integralfx / MemTestHelper

C# WPF to automate HCI MemTest
2.24k stars 211 forks source link

Link to Malware in readme #27

Closed XenHat closed 4 years ago

XenHat commented 4 years ago

The software named "Thaiphoon Burner" linked in DDR4 OC Guide.md resides on a website flagged as "contains trojan" by Malwarebytes, and does seem to actually contain malware.

Trojan also found in TM5 and y-cruncher

If this isn't some kind of IQ test, I would very strongly suggest not recommending users to install this.

integralfx commented 4 years ago

Thaiphoon reads the SPD chip on your RAM so it needs hardware level access, which other malware are known to need.

TM5 and y-cruncher have been around for a long time and have been used by many overclockers so I highly doubt they're malware.

There are many other ways to figure out the IC of your RAM. You don't even need to know the IC to overclock it.

There are also many other memory tests you can use.

Obviously, if you don't trust it, don't use it but many of us have been using them without any consequences.

XenHat commented 4 years ago

What's confusing is that other low-level software don't trigger these warnings. Chain of trust issue? Classic "Not whitelisted" behaviour?

As a side note, I've ran Thaiphoon and it seems ok. If there truly is no malware in there, it just fueled my disdain for the whole "Antivirus" "conspiracy" even more. Why would "Hardware Probe" show up as Generic.Trojan? Super useless.

P.S. Thaiphoon was unable to truly ID my ICs, but, It's pretty much G.Skill's fault for not filling in the data. Looks intentionally blank. It's SK Hynix [B/C/D]JR, which I already knew.

alanbork commented 4 years ago

the core issue is that anti-virus vendors no longer hand-analyse anything unless it's already infected millions of machines. so everything is heuristics based, and anything that works close to the hardware is suspicious.

On Sun, Nov 1, 2020 at 3:43 PM Xenhat notifications@github.com wrote:

What's confusing is that other low-level software don't trigger these warnings. Chain of trust issue? Classic "Not whitelisted" behaviour?

As a side note, I've ran Thaiphoon and it seems ok. If there truly is no malware in there, it just fueled my disdain for the whole "Antivirus" "conspiracy" even more. Why would "Hardware Probe" show up as Generic.Trojan? Super useless.

P.S. Thaiphoon was unable to truly ID my ICs, but, It's pretty much G.Skill's fault for not filling in the data. Looks intentionally blank. It's SK Hynix [B/C/D]JR, which I already knew.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/integralfx/MemTestHelper/issues/27#issuecomment-720171054, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANPGZ5JM45ZOYJEQ4GHWNEDSNXXA7ANCNFSM4TEPVTNA .