-
-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bitdefender detects infected files in Thorium #195
Comments
Same here, added some links of which i send to virustotal: |
I'm having the same error with all three installer versions |
rip if its not false positive |
MS Defender detected it too, identifies as Win32/Znyonm |
Lack of any comments from the dev is concerning. It's been five days. |
Alex and I have answered this question in multiple identical or similar issues, and there is no lack of responses. |
This appears to be a small-scale incident. If you feel that my reply is not credible, then I can ask the project owner to reply to you. Throium, Mercury, the Chromium browser I compiled myself, and Cent Browser have all been marked as viruses or Trojans. It is impossible that so many browsers have malicious behaviors, right? I think the possible reasons why Thorium was reported as a virus are related to the digital signature, the startup parameters included in the portable version, etc. Report on Mercury: |
@dlwyer @lazyb5 @knot2006 @andreluizmg Yeah, IDK what to say. Thorium, Chromium, and other small Chromium forks like Iridium seem to at one release be fine, then another show up as a threat. And every time it shows up as a threat, its a different one, which I find funny. Signing thorium with a digital signature from Microsoft requires more money than I have right now. The other way files get whitelisted is if they are downloaded a lot of times, or people start manually reporting a given file as safe to Microsoft. Every new version, its a different file, and I doubt anyone is going out of their way to report each thorium version as safe to Microsoft, so this is the result that you get. All I can say is look at the source and/or build it yourself if you are that concerned. If you don't trust us and aren't willing to build it, then I would say don't use Thorium lol. But you will find similar "threats" in other small browsers like I said, so that kinda leaves you back with the standard major browsers, which while not malicious either, have their own privacy and telemetry concerns. I've also noticed that windows defender has a lot less incidents of this, and is mainly third party antiviruses like BitDefender and Kapersky that complain about this. My builds seem to get more false positives than for example, Ungoogled Chromium. I sometimes wonder if it is due to all the compiler optimizations, which make the final resulting code highly minified, inlined, and obfuscated (which is what it's supposed to do). It might be interesting to make a Thorium build that has no changes to the compiler configuration from standard Chromium, and compare it to an identical build except with the compiler stuff included, and see whether one or the other or both is detected as malicious. In any case, I'm not "mad" if a user is suspicious and decides not to use Thorium, because part of the whole point of open source, and a hallmark of any software that I make, is to have OPTIONS, which mainstream proprietary software seems to be taking more and more away from users. |
My concern is less about malware and more about getting around my Bitdefender. I tried to exclude the .exe but apparently that isn't what is being flagged. I've cloned it and will try that route. Thanks. |
@dlwyer If you need help building Thorium, the instructions are a little different from building vanilla Chromium, the docs for how to build for each platform can be found here > https://thorium.rocks/docs/ |
Same thing here: Trojan:Win32/Znyonm in notification_helper.exe. Imma trust the notion that this is a signture issue and a false positive for now cuz I'm really feeling the browser for some reason. But I must add, a reachable and loud statement might be in order (If one wasn't out) cuz this thread was linked to me as I was unable to find it myself. |
In version 123.0.6312.133 (Official build) (64-bits) on Windows 11, Bitdefender just detected Trojan:Win32/Wacatac.B!ml in chrome_proxy.exe and has been quarantined. It also infected Thorium App link files (.lnk) according to Bitdefender. |
Microsoft has cleared the false positive ` At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender |
I'm not sure if the Ungoogled Chromium project is paying Microsoft for digital signatures or not, but I doubt it. I never got a false positive from Defender on it, so it might be worth looking into what they are doing differently to avoid this issue... |
This did not work for me. Windows Defender still instantly deletes chrome_proxy.exe |
System Details
W11
M122.0.6261.132 - 38th Release
Problem
As above Bitdefender detects infected files in Thorium and in Thorium installer:
In Thorium itself:
\Thorium\Application\122.0.6261.132\chrome_pwa_launcher.exe is infected with Gen:Variant.Lazy.509
\Thorium\Application\chrome_proxy.exe is infected with Gen:Variant.Lazy.5097
\Thorium\Application\122.0.6261.132\notification_helper.exe is infected with Gen:Variant.Lazy.5100
While reinstalling:
\Local\Thorium\Temp\source3824_1211423175\Chrome-bin\122.0.6261.132\chrome_pwa_launcher.exe has been detected as infected with Gen:Variant.Lazy.509733
\Local\Thorium\Temp\source3824_1211423175\Chrome-bin\122.0.6261.132\notification_helper.exe has been detected as infected with Gen:Variant.Lazy.510014
Additional Notes
Was fine for longest time, seams like false positive ?
The text was updated successfully, but these errors were encountered: