windows 10 detects WU 14125 positions.xtc as trojan

Moderators: Site Moderators, FAHC Science Team

Post Reply
chris21010
Posts: 13
Joined: Fri Jun 14, 2013 8:33 pm

windows 10 detects WU 14125 positions.xtc as trojan

Post by chris21010 »

i just got a notice from windows that 'positions.xtc' was detected as "Trojan:Script/Foretype.A!ml" and was immediately quarantined causing the failure of the WU. the log is below, no idea if its helpful though.

Image

Code: Select all

2019-04-09:01:29:00:WU03:FS05:Starting
2019-04-09:01:29:00:WU03:FS05:Running FahCore: "C:\Program Files (x86)\FAHClient/FAHCoreWrapper.exe" C:\Users\Chris-EVE\AppData\Roaming\FAHClient\cores/cores.foldingathome.org/Win32/AMD64/NVIDIA/Fermi/Core_21.fah/FahCore_21.exe -dir 03 -suffix 01 -version 705 -lifeline 16620 -checkpoint 6 -gpu-vendor nvidia -opencl-platform 0 -opencl-device 4 -cuda-device 4 -gpu 4
2019-04-09:01:29:00:WU03:FS05:Started FahCore on PID 17444
2019-04-09:01:29:00:WU03:FS05:Core PID:17780
2019-04-09:01:29:00:WU03:FS05:FahCore 0x21 started
2019-04-09:01:29:01:WU03:FS05:0x21:*********************** Log Started 2019-04-09T01:29:01Z ***********************
2019-04-09:01:29:01:WU03:FS05:0x21:Project: 14125 (Run 30, Clone 5, Gen 101)
2019-04-09:01:29:01:WU03:FS05:0x21:Unit: 0x0000008b0002894c5c06f94c1f2e3302
2019-04-09:01:29:01:WU03:FS05:0x21:CPU: 0x00000000000000000000000000000000
2019-04-09:01:29:01:WU03:FS05:0x21:Machine: 5
2019-04-09:01:29:01:WU03:FS05:0x21:Reading tar file core.xml
2019-04-09:01:29:01:WU03:FS05:0x21:Reading tar file integrator.xml
2019-04-09:01:29:01:WU03:FS05:0x21:Reading tar file state.xml
2019-04-09:01:29:01:WU03:FS05:0x21:Reading tar file system.xml
2019-04-09:01:29:01:WU03:FS05:0x21:Digital signatures verified
2019-04-09:01:29:01:WU03:FS05:0x21:Folding@home GPU Core21 Folding@home Core
2019-04-09:01:29:01:WU03:FS05:0x21:Version 0.0.18
2019-04-09:01:29:03:WU03:FS05:0x21:Completed 0 out of 25000000 steps (0%)
2019-04-09:01:29:03:WU03:FS05:0x21:Temperature control disabled. Requirements: single Nvidia GPU, tmax must be < 110 and twait >= 900
2019-04-09:01:31:50:WU03:FS05:0x21:Completed 250000 out of 25000000 steps (1%)
2019-04-09:01:34:36:WU03:FS05:0x21:Completed 500000 out of 25000000 steps (2%)
2019-04-09:01:37:22:WU03:FS05:0x21:Completed 750000 out of 25000000 steps (3%)
2019-04-09:01:40:09:WU03:FS05:0x21:Completed 1000000 out of 25000000 steps (4%)
2019-04-09:01:42:55:WU03:FS05:0x21:Completed 1250000 out of 25000000 steps (5%)
2019-04-09:01:45:41:WU03:FS05:0x21:Completed 1500000 out of 25000000 steps (6%)
2019-04-09:01:48:27:WU03:FS05:0x21:Completed 1750000 out of 25000000 steps (7%)
2019-04-09:01:48:28:WU03:FS05:0x21:ERROR:Guru Meditation #0.c9cfc6297b796f4d (0.375612) '03/01/positions.xtc'
2019-04-09:01:48:28:WU03:FS05:0x21:WARNING:Unexpected exit() call
2019-04-09:01:48:28:WU03:FS05:0x21:WARNING:Unexpected exit from science code
2019-04-09:01:48:28:WU03:FS05:0x21:Saving result file logfile_01.txt
2019-04-09:01:48:28:WU03:FS05:0x21:Saving result file checkpointState.xml
2019-04-09:01:48:28:WU03:FS05:0x21:Saving result file checkpt.crc
2019-04-09:01:48:28:WU03:FS05:0x21:Saving result file log.txt
2019-04-09:01:48:28:WU03:FS05:0x21:ERROR:Guru Meditation #0.c9cfc6297b796f4d (0.375612) '03/01/positions.xtc'
2019-04-09:01:48:29:WARNING:WU03:FS05:FahCore returned: BAD_FRAME_CHECKSUM (112 = 0x70)
2019-04-09:01:48:29:WARNING:WU03:FS05:Fatal error, dumping
2019-04-09:01:48:29:WU03:FS05:Sending unit results: id:03 state:SEND error:DUMPED project:14125 run:30 clone:5 gen:101 core:0x21 unit:0x0000008b0002894c5c06f94c1f2e3302
2019-04-09:01:48:29:WU03:FS05:Uploading 776.50KiB to 155.247.166.220
2019-04-09:01:48:29:WU03:FS05:Connecting to 155.247.166.220:8080
2019-04-09:01:48:30:WU03:FS05:Upload complete
Joe_H
Site Admin
Posts: 7856
Joined: Tue Apr 21, 2009 4:41 pm
Hardware configuration: Mac Pro 2.8 quad 12 GB smp4
MacBook Pro 2.9 i7 8 GB smp2
Location: W. MA

Re: windows 10 detects WU 14125 positions.xtc as trojan

Post by Joe_H »

Random binary data can sometimes match the signatures used by antivirus software. It is recommended that the work directory for the F@h client be excluded from scans for just this reason.
Image

iMac 2.8 i7 12 GB smp8, Mac Pro 2.8 quad 12 GB smp6
MacBook Pro 2.9 i7 8 GB smp3
chris21010
Posts: 13
Joined: Fri Jun 14, 2013 8:33 pm

Re: windows 10 detects WU 14125 positions.xtc as trojan

Post by chris21010 »

interesting. didnt know this.
bruce
Posts: 20910
Joined: Thu Nov 29, 2007 10:13 pm
Location: So. Cal.

Re: windows 10 detects WU 14125 positions.xtc as trojan

Post by bruce »

All Malware Detection software that use heuristic AV techniques can produce false-positive detections when the scan semi-random data like a large quantity of numeric data. The only dependable defense against such reports is to demand that the OS prevent those data from ever being treated as an executable program. As Joe_H suggests, configure Windows Defender to avoid scanning FAH's work files.

Please report this false-positive to Windows Defender. Note that they called it a "program" -- which it is not.
Post Reply