SETI@BOINCWatch is a trojan!
23 Jan 2005 14:58:20 UTC
Topic 187314
(moderation:
Beware for trojans. I think that SETI@BOINCWatch is a trojan! The link can be found at http://einstein.phys.uwm.edu/download_network.php, but you should not download the software. Well, I did and the Microsoft Antispyware -program found NetSlayer (RAT) -trojan after that.
They should remove the link immediately.
Yours sincerely, Henri Heinonen.
mars2019.org
Manned mission to Mars in 2019 Petition <-- Sign this, please.
SETI@BOINCWatch is a trojan!
)
THANK,S..
Can anybody else confirm that
)
Can anybody else confirm that SETI@BOINCWatch is a trojan? E.g. using a non-MS apps? That would be a serious revelation...
> THANK,S.. You are
)
> THANK,S..
You are welcome!
mars2019.org
Manned mission to Mars in 2019 Petition <-- Sign this, please.
> Can anybody else confirm
)
> Can anybody else confirm that SETI@BOINCWatch is a trojan? E.g. using a non-MS
> apps? That would be a serious revelation...
Of course, I cannot be 100% sure, but SETI@BOINCWatch was somewhat fake-looking software and it did not even work at all. It only showed some information about my computer. Still, I was stupid enough to give my Einstein@home account ID to the program's setup-box! Now the hackers probably have an access to my account. ;-(
What should I do now? Should I stop using BOINC and distributed computing? :(
mars2019.org
Manned mission to Mars in 2019 Petition <-- Sign this, please.
> > Can anybody else confirm
)
> > Can anybody else confirm that SETI@BOINCWatch is a trojan? E.g. using a
> non-MS
> > apps? That would be a serious revelation...
>
> Of course, I cannot be 100% sure, but SETI@BOINCWatch was somewhat
> fake-looking software and it did not even work at all. It only showed some
> information about my computer. Still, I was stupid enough to give my
> Einstein@home account ID to the program's setup-box! Now the hackers probably
> have an access to my account. ;-(
>
> What should I do now? Should I stop using BOINC and distributed computing? :(
>
I had used this programm and even written an mail to the author. But I'm also not 100% sure :).
My program BOINC-Observer is devinitiv no trojan! ;-)
Greetings from Germany
Basti
Join Ad Astra
Thanks for sharing you
)
Thanks for sharing you experience, Henri.
I think that asking for an AccoundID from any other apps than BOINC itself is very suspicious.
The other suspicious thing is that proclaimed homepage at http://setiwatch.hit.bg/ (in Bulgaria) is not working.
On the other side, it's quite unusual that (as it seems) nobody else have mentioned such strange behaviour, albeit links to SETI@BOINCWatch are available are other BOINC download pages as well so it is likely that more BOINCers are using this add-on.
For sure, one needs to be precautious.
> Of course, I cannot be 100% sure, but SETI@BOINCWatch was somewhat
> fake-looking software and it did not even work at all. It only showed some
> information about my computer. Still, I was stupid enough to give my
> Einstein@home account ID to the program's setup-box! Now the hackers probably
> have an access to my account. ;-(
>
> What should I do now? Should I stop using BOINC and distributed computing? :(
>
> The other suspicious thing
)
> The other suspicious thing is that proclaimed homepage at
> http://setiwatch.hit.bg/ (in Bulgaria) is not working.
I don't use the program myself, but the homepage "http://setiwatch.hit.bg" is working fine for me. On this page are some screenshots and explanation:
http://setiwatch.hit.bg/about_app.htm
> Thanks for sharing you
)
> Thanks for sharing you experience, Henri.
> I think that asking for an AccoundID from any other apps than BOINC itself is
> very suspicious.
> The other suspicious thing is that proclaimed homepage at
> http://setiwatch.hit.bg/ (in Bulgaria) is not working.
>
> On the other side, it's quite unusual that (as it seems) nobody else have
> mentioned such strange behaviour, albeit links to SETI@BOINCWatch are
> available are other BOINC download pages as well so it is likely that more
> BOINCers are using this add-on.
>
> For sure, one needs to be precautious.
>
> > Of course, I cannot be 100% sure, but SETI@BOINCWatch was somewhat
> > fake-looking software and it did not even work at all. It only showed
> some
> > information about my computer. Still, I was stupid enough to give my
> > Einstein@home account ID to the program's setup-box! Now the hackers
> probably
> > have an access to my account. ;-(
> >
> > What should I do now? Should I stop using BOINC and distributed
> computing? :(
> >
>
The site is online!
Welcome to the SETI@BOINCWatch home website:) I think that is the best program that keeps tracking of the progress of SETI@Home/BOINC and saves system recourses for the crunching. It is still not perfect but I think it will do well:) If You have any comments or suggestions I'll be glad to hear them on my e-mail.
And I think that with a little help from You and with my 24 hour work we will make SETI@BOINCWatch look a lot better:) I thank You in advance!!!
Greetings from Germany
Basti
Join Ad Astra
Hi Seti@boinc watch is not
)
Hi
Seti@boinc watch is not a trojan for me.
My antivirus didn't detect anything
The program doesn't ask anything: you just install it. That's all.
Where have you seen that you must give your E@H Id account ?
You have to enter your Seti account number if you want to see your Seti stats in the setup box, not your E@H id.
Well, perhaps we're not talking of the same program, but for me this prg is OK and running fine.
Check if you have the following components on your machine (found with google):
client.exe
server.exe
systemroot+\system\nspatch.exe
unpacked server.exe
HKEY_CLASSES_ROOT\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\clsid\{18d91ad0-d0be-11d1-a6b4-00aa002075da}
HKEY_CLASSES_ROOT\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91aca-d0be-11d1-a6b4-00aa002075da}
HKEY_LOCAL_MACHINE\software\classes\clsid\{18d91acf-d0be-11d1-a6b4-00aa002075da}
HKEY_LOCAL_MACHINE\software\classes\typelib\{18d91ad0-d0be-11d1-a6b4-00aa002075da}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\nspatch
If you don't have them, you're not infected.
I don't have them
Cheers..
Arnaud
I'm not saying it definitely
)
I'm not saying it definitely is or isn't some kind of trojan however it is also possible that the MS detection software is just seeing it do some "suspicious looking" things and since it isn't in its list of approved software, it gets flagged as malware. I'm suspecting it puts some hooks in the OS to be notified when certain evens happen such as the client_state.xml file being accessed or the seti@home process exiting. Such activities CAN be suspicious since they could be used to gather information about what is happening on your computer which can then be sent back to the "mother ship". However it is also quite possible that this is simply how the program works and no information is communicated back to the author.
A member of The Knights Who Say Ni!
My BOINC stats page