Is Wadsmoosh really a virus?

Discuss anything ZDoom-related that doesn't fall into one of the other categories.

Re: Is Wadsmoosh really a virus?

Postby yum13241 » Tue May 25, 2021 7:19 am

wildweasel wrote:I've got a Wadsmoosh that includes Plutonia, so it worked for me. Try running the program from a Command Prompt, so it doesn't disappear immediately and you can read whatever error it gives.




Processing WAD plutonia...
Traceback (most recent call last):
File "wadsmoosh.py", line 477, in <module>
main()
File "wadsmoosh.py", line 439, in main
extract_lumps(iwad_name)
File "wadsmoosh.py", line 241, in extract_lumps
wad.from_file(wad_filename)
File "omg\wad.py", line 260, in from_file
group.load_wadio(w)
File "omg\wad.py", line 156, in load_wadio
self[name] = self.lumptype(wadio.read(i))
File "omg\wadio.py", line 159, in read
self.basefile.seek(self.entries[id].ptr)
OSError: [Errno 22] Invalid argument
[13836] Failed to execute script wadsmoosh
yum13241
 
Joined: 10 May 2021
Discord: yum13241#8226
Operating System: Windows 10/8.1/8/201x 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: Intel (Modern GZDoom)

Re: Is Wadsmoosh really a virus?

Postby Gez » Tue May 25, 2021 11:44 am

Just to check -- is your Plutonia.wad valid? You can use something like HashMyFiles on it and compare with the values you find here. If it perfectly matches one of the tables, it should work, but if it doesn't, then maybe the file is corrupted and that's why Wadsmoosh fails. Based on the error messages, it seems to me your plutonia.wad file is simply not a valid .wad file...
Gez
 
 
 
Joined: 06 Jul 2007

Re: Is Wadsmoosh really a virus?

Postby yum13241 » Tue May 25, 2021 5:58 pm

Gez wrote:Just to check -- is your Plutonia.wad valid? You can use something like HashMyFiles on it and compare with the values you find here. If it perfectly matches one of the tables, it should work, but if it doesn't, then maybe the file is corrupted and that's why Wadsmoosh fails. Based on the error messages, it seems to me your plutonia.wad file is simply not a valid .wad file...


Will do asap.
yum13241
 
Joined: 10 May 2021
Discord: yum13241#8226
Operating System: Windows 10/8.1/8/201x 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: Intel (Modern GZDoom)

Re: Is Wadsmoosh really a virus?

Postby JPL » Wed May 26, 2021 9:30 pm

Hi there, WadSmoosh author here. Yes, Windows Defender has a history of incorrectly detecting programs made with PyInstaller - the program I use to turn my Python code into an easily runnable Windows EXE - as trojans. Another open source program I develop, Playscii, has similar issues. I'm able to use MS's dev site to submit the false positive report to them, which they then clear so that future updates to Defender correctly avoid flagging it.

Two pieces of info I could use from you, though (or anyone else who's getting the malware warning): the specific name of the trojan it thinks WadSmoosh is (it'll have some cryptic name) and the exact version # of Windows Defender's virus definition files you have. These two pages should have info on how to find that info:

https://docs.microsoft.com/en-us/micros ... on-history
https://docs.microsoft.com/en-us/micros ... on-version

With this info I can submit it to MS and get the file's name cleared for all future users.
Thanks, and sorry for the scare! It's pretty frustrating, but I guess the blame is mostly on malware authors for using Python + PyInstaller and ruining the good name of everyone else.

Going into the weeds a bit: the only possible security risk I can think of is, if the Windows 10 install I use to create the WadSmoosh EXE builds is somehow compromised in a way that Defender cannot detect, that specifically knows how to target EXEs or even specifically EXEs made by PyInstaller, and embed something malicious in its Python interpreter boot code. This would be an extremely advanced hack and I'm not sure how they could even get it on to peoples' systems. I use Windows very little these days and I leave all its security features on by default, so I think it's very very unlikely that my system is compromised - and if I ever had reason to suspect it was, I'd avoid making any new builds of software until I was sure it was safe again.
User avatar
JPL
 
 
 
Joined: 09 Apr 2012

Re: Is Wadsmoosh really a virus?

