Is Wadsmoosh really a virus?

Discuss anything ZDoom-related that doesn't fall into one of the other categories.
yum13241
Posts: 852
Joined: Mon May 10, 2021 8:08 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): EndeavorOS (basically Arch)
Graphics Processor: Intel with Vulkan/Metal Support

Re: Is Wadsmoosh really a virus?

Post by yum13241 »

wildweasel wrote:I've got a Wadsmoosh that includes Plutonia, so it worked for me. Try running the program from a Command Prompt, so it doesn't disappear immediately and you can read whatever error it gives.


Processing WAD plutonia...
Traceback (most recent call last):
File "wadsmoosh.py", line 477, in <module>
main()
File "wadsmoosh.py", line 439, in main
extract_lumps(iwad_name)
File "wadsmoosh.py", line 241, in extract_lumps
wad.from_file(wad_filename)
File "omg\wad.py", line 260, in from_file
group.load_wadio(w)
File "omg\wad.py", line 156, in load_wadio
self[name] = self.lumptype(wadio.read(i))
File "omg\wadio.py", line 159, in read
self.basefile.seek(self.entries[id].ptr)
OSError: [Errno 22] Invalid argument
[13836] Failed to execute script wadsmoosh
Gez
 
 
Posts: 17921
Joined: Fri Jul 06, 2007 3:22 pm

Re: Is Wadsmoosh really a virus?

Post by Gez »

Just to check -- is your Plutonia.wad valid? You can use something like HashMyFiles on it and compare with the values you find here. If it perfectly matches one of the tables, it should work, but if it doesn't, then maybe the file is corrupted and that's why Wadsmoosh fails. Based on the error messages, it seems to me your plutonia.wad file is simply not a valid .wad file...
yum13241
Posts: 852
Joined: Mon May 10, 2021 8:08 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): EndeavorOS (basically Arch)
Graphics Processor: Intel with Vulkan/Metal Support

Re: Is Wadsmoosh really a virus?

Post by yum13241 »

Gez wrote:Just to check -- is your Plutonia.wad valid? You can use something like HashMyFiles on it and compare with the values you find here. If it perfectly matches one of the tables, it should work, but if it doesn't, then maybe the file is corrupted and that's why Wadsmoosh fails. Based on the error messages, it seems to me your plutonia.wad file is simply not a valid .wad file...
Will do asap.
User avatar
JPL
 
 
Posts: 523
Joined: Mon Apr 09, 2012 12:27 pm

Re: Is Wadsmoosh really a virus?

Post by JPL »

Hi there, WadSmoosh author here. Yes, Windows Defender has a history of incorrectly detecting programs made with PyInstaller - the program I use to turn my Python code into an easily runnable Windows EXE - as trojans. Another open source program I develop, Playscii, has similar issues. I'm able to use MS's dev site to submit the false positive report to them, which they then clear so that future updates to Defender correctly avoid flagging it.

Two pieces of info I could use from you, though (or anyone else who's getting the malware warning): the specific name of the trojan it thinks WadSmoosh is (it'll have some cryptic name) and the exact version # of Windows Defender's virus definition files you have. These two pages should have info on how to find that info:

https://docs.microsoft.com/en-us/micros ... on-history
https://docs.microsoft.com/en-us/micros ... on-version

With this info I can submit it to MS and get the file's name cleared for all future users.
Thanks, and sorry for the scare! It's pretty frustrating, but I guess the blame is mostly on malware authors for using Python + PyInstaller and ruining the good name of everyone else.

Going into the weeds a bit: the only possible security risk I can think of is, if the Windows 10 install I use to create the WadSmoosh EXE builds is somehow compromised in a way that Defender cannot detect, that specifically knows how to target EXEs or even specifically EXEs made by PyInstaller, and embed something malicious in its Python interpreter boot code. This would be an extremely advanced hack and I'm not sure how they could even get it on to peoples' systems. I use Windows very little these days and I leave all its security features on by default, so I think it's very very unlikely that my system is compromised - and if I ever had reason to suspect it was, I'd avoid making any new builds of software until I was sure it was safe again.
yum13241
Posts: 852
Joined: Mon May 10, 2021 8:08 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): EndeavorOS (basically Arch)
Graphics Processor: Intel with Vulkan/Metal Support

Re: Is Wadsmoosh really a virus?

Post by yum13241 »

JPL wrote:Hi there, WadSmoosh author here. Yes, Windows Defender has a history of incorrectly detecting programs made with PyInstaller - the program I use to turn my Python code into an easily runnable Windows EXE - as trojans. Another open source program I develop, Playscii, has similar issues. I'm able to use MS's dev site to submit the false positive report to them, which they then clear so that future updates to Defender correctly avoid flagging it.

Two pieces of info I could use from you, though (or anyone else who's getting the malware warning): the specific name of the trojan it thinks WadSmoosh is (it'll have some cryptic name) and the exact version # of Windows Defender's virus definition files you have. These two pages should have info on how to find that info:

https://docs.microsoft.com/en-us/micros ... on-history
https://docs.microsoft.com/en-us/micros ... on-version

With this info I can submit it to MS and get the file's name cleared for all future users.
Thanks, and sorry for the scare! It's pretty frustrating, but I guess the blame is mostly on malware authors for using Python + PyInstaller and ruining the good name of everyone else.

Going into the weeds a bit: the only possible security risk I can think of is, if the Windows 10 install I use to create the WadSmoosh EXE builds is somehow compromised in a way that Defender cannot detect, that specifically knows how to target EXEs or even specifically EXEs made by PyInstaller, and embed something malicious in its Python interpreter boot code. This would be an extremely advanced hack and I'm not sure how they could even get it on to peoples' systems. I use Windows very little these days and I leave all its security features on by default, so I think it's very very unlikely that my system is compromised - and if I ever had reason to suspect it was, I'd avoid making any new builds of software until I was sure it was safe again.

Makes sense.
User avatar
JPL
 
 
Posts: 523
Joined: Mon Apr 09, 2012 12:27 pm

Re: Is Wadsmoosh really a virus?

Post by JPL »

yum13241 wrote:Makes sense.
Any chance you can get me this info? I'm not getting the same result on my machine so I need the info from someone who is.
JPL wrote:Two pieces of info I could use from you, though (or anyone else who's getting the malware warning): the specific name of the trojan it thinks WadSmoosh is (it'll have some cryptic name) and the exact version # of Windows Defender's virus definition files you have. These two pages should have info on how to find that info:

https://docs.microsoft.com/en-us/micros ... on-history
https://docs.microsoft.com/en-us/micros ... on-version

With this info I can submit it to MS and get the file's name cleared for all future users.
Also, just to make sure: you're using the version of WadSmoosh that is currently for download at https://jp.itch.io/wadsmoosh , right?
yum13241
Posts: 852
Joined: Mon May 10, 2021 8:08 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): EndeavorOS (basically Arch)
Graphics Processor: Intel with Vulkan/Metal Support

Re: Is Wadsmoosh really a virus?

Post by yum13241 »

JPL wrote:
yum13241 wrote:Makes sense.
Any chance you can get me this info? I'm not getting the same result on my machine so I need the info from someone who is.
JPL wrote:Two pieces of info I could use from you, though (or anyone else who's getting the malware warning): the specific name of the trojan it thinks WadSmoosh is (it'll have some cryptic name) and the exact version # of Windows Defender's virus definition files you have. These two pages should have info on how to find that info:

https://docs.microsoft.com/en-us/micros ... on-history
https://docs.microsoft.com/en-us/micros ... on-version

With this info I can submit it to MS and get the file's name cleared for all future users.
Also, just to make sure: you're using the version of WadSmoosh that is currently for download at https://jp.itch.io/wadsmoosh , right?

Yes.

Return to “General”