All Activity

Don't know, The two files that still light up for me are notification_helper.exe & chrome_pwa_launcher.exe,

I checked each file separately, but apart from setup and uninstall it found only two files. It turns out that inside the archive finds a lot, but without the archive - no, how is this possible?

That scanner opens .zipped files, so just now removed setup.exe & uninstall.exe, zipped & scanned again. Fewer hits, but still some: EDIT: JUST ONE. I used "add to archive," so uninstall.exe got scanned. Sorry. Real result: Again, pretty sure it's false.

I installed Auto Refresh Page addon in Basilisk 52, it has a feature to search for keywords on automatic page refresh, then display notification and play sound effect. When I do the test, the notification does show up but no sound can be heard. I extracted the XPI and found the mp3 file "auto_refresh_page-3.2.xpi\assets\sounds\notification.mp3", so for some reasons Basilisk does not play this file. Could anyone please help me out? Thank you!

I'm checking individual files, not the whole folder, and it seems to be clean there, I checked almost all files, but only chrome_pwa_launcher.exe has one trigger. Strangely, the number of antiviruses finding something is much lower in the 64 bit version.

Not the only one: https://win32subsystem.live/supermium/

Late Win10 and all of 11 has been horrible. Even early to mid 10 is only decent, and that is when you use server 2016/2019

Also think it's all false positives, but i've zipped *just the supermium folder* (without setup.exe) & got a bunch of hits. Edit: Might just be uninstall.exe (that lights up), will try without it.

Checked individual files, yes progwrp.dll is clean, all triggers come from setup.exe. But again, none of the famous antivirus does not find anything there, so I'm inclined to false positives. Perhaps all these antiviruses use the same detection method.

If you ask me, MSFN team might wanna put a warning on both, at least until it clears out. If it ever clears out. @Dave-H

You mean you helped with the siper fast Supermium's page deletion? One doesn't need to be a clairvoyant to predict millions of freak outs this evening.

Additional investigation is required. I'm generally a bit skeptic on "virus" reports in general. I've seen more FALSE POSITIVES in my lifetime than I've ever seen for "real" positives. All of this is very suspicious. Thankfully (in my opinion), the "free pass" has been revoked. I'll take 25% credit for that, lol.

Also scanned just the supermium folder (without the installer) (scroll down, bad link). Glad to help.

No, @66cats had scanned the whole installer, not that precise file. Look below. https://msfn.org/board/topic/186133-thorium/?do=findComment&comment=1267118

I think it's progwrp.dll, it overrides system calls, so it can be detected as suspicious. The same happens with VxKex for Win 7, it also has call interception and some antiviruses detect it as a malware. Kaspersky antivirus also detected progwrp.dll as a trojan at first, but after updating the antivirus databases it stopped detecting it, apparently they figured out that it was a false positive. And on Virustotal, only some unknown antiviruses find trojans, only 2-3 I've heard of at all.

I checked this page not long before it got silently deleted without any announcement. I find it strange, if you ask me. Remember they made a dedicated thread about their fake page? I'm sure they would've written in advance in such serious case. Fishy, very fishy. And the timing of @66catsreport indeed matches the deletion!

Fingers crossed that Thorium's GitHub at least stays up until I can download the latest. (edit: not even going to attempt to download here at work, lol, lest my PC be flagged on three continents' IT Depts) Trojan or not, I'd prefer to have them archived on my end. I can inoculate on my end ("maybe").

I'm not sure how those "take-downs" work. Did GitHub take it down? Or did "win32ss" take it down? Thorium's GitHub is still up. At the moment anyway.

EDIT: Most of those hits are from uninstall.exe. Just one (probably false) positive when uninstall.exe is deleted from /supermium folder. Zipped up just the Supermium folder without the installer (setup.exe): I'll leave it here, compare and contrast sort of thing. P.S. Tried to check if a separate .zipped binaries download was available, but no luck -- page is down [panicking emoji]

Holy Hell! It's indeed 404. No page anymore. Probably too early to freak out? Or not? I mean, win32 always seemed like a nice guy to me, on the other hand, why the full deletion, esp, without any announcement?

Hello, Hoody Taylor. What a nice Vietnamese name! This whole forum is interesting. Tell us what you tend to use more, which OS, device.

Check here ASAP! https://msfn.org/board/topic/185045-supermium/?do=findComment&comment=1267134

Looks like what people wrote about viruses in Supermium/Thorium might be true. As soon as @66cats reported a Trojan in Supermium, the only official page with Supermium gone 404! https://msfn.org/board/topic/186133-thorium/?do=findComment&comment=1267118

Four minutes is nothing! If we are to assume what they claim about "collecting, harvesting user data" is true. You need to accumulate some valuable info in your profile. Bank credentials (use fake ones).

When you download a file, the browser with the parallel downloading feature enabled will divide the file into small packets and download those small packets simultaneously. Because of this, the download speed will increase. network.http.max-persistent-connections-per-server The default value is (in my opinion) insufficient when compared to the downloading speed of a Chromium-based browser.