Postby yum13241 » Thu May 27, 2021 6:21 am

JPL wrote:Hi there, WadSmoosh author here. Yes, Windows Defender has a history of incorrectly detecting programs made with PyInstaller - the program I use to turn my Python code into an easily runnable Windows EXE - as trojans. Another open source program I develop, Playscii, has similar issues. I'm able to use MS's dev site to submit the false positive report to them, which they then clear so that future updates to Defender correctly avoid flagging it.

Two pieces of info I could use from you, though (or anyone else who's getting the malware warning): the specific name of the trojan it thinks WadSmoosh is (it'll have some cryptic name) and the exact version # of Windows Defender's virus definition files you have. These two pages should have info on how to find that info:

https://docs.microsoft.com/en-us/micros ... on-history
https://docs.microsoft.com/en-us/micros ... on-version

With this info I can submit it to MS and get the file's name cleared for all future users.
Thanks, and sorry for the scare! It's pretty frustrating, but I guess the blame is mostly on malware authors for using Python + PyInstaller and ruining the good name of everyone else.

Going into the weeds a bit: the only possible security risk I can think of is, if the Windows 10 install I use to create the WadSmoosh EXE builds is somehow compromised in a way that Defender cannot detect, that specifically knows how to target EXEs or even specifically EXEs made by PyInstaller, and embed something malicious in its Python interpreter boot code. This would be an extremely advanced hack and I'm not sure how they could even get it on to peoples' systems. I use Windows very little these days and I leave all its security features on by default, so I think it's very very unlikely that my system is compromised - and if I ever had reason to suspect it was, I'd avoid making any new builds of software until I was sure it was safe again.



Makes sense.
yum13241
 
Joined: 10 May 2021
Discord: yum13241#8226
Operating System: Windows 10/8.1/8/201x 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: Intel (Modern GZDoom)

Re: Is Wadsmoosh really a virus?

Postby JPL » Fri May 28, 2021 11:01 pm

yum13241 wrote:Makes sense.


Any chance you can get me this info? I'm not getting the same result on my machine so I need the info from someone who is.

JPL wrote:Two pieces of info I could use from you, though (or anyone else who's getting the malware warning): the specific name of the trojan it thinks WadSmoosh is (it'll have some cryptic name) and the exact version # of Windows Defender's virus definition files you have. These two pages should have info on how to find that info:

https://docs.microsoft.com/en-us/micros ... on-history
https://docs.microsoft.com/en-us/micros ... on-version

With this info I can submit it to MS and get the file's name cleared for all future users.


Also, just to make sure: you're using the version of WadSmoosh that is currently for download at https://jp.itch.io/wadsmoosh , right?
User avatar
JPL
 
 
 
Joined: 09 Apr 2012

Re: Is Wadsmoosh really a virus?

Postby yum13241 » Sat May 29, 2021 12:37 pm

JPL wrote:
yum13241 wrote:Makes sense.


Any chance you can get me this info? I'm not getting the same result on my machine so I need the info from someone who is.

JPL wrote:Two pieces of info I could use from you, though (or anyone else who's getting the malware warning): the specific name of the trojan it thinks WadSmoosh is (it'll have some cryptic name) and the exact version # of Windows Defender's virus definition files you have. These two pages should have info on how to find that info:

https://docs.microsoft.com/en-us/micros ... on-history
https://docs.microsoft.com/en-us/micros ... on-version

With this info I can submit it to MS and get the file's name cleared for all future users.


Also, just to make sure: you're using the version of WadSmoosh that is currently for download at https://jp.itch.io/wadsmoosh , right?



Yes.
yum13241
 
Joined: 10 May 2021
Discord: yum13241#8226
Operating System: Windows 10/8.1/8/201x 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: Intel (Modern GZDoom)

Previous

Return to General

Who is online

Users browsing this forum: chronoteeth, Vostyok and 2 guests