Malware with Crimson? Or False-Positive? - AMDJoe

Discussion in 'Videocards - AMD Radeon Drivers Section' started by Blackfyre, Nov 28, 2015.

  1. Blackfyre

