mersenneforum.org  

Go Back   mersenneforum.org > Great Internet Mersenne Prime Search > Hardware

Reply
 
Thread Tools
Old 2021-07-30, 19:41   #12
a1call
 
a1call's Avatar
 
"Rashid Naimi"
Oct 2015
Remote to Here/There

2,141 Posts
Default

FTR my Antivirus software just reported that it blocked a suspicious activity by WhyNotWin11.

Can a Mod please remove the links and references in post-1.

If you have run the software already please note the warning.

Apologies for the posting. I thought it would be safe based on the cnet article.
a1call is offline   Reply With Quote
Old 2021-07-30, 21:00   #13
Uncwilly
6809 > 6502
 
Uncwilly's Avatar
 
"""""""""""""""""""
Aug 2003
101×103 Posts

2·19·263 Posts
Default

I broke the links. Anyone who wants to investigate it will have to do some assembly work.
Uncwilly is online now   Reply With Quote
Old 2021-07-30, 21:03   #14
a1call
 
a1call's Avatar
 
"Rashid Naimi"
Oct 2015
Remote to Here/There

214110 Posts
Default

Acknowledged with thanks.
FTR I did not have any warnings the 1st time I ran it when I initially posted.
Only when I ran it today.

Last fiddled with by a1call on 2021-07-30 at 21:07
a1call is offline   Reply With Quote
Old 2021-07-30, 21:49   #15
henryzz
Just call me Henry
 
henryzz's Avatar
 
"David"
Sep 2007
Cambridge (GMT/BST)

23×739 Posts
Default

It wouldn't surprise me if it is an oversensitive AV complaining because it is doing fairly invasive checks.
henryzz is offline   Reply With Quote
Old 2021-07-30, 22:38   #16
a1call
 
a1call's Avatar
 
"Rashid Naimi"
Oct 2015
Remote to Here/There

85D16 Posts
Default

Well, the thing is I did not have a warning the 1st time I ran the program (Or at least I can't remember to).
There are not any other complaints indexed by google anywhere so far.
The attachment is a screenshot from my AV.
Attached Thumbnails
Click image for larger version

Name:	EBY-100-A.jpg
Views:	44
Size:	125.2 KB
ID:	25369  
a1call is offline   Reply With Quote
Old 2021-07-31, 04:52   #17
a1call
 
a1call's Avatar
 
"Rashid Naimi"
Oct 2015
Remote to Here/There

2,141 Posts
Default

I googled:
whynotwin11 malware

The site www. joesandbox. com reports it as Malicious:

Quote:
System Summary:
barindex
Binary is likely a compiled AutoIt script file
Show sources
Malware Analysis System Evasion:
barindex
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Show sources
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Show sources
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Show sources
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Show sources
Query firmware table information (likely to detect VMs)
Here is a closed GitHub discussion regarding false ownership:

https://github.com/rcmaehl/WhyNotWin11/issues/66

a reddit discussion:

Quote:
This website is not affiliated with the creator of the program. Although it uses a good download link at the time of this writing, I don't suggest anybody link others to this website, as they can change the link to a malicious one at any time.




UPDATE: They have switched the download link. Absolutely do not use.
https://www.reddit.com/r/Windows11/c...hynotwin11com/


From Norton "File-Insight":

Quote:
Filename: WhyNotWin11.exe

____________________________

____________________________


Developers
Not Available

Version
2.3.0.3

Identified
2021-07-02 at 6:10:19 PM

Last Used
2021-07-30 at 3:31:50 PM

Startup Item
No


____________________________


Many Users
Thousands of users in the Norton Community have used this file.

Mature
This file was released 30 days ago.

Bad
There are many indications that this file is untrustworthy.

Another closed discussion from github:
Multiple Vendors False Positives #49
https://github.com/rcmaehl/WhyNotWin11/issues/49

Last fiddled with by a1call on 2021-07-31 at 05:19
a1call is offline   Reply With Quote
Old 2021-07-31, 12:14   #18
henryzz
Just call me Henry
 
henryzz's Avatar
 
"David"
Sep 2007
Cambridge (GMT/BST)

23·739 Posts
Default

That list is things we would expect it to do.
henryzz is offline   Reply With Quote
Old 2021-07-31, 14:25   #19
S485122
 
S485122's Avatar
 
"Jacob"
Sep 2006
Brussels, Belgium

174210 Posts
Minus

Quote:
Originally Posted by henryzz View Post
That list is things we would expect it to do.
Indeed.
Most antivirus software do not like administrative tools (which they often categorise as hack tools.) Just try to retrieve the serial numbers of the installed software : most of the tools will be blocked by the "antivirus" software.

Jacob
S485122 is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to avoid the dirty flag in gpuowl builds? azhad Information & Answers 7 2021-04-03 01:53
Gpuowl Windows builds kriesel GpuOwl 27 2021-03-03 01:11
ARM builds and SIMD-assembler prospects ewmayer Mlucas 183 2019-02-25 08:17
Running 32-bit builds on a Win7 system ewmayer Programming 34 2010-10-18 22:36
Personal Supercomputer? georgekh Hardware 39 2004-11-07 00:55

All times are UTC. The time now is 03:01.


Sun Oct 17 03:01:25 UTC 2021 up 85 days, 21:30, 0 users, load averages: 1.08, 1.17, 1.77

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.