UCyborg Posted June 2, 2024 Posted June 2, 2024 It might have been mandatory school reading at some point, I really don't remember anymore. Maybe I didn't hate it back then, just found it didn't make much sense. The older me is definitely a bit grumpy and hateful, perhaps I'm projecting it in the past. Maybe that's what certain jobs do to the mind? I'll shut up now since I sadly don't have anything positive to write about Supermium.
Klemper Posted June 3, 2024 Posted June 3, 2024 Looks like what people wrote about viruses in Supermium/Thorium might be true. As soon as @66cats reported a Trojan in Supermium, the only official page with Supermium gone 404! https://msfn.org/board/topic/186133-thorium/?do=findComment&comment=1267118
D.Draker Posted June 3, 2024 Posted June 3, 2024 3 hours ago, Klemper said: Looks like what people wrote about viruses in Supermium/Thorium might be true. As soon as @66cats reported a Trojan in Supermium, the only official page with Supermium gone 404! https://msfn.org/board/topic/186133-thorium/?do=findComment&comment=1267118 Holy Hell! It's indeed 404. No page anymore. Probably too early to freak out? Or not? I mean, win32 always seemed like a nice guy to me, on the other hand, why the full deletion, esp, without any announcement? 2
NotHereToPlayGames Posted June 3, 2024 Posted June 3, 2024 I'm not sure how those "take-downs" work. Did GitHub take it down? Or did "win32ss" take it down? Thorium's GitHub is still up. At the moment anyway.
D.Draker Posted June 3, 2024 Posted June 3, 2024 3 hours ago, NotHereToPlayGames said: I'm not sure how those "take-downs" work. Did GitHub take it down? Or did "win32ss" take it down? Thorium's GitHub is still up. At the moment anyway. I checked this page not long before it got silently deleted without any announcement. I find it strange, if you ask me. Remember they made a dedicated thread about their fake page? I'm sure they would've written in advance in such serious case. Fishy, very fishy. And the timing of @66catsreport indeed matches the deletion! 2
ED_Sln Posted June 3, 2024 Posted June 3, 2024 I think it's progwrp.dll, it overrides system calls, so it can be detected as suspicious. The same happens with VxKex for Win 7, it also has call interception and some antiviruses detect it as a malware. Kaspersky antivirus also detected progwrp.dll as a trojan at first, but after updating the antivirus databases it stopped detecting it, apparently they figured out that it was a false positive. And on Virustotal, only some unknown antiviruses find trojans, only 2-3 I've heard of at all. 1
D.Draker Posted June 3, 2024 Posted June 3, 2024 3 hours ago, ED_Sln said: I think it's progwrp.dll, it overrides system calls, so it can be detected as suspicious. No, @66cats had scanned the whole installer, not that precise file. Look below. https://msfn.org/board/topic/186133-thorium/?do=findComment&comment=1267118 2
66cats Posted June 3, 2024 Posted June 3, 2024 (edited) 5 minutes ago, D.Draker said: he whole installer, Also scanned just the supermium folder (without the installer) (scroll down, bad link). Glad to help. Edited June 3, 2024 by 66cats 1
NotHereToPlayGames Posted June 3, 2024 Posted June 3, 2024 Additional investigation is required. I'm generally a bit skeptic on "virus" reports in general. I've seen more FALSE POSITIVES in my lifetime than I've ever seen for "real" positives. All of this is very suspicious. Thankfully (in my opinion), the "free pass" has been revoked. I'll take 25% credit for that, lol.
D.Draker Posted June 3, 2024 Posted June 3, 2024 2 hours ago, 66cats said: Glad to help. You mean you helped with the siper fast Supermium's page deletion? One doesn't need to be a clairvoyant to predict millions of freak outs this evening. 3
D.Draker Posted June 3, 2024 Posted June 3, 2024 3 hours ago, NotHereToPlayGames said: All of this is very suspicious. If you ask me, MSFN team might wanna put a warning on both, at least until it clears out. If it ever clears out. @Dave-H 2
ED_Sln Posted June 3, 2024 Posted June 3, 2024 14 minutes ago, D.Draker said: No, @66cats had scanned the whole installer, not that precise file. Look below. Checked individual files, yes progwrp.dll is clean, all triggers come from setup.exe. But again, none of the famous antivirus does not find anything there, so I'm inclined to false positives. Perhaps all these antiviruses use the same detection method. 1
66cats Posted June 3, 2024 Posted June 3, 2024 (edited) 6 minutes ago, ED_Sln said: all triggers come from setup.exe Also think it's all false positives, but i've zipped *just the supermium folder* (without setup.exe) & got a bunch of hits. Edit: Might just be uninstall.exe (that lights up), will try without it. Edited June 3, 2024 by 66cats
UCyborg Posted June 3, 2024 Posted June 3, 2024 54 minutes ago, Klemper said: the only official page with Supermium gone 404! Not the only one: https://win32subsystem.live/supermium/
ED_Sln Posted June 3, 2024 Posted June 3, 2024 6 minutes ago, 66cats said: Also think it's all false positives, but i've zipped *just the supermium folder* (without setup.exe) & got a bunch of hits. I'm checking individual files, not the whole folder, and it seems to be clean there, I checked almost all files, but only chrome_pwa_launcher.exe has one trigger. Strangely, the number of antiviruses finding something is much lower in the 64 bit version.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now