Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bug]: Backdoor:Win32/Bladabindi!ml #2992

Closed
1 task done
Nesho814 opened this issue Mar 19, 2023 · 7 comments
Closed
1 task done

[bug]: Backdoor:Win32/Bladabindi!ml #2992

Nesho814 opened this issue Mar 19, 2023 · 7 comments
Assignees
@lstein
Labels
bug Something isn't working

Comments

@Nesho814
Copy link

Nesho814 commented Mar 19, 2023
edited

Is there an existing issue for this?

  • I have searched the existing issues

OS

Windows

GPU

NVIDIA GeForce RTX 2070 SUPER

VRAM

8

What version did you experience this issue on?

2.3.0 standalone

What happened?

Windows Defender found a backdoor imbedded in the program

Screenshots

Zrzut ekranu 2023-03-19 231955
It's after windows tried to eliminate it and also in polish so translation here:
Incomplete elimination (Serious)
Detected: Backdoor:Win32/Bladabindi!ml
State: Failure
This application may not have been fully eliminated
Date: ----
Details: This program allows for remote access to the computer on which it's installed.
Elements affected:

Additional context

No response

Contact Details

No response
@Nesho814 Nesho814 added the bug Something isn't working label Mar 19, 2023
@Nesho814 Nesho814 changed the title [bug]: [bug]: Backdoor:Win32/Bladabindi!ml Mar 19, 2023
@Baronsworth
Copy link

same here, what is this

@Max-Basedaf
Copy link

got the same, deleted if for now

@insightler
Copy link

Also found it today, but not been using invokeai for a month, therefor guessing defender update today caused it to be found now for several of us. Below are from MS Defender logs:

Backdoor:Win32/Bladabindi!ml in these 2 locations:
\invokeai\models\diffusers\models--naclbit--trinart_stable_diffusion_v2\snapshots\59d57b9119311cf59e98fd12927fc511239abfa1\text_encoder\pytorch_model.bin; \invokeai\models\diffusers\models--runwayml--stable-diffusion-v1-5\snapshots\ded79e214aa69e42c24d3f5ac14b76d568679cc2\safety_checker\pytorch_model.bin

Trojan:Win32/Casdet!rfn in these 3 locations:
\invokeai\models\diffusers\models--runwayml--stable-diffusion-inpainting\snapshots\afeee10def38be19995784bcc811882409d066e5\safety_checker\pytorch_model.bin; \invokeai\models\diffusers\models--stabilityai--stable-diffusion-2-1\snapshots\f7f33030acc57428be85fbec092c37a78231d75a\text_encoder\pytorch_model.bin; \invokeai\models\hub\models--CIDAS--clipseg-rd64-refined\snapshots\583b388deb98a04feb3e1f816dcdb8f3062ee205\pytorch_model.bin

@lenase0077
Copy link

same here

@gwyong
Copy link

gwyong commented Mar 21, 2023

I also got this error. What is the actual problem?

@lstein lstein self-assigned this Mar 24, 2023
@Ranteck
Copy link

Ranteck commented Mar 25, 2023

Same Here

@lstein
Copy link
Collaborator

lstein commented Mar 28, 2023

The problem is that Defender is flagging stable diffusion model files as being malware, even though they are not. The only thing you can do about this is to write to Microsoft and ask them to whitelist the affected models.

Note that the file identified as having malware is actually a model file downloaded from HuggingFace. It is not part of the InvokeAI source code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lstein lstein

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@lstein @Ranteck @hipsterusername @lenase0077 @Nesho814 @gwyong @insightler @Max-Basedaf @Baronsworth