Read 15168
06:39:11:WU01:FS00:0x11:Read 15168 bytes from arc file; available packet space=786339488
06:39:11:WU01:FS00:0x11:trr file hash check passed.
06:39:11:WU01:FS00:0x11:Allocated 560 bytes for edr file
06:39:11:WU01:FS00:0x11:Read bedfile
06:39:11:WU01:FS00:0x11:edr file hash check passed.
06:39:11:WU01:FS00:0x11:Allocated 0 bytes for logfile
06:39:11:WU01:FS00:0x11:Could not open/read logfile=<01/wudata_01.log>; Cosm status=-1
06:39:11:WU01:FS00:0x11:GuardedRun: success in DynamicWrapper
06:39:11:WU01:FS00:0x11:GuardedRun: done
06:39:11:WU01:FS00:0x11:Run: GuardedRun completed.
06:39:15:WU01:FS00:0x11:+ Opened results file
06:39:15:WU01:FS00:0x11:- Writing 92048 bytes of core data to disk...
06:39:15:WU01:FS00:0x11:Done: 91536 -> 90321 (compressed to 98.6 percent)
06:39:15:WU01:FS00:0x11: ... Done.
06:39:15:WU01:FS00:0x11:DeleteFrameFiles: successfully deleted file=01/wudata_01.ckp
06:39:15:WU01:FS00:0x11:Shutting down core
06:39:15:WU01:FS00:0x11:
06:39:15:WU01:FS00:0x11:Folding@home Core Shutdown: FINISHED_UNIT
06:39:16:WU01:FS00:FahCore returned: FINISHED_UNIT (100 = 0x64)
06:39:16:WU01:FS00:Sending unit results: id:01 state:SEND error:NO_ERROR project:5771 run:1 clone:152 gen:2217 core:0x11 unit:0x5d10947650df62ed08a900980001168b
06:39:16:WU01:FS00:Uploading 88.70KiB to 171.67.108.11
06:39:16:WU01:FS00:Connecting to 171.67.108.11:8080
06:39:18:WU01:FS00:Upload complete
06:39:18:WU01:FS00:Server responded WORK_ACK (400)
06:39:18:WU01:FS00:Cleaning up
The System process (PID 4, OS kernel) seems to do something extra during checkpointing, but I'm assuming this kind of stuff is legitimate, file timestamps being updated etc:
For the past couple of hours, no news if I temporily filter out System from the recorded event log:
Now, if I happen to catch any 3rd party processes (other than FAH*) having messed around in the work folder when the FAH log shows weird things, it's a clear-cut case. But if I see only System process, what then? I think it highly unlikely that my OS kernel has been corrupted by malware. As for legitimate OS kernel doing something it shouldn't be doing with FAH files - aww, come on...
Is the boldfaced thingy in the log excerpt just some cosmetic issue? How about the rest of you, are you seeing "ghosts" like this? Buy me a ticket out of Paranoia city, please.