Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microsoft Defender Antivirus has detected malware in lexart model included with this extension #12

Open
halr9000 opened this issue Mar 19, 2023 · 3 comments
Open

Microsoft Defender Antivirus has detected malware in lexart model included with this extension #12

halr9000 opened this issue Mar 19, 2023 · 3 comments

Comments

@halr9000
Copy link

halr9000 commented Mar 19, 2023
edited

Until this is resolved, I highly recommend switching to a different, safe model (see first comment below), and if you don't know how to do that, cease using this extension. Could be a false alarm, but safer to trust Microsoft rather than disable pickle checks.

Repro steps:

  1. Install extension
  2. Switch to promptgen tab, generate a result
  3. In auto1111, this error is reported: AttributeError: 'NoneType' object has no attribute 'keys'
  4. Windows Defender alerted me to a threat

Note that promptgen cannot be used once the file has been quarantined. So this is a critical issue even if Defender is throwing a false alarm.

I'll note that I've been using promptgen happily for months, this is the first time Defender popped up. Possible this is a false alarm, but also possible it's a newly updated model on huggingface, or a newly updated definition by MS which finds malware which had always been present. Looking at Defender, this issue started popping up 3/15.

image

See details below:

auto1111 console:

Error completing request
Arguments: ('task(haiekb5zjbi57or)', 'AUTOMATIC/promptgen-lexart', 1, 10, 'android', 20, 150, 1, 1, 1, 1, 'Top K', 12, 0.15) {}
Traceback (most recent call last):
  File "D:\hal\stable-diffusion\auto\modules\call_queue.py", line 56, in f
    res = list(func(*args, **kwargs))
  File "D:\hal\stable-diffusion\auto\modules\call_queue.py", line 37, in f
    res = func(*args, **kwargs)
  File "D:\hal\stable-diffusion\auto\extensions\stable-diffusion-webui-promptgen\scripts\promptgen.py", line 99, in generate
    current.model = transformers.AutoModelForCausalLM.from_pretrained(path)
  File "D:\hal\stable-diffusion\auto\venv\lib\site-packages\transformers\models\auto\auto_factory.py", line 463, in from_pretrained
    return model_class.from_pretrained(
  File "D:\hal\stable-diffusion\auto\venv\lib\site-packages\transformers\modeling_utils.py", line 2258, in from_pretrained
    loaded_state_dict_keys = [k for k in state_dict.keys()]
AttributeError: 'NoneType' object has no attribute 'keys'

Error verifying pickled file from C:\Users\hal/.cache\huggingface\hub\models--AUTOMATIC--promptgen-lexart\snapshots\fe1dd16ac290199872bb27a0f72dc20839e81ed5\pytorch_model.bin:
Traceback (most recent call last):
  File "D:\hal\stable-diffusion\auto\modules\safe.py", line 135, in load_with_extra
    check_pt(filename, extra_handler)
  File "D:\hal\stable-diffusion\auto\modules\safe.py", line 81, in check_pt
    with zipfile.ZipFile(filename) as z:
  File "C:\Users\hal\AppData\Local\Programs\Python\Python310\lib\zipfile.py", line 1249, in __init__
    self.fp = io.open(file, filemode)
OSError: [Errno 22] Invalid argument: 'C:\\Users\\hal/.cache\\huggingface\\hub\\models--AUTOMATIC--promptgen-lexart\\snapshots\\fe1dd16ac290199872bb27a0f72dc20839e81ed5\\pytorch_model.bin'


The file may be malicious, so the program is not going to read it.
You can skip this check with --disable-safe-unpickle commandline argument.

Windows event log:

Log Name:      Microsoft-Windows-Windows Defender/Operational
Source:        Microsoft-Windows-Windows Defender
Date:          3/19/2023 10:39:36 AM
Event ID:      1116
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      <name>
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
 For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0
 	Name: Trojan:Script/Wacatac.H!ml
 	ID: 2147814524
 	Severity: Severe
 	Category: Trojan
 	Path: file:_C:\Users\hal\.cache\huggingface\hub\models--AUTOMATIC--promptgen-lexart\blobs\8bb89c281830a1a860eab274def8a89f401ef1a38f727ace494edd0f90081404
 	Detection Origin: Local machine
 	Detection Type: FastPath
 	Detection Source: Real-Time Protection
 	User: MANDO\hal
 	Process Name: C:\Users\hal\AppData\Local\Programs\Python\Python310\python.exe
 	Security intelligence Version: AV: 1.385.456.0, AS: 1.385.456.0, NIS: 1.385.456.0
 	Engine Version: AM: 1.1.20100.6, NIS: 1.1.20100.6
@halr9000
Copy link
Author

halr9000 commented Mar 19, 2023
edited

Interesting, 3 days ago, someone submitted PR for a safetensors version on hf here https://huggingface.co/AUTOMATIC/promptgen-lexart/discussions/1

That'd be nice right about now @AUTOMATIC1111

@halr9000
Copy link
Author

Reported on hf https://huggingface.co/AUTOMATIC/promptgen-lexart/discussions/2

@0lm
Copy link

0lm commented May 3, 2023
edited

Could you tell me where the models even are saved?
I installed the models by adding the Huggingface Name into Promptgen Tab in the Settings. But I never could find out where exactly they were downloaded. That said, I let Windows Defender scan the whole Stable Diffusion Directory and also the huggingface cache in the Userfolder. There was no alert for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@halr9000 @0lm