Avast is saying One Click exe is a trogen

ShadowCat66 · 03-16-04, 09:00 AM

This is the message I get from Avast Antivirus when I run the EXE file.I downloaded the latest from the sticky first also.

OC-FAH-SSE-V2/.exe is infected with Win32:Trogen-gen {VC}

Hmmm,any clues here,just a bug in Avast??

nikhsub1 · 03-16-04, 10:12 AM

Quote:

Originally posted by ShadowCat66
This is the message I get from Avast Antivirus when I run the EXE file.I downloaded the latest from the sticky first also.

OC-FAH-SSE-V2/.exe is infected with Win32:Trogen-gen {VC}

Hmmm,any clues here,just a bug in Avast??

Probably... I mean it is a strange exectutable that installs as a service and uses LOTS of CPU powah

Rest assured there is no virus in it.

Wedo · 03-16-04, 11:11 AM

Sweet mother.... I'm sure the footprint of the Core and FAH is throwing off the AV as there are four files in each One-Click:

1. FAH4Console.exe
2. Service-Setup.bat (batch file that registers and starts service)
3. Client.cfg
4. srvany.exe (a Microsoft program that EVERY service install uses)

No virus, just folding.

Wedo

matrixzen · 03-16-04, 11:54 AM

It's possible that the F@H zip might have gotten infected. If the AV software starts asking you to act, try the repair function. If it can't repair it, chances are it's not infected and it's just the virus software misdetecting it.

Wedo · 03-16-04, 12:18 PM

Quote:

Originally posted by matrixzen
It's possible that the F@H zip might have gotten infected. If the AV software starts asking you to act, try the repair function. If it can't repair it, chances are it's not infected and it's just the virus software misdetecting it.

Good idea, but there is no chance the zip file was infected from the download site. If the file is infected it came from the computer it was downloaded to.

Wedo

matrixzen · 03-16-04, 12:26 PM

Same thing I was thinking. Most of the time if the file is from a reliable internet webhost and you find it's infected after you download and try to install it, it's usually just something on your machine infecting certain types of filetypes or just anything you run in general.

Andyman902042 · 03-16-04, 03:30 PM

That just happened to me too, oh well now I know it's OK.

rezon8 · 03-16-04, 04:48 PM

HEY! I had the exact same thing happen to me this weekend when i do my weekly scan. Came up saying "...duallie OC-one click..." was a W32 Trojan. I was gonna post something about it but decided against it thinking i somehow got it infected myself, as i was also helping a friend of mine disinfect his box, he had tons of viruses on his HD and i assumed that somehow one of the trojans had jumped over the network and infected a random file on my HD or something. I deleted the file, but i still have it installed and running...

maybe we should send !avast an email or someting....

RoadWarrior · 03-16-04, 04:53 PM

There's also a possibility that it has been labelled a trojan due to irresponsible borging

matrixzen · 03-16-04, 05:45 PM

I wouldn't be surprised if that happened. If people borg computers without the owner's permission, and when they see it running, they are like "how did that get there?" Thus it is becomes labeled at a virus.

ShadowCat66 · 03-16-04, 06:12 PM

LOL,sorry Wedo,I didnt mean to cause a stir.I figured it wasnt infected.Just wanted to point it out to everyone what happened and the slim chance something could have been wrong.

Wedo · 03-16-04, 06:52 PM

Quote:

Originally posted by ShadowCat66
LOL,sorry Wedo,I didnt mean to cause a stir.I figured it wasnt infected.Just wanted to point it out to everyone what happened and the slim chance something could have been wrong.

No worries, if you didn't bring it to our attention someone else would. It's just funny to me because it's a totally love-hate with the One-Click. Either people are lovin' it because of the easy install or I read threads about how f'ed up the program is even though it's worked on hundreds of machines.

I'll try to score some time this week and send an email to the AV people and figure out why the dually version is coming up as a virus. I'm wondering if it's because the Dually puts a thing in the add/remove and the singles do not.

Wedo

Andyman902042 · 03-16-04, 07:01 PM

I don't have the Dually version and it still came up as a virus.

Wedo · 03-17-04, 12:21 PM

Quote:

Originally posted by Andyman902042
I don't have the Dually version and it still came up as a virus.

Whoops, my mistake, I guess I need to check the single cpu version AND the dually? Either way, I just figured out why the One-Click comes up as a trojan.

The One-Click is an .exe within an .exe which also registers itself in the registry and adds FAH to the service. All three of these properties are what you everyday trojan would do.

Either way, I'll try to shoot an email to the company.

Wedo

Audioaficionado · 03-17-04, 10:09 PM

I love both the duallie and single One-clicks. I'll use that 4-client One-Click for HT duallies when I build my Xeon duallie soon.

At least you have your own name in the default cfg so silly borgers won't keep feeding that One-Click folding monster that's passed me twice before.

AVG free doesn't seem to mind One-Click nor do Ad-Aware & Spybot S&D.

Np at my end.

Thanx Wedo for all the

tools

ShadowCat66 · 03-18-04, 01:27 PM

Quote:

Originally posted by Audioaficionado
I love both the duallie and single One-clicks. I'll use that 4-client One-Click for HT duallies when I build my Xeon duallie soon.

At least you have your own name in the default cfg so silly borgers won't keep feeding that One-Click folding monster that's passed me twice before.

AVG free doesn't seem to mind One-Click nor do Ad-Aware & Spybot S&D.

Np at my end.

Thanx Wedo for all the tools

Its only the program EXE file it doesnt like.After its installed,it seems fine.

03-16-04, 09:00 AM	Thread Starter #1
ShadowCat66 Member Join Date: Aug 2001 Location: Oshkosh,WI	Avast is saying One Click exe is a trogen This is the message I get from Avast Antivirus when I run the EXE file.I downloaded the latest from the sticky first also. OC-FAH-SSE-V2/.exe is infected with Win32:Trogen-gen {VC} Hmmm,any clues here,just a bug in Avast??
	QUOTE Thanks

03-16-04, 11:11 AM	#3
Wedo Senior Kitty Power! Join Date: Oct 2001 Location: Lost Angeles	Sweet mother.... I'm sure the footprint of the Core and FAH is throwing off the AV as there are four files in each One-Click: 1. FAH4Console.exe 2. Service-Setup.bat (batch file that registers and starts service) 3. Client.cfg 4. srvany.exe (a Microsoft program that EVERY service install uses) No virus, just folding. Wedo __________________ ~ Folding for Sharon, Joy, Kathy, Cathy, Nancy, Peanut, and so many others ~[/size]
	QUOTE Thanks

03-16-04, 11:54 AM	#4
matrixzen Member Join Date: Jun 2003 Location: CA	It's possible that the F@H zip might have gotten infected. If the AV software starts asking you to act, try the repair function. If it can't repair it, chances are it's not infected and it's just the virus software misdetecting it. __________________ Team 32 Contributor.
	QUOTE Thanks

03-16-04, 12:26 PM	#6
matrixzen Member Join Date: Jun 2003 Location: CA	Same thing I was thinking. Most of the time if the file is from a reliable internet webhost and you find it's infected after you download and try to install it, it's usually just something on your machine infecting certain types of filetypes or just anything you run in general. __________________ Team 32 Contributor.
	QUOTE Thanks

03-16-04, 03:30 PM	#7
Andyman902042 Member Join Date: Jan 2004 Location: indianapolis	That just happened to me too, oh well now I know it's OK.
	QUOTE Thanks

Avast is saying One Click exe is a trogen

Internet Services

Website Development

Tech Hardware

03-16-04, 04:48 PM	#8
rezon8 Member Join Date: Jan 2003 Location: Lewisville, Tx.	HEY! I had the exact same thing happen to me this weekend when i do my weekly scan. Came up saying "...duallie OC-one click..." was a W32 Trojan. I was gonna post something about it but decided against it thinking i somehow got it infected myself, as i was also helping a friend of mine disinfect his box, he had tons of viruses on his HD and i assumed that somehow one of the trojans had jumped over the network and infected a random file on my HD or something. I deleted the file, but i still have it installed and running... maybe we should send !avast an email or someting....
	QUOTE Thanks

03-16-04, 04:53 PM	#9
RoadWarrior Senior Member Join Date: Nov 2001 Location: Niagara Falls, Ontario, Canada	There's also a possibility that it has been labelled a trojan due to irresponsible borging __________________ Folder in disgrace. Folding rigs may be back online eventually, just as soon as real life gives me enough breaks. Black Belt Ubercloxx0r "Even though large tracts of Europe and many old and famous Folders have fallen or may fall into the grip of OCAU and all the odious apparatus of [H]ardOCP rule, we shall not flag or fail." "We shall go on to the end, we shall fold on the Newcastles, we shall fold on the Northwoods and Prescotts, we shall fold with growing confidence and growing strength on Venice, we shall defend our Forum, whatever the cost may be, we shall fold on the Winchesters, we shall fold on the Bartons, we shall fold on the Applebreds and Thunderbirds, we shall fold on the Coppermines; we shall never surrender!"
	QUOTE Thanks

03-16-04, 05:45 PM	#10
matrixzen Member Join Date: Jun 2003 Location: CA	I wouldn't be surprised if that happened. If people borg computers without the owner's permission, and when they see it running, they are like "how did that get there?" Thus it is becomes labeled at a virus. __________________ Team 32 Contributor.
	QUOTE Thanks

03-16-04, 06:12 PM	Thread Starter #11
ShadowCat66 Member Join Date: Aug 2001 Location: Oshkosh,WI	LOL,sorry Wedo,I didnt mean to cause a stir.I figured it wasnt infected.Just wanted to point it out to everyone what happened and the slim chance something could have been wrong.
	QUOTE Thanks

03-16-04, 07:01 PM	#13
Andyman902042 Member Join Date: Jan 2004 Location: indianapolis	I don't have the Dually version and it still came up as a virus.
	QUOTE Thanks

03-17-04, 10:09 PM	#15
Audioaficionado Super Moderator Join Date: Apr 2002 Location: Medford, Orygun	I love both the duallie and single One-clicks. I'll use that 4-client One-Click for HT duallies when I build my Xeon duallie soon. At least you have your own name in the default cfg so silly borgers won't keep feeding that One-Click folding monster that's passed me twice before. AVG free doesn't seem to mind One-Click nor do Ad-Aware & Spybot S&D. Np at my end. Thanx Wedo for all the tools __________________ .....................................My Heatware MyFAH Stats .......................Folding is a marathon, not a sprint © audioaficionado Asus Commando, 8GB GSkill 5-5-5-15-2t PC6400, Q6600 @3.0GHz >SMP2+GPU3 FAH 24/7 Gigabyte DS3, 3GB GSkill 5-5-5-15-2t PC6400, E6400 @3.0GHz Asus P5Q PRO Turbo, 4GB GSkill 5-5-5-15-2t PC6400, E6600 @3.0GHz Iwill DH800, 2GB OCZ4002048PFDC-K 2.5-3-3-8-1t, Dual 2.4 M0 Xeons 1.5v/880/3300 Help improve overclockers.com! Get involved! You have over 101 posts and Can't see the classifieds???Click This Link Anyone we catch cookie stuffing at this site will be banned on the spot!!
	QUOTE Thanks

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search