Detected: Trojan:Win32/Znyonm

[emmarrem]

OS: Windows 11 Version 22H2(OS Build 22621.3447)
Thorium Version: 122.0.6261.132 64bit

Its seems like there is a Trojan Znyonm as a part of the thorium component called Notification_Helper.exe. found in the AppData-Local folder of Thorium.

[emmarrem]

[emmarrem]

Another notification of the same Trojan Detected just now from another component

[midnitefox]

Same here.

Thorium Version 122.0.6261.132 (Official Build) (64-bit)
Windows 11 Pro 23H2
Installed on ‎4/‎14/‎2024
OS build 22631.3447
Experience Windows Feature Experience Pack 1000.22688.1000.0

[midnitefox]

Malwarebytes scan results show no detections. Almost certainly a false positive on the part of Windows Security.

MB scan results:

-Log Details-
Scan Date: 4/23/2024
Scan Time: 8:21 PM

-Software Information-
Version: 5.1.3.110
Components Version: 1.0.1219
Update Package Version: 1.0.83804
License: Trial

-System Information-
OS: Windows 11 (Build 22631.3447)
CPU: x64
File System: NTFS

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 231411
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

[RocGod]

Don't think this is an issue. High chance is another false positive case for Windows Defender.
I am also using latest Thorium on win 11. Didn't see this with Windows Defender.

[Alex313031]

@RocGod @midnitefox @emmarrem See here > Alex313031/Thorium-Win#195

And specifically the comment I made here > Alex313031/Thorium-Win#195 (comment)

[IkimonJ]

Don't think this is an issue. High chance is another false positive case for Windows Defender. I am also using latest Thorium on win 11. Didn't see this with Windows Defender.

I am using a version of WIndows 10 without WIndows Defender and only having Bitdefender as my Antivirus and it is still detected as a threat / PUP.

[gz83]

I have submitted a false positive report to Microsoft and will let you and other users know when the results are available.

[gz83]

Microsoft reply

`
Analyst comments:

At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions.

Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus
`

[Alex313031]

@RocGod @midnitefox @emmarrem These defender warnings seem to happen at random, and the "threat" is always different each time, which I find funny. This takes care of it for now, but next release might trigger it again, or might not. And since it will have a different file hash, the current fix from @gz83 reporting it as a false positive will probably not apply.