RedDot-3ND7355 / MPO-GPU-FIX

MPO Fix for 5000/6000/7000 AMD GPUs & RTX 2000/3000/4000/GTX 1600
262 stars 6 forks source link

Flagged by Windows Defender on v6.5 (False Positive) #19

Closed compieter-gh closed 2 months ago

compieter-gh commented 3 months ago

I just downloaded v6.5 and this version is flagged by Windows Defender. Knowing this is a false positive am still reporting this as a bug.

Edit: After unpacking the archive and scanning MPOGPUFIX.exe which isn't being flagged so its just the archive.

ApplicationFrameHost_529ft0aZVd

RedDot-3ND7355 commented 3 months ago

I just downloaded v6.5 and this version is flagged by Windows Defender. Knowing this is a false positive am still reporting this as a bug.

Edit: After unpacking the archive and scanning MPOGPUFIX.exe which isn't being flagged so its just the archive.

ApplicationFrameHost_529ft0aZVd

Going the defintion of the malware, its simply a low scored process trust within a pack.

If I had money to sign the processes with an actual signature it would be all good 👌

Zendien commented 3 months ago

I just ran it through the VirusTotal site and 5 out of 74 flagged the exe as a Trojan. Same as the original commenter

Edit: Here's the link to the virustotal scan - https://www.virustotal.com/gui/file/c2f1d6c1c479c822e6d2be66c4b61ce86f9f5698184598087333560a364c2d8e/details

Not sure if it's possible to alert them to the false positive

stefandjnl commented 3 months ago

I have the same Issue with Eset Internetsecurity. From the log: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 23/07/2024 20:00:31;HTTP filter;file;https://objects.githubusercontent.com/github-production-release-asset-2e65be/578775112/5c74dd15-78ef-4666-b48e-e0c0c29cdd06?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction/20240723/us-east-1/s3/aws4_request&X-Amz-Date=20240723T180030Z&X-Amz-Expires=300&X-Amz-Signature=51ed9b1b4944dea12b99a953c1deaaa39a41b03fed88feb4e97536c00de2a925&X-Amz-SignedHeaders=host&actor_id=155253562&key_id=0&repo_id=578775112&response-content-disposition=attachment; filename=MPOGPUFIX.zip&response-content-type=application/octet-stream;a variant of Generik.BLDJICO trojan;connection terminated;STEFAN-PC\Stefan 2;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (0E12C4DDBC34036D13EDFE72BB4890BE106D3A4C).;837F75261C10B4BE381F564CA68F5EC6A73B2A5F;

RedDot-3ND7355 commented 3 months ago

I have the same Issue with Eset Internetsecurity. From the log: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 23/07/2024 20:00:31;HTTP filter;file;https://objects.githubusercontent.com/github-production-release-asset-2e65be/578775112/5c74dd15-78ef-4666-b48e-e0c0c29cdd06?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction/20240723/us-east-1/s3/aws4_request&X-Amz-Date=20240723T180030Z&X-Amz-Expires=300&X-Amz-Signature=51ed9b1b4944dea12b99a953c1deaaa39a41b03fed88feb4e97536c00de2a925&X-Amz-SignedHeaders=host&actor_id=155253562&key_id=0&repo_id=578775112&response-content-disposition=attachment; filename=MPOGPUFIX.zip&response-content-type=application/octet-stream;a variant of Generik.BLDJICO trojan;connection terminated;STEFAN-PC\Stefan 2;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (0E12C4DDBC34036D13EDFE72BB4890BE106D3A4C).;837F75261C10B4BE381F564CA68F5EC6A73B2A5F;

got flagged by eset for having the ability to open an url from the app.

Nothing I can do for that.

And as for everyone else, I can't do anything about the false positives other than trying to sign the exe using clickonce.

RedDot-3ND7355 commented 2 months ago

Released 6.6 to see if it's still being detected as a false positive. Any feedback would be really appreciated <3

stefandjnl commented 2 months ago

Works fine here!

RedDot-3ND7355 commented 2 months ago

Works fine here!

Thanks for confirming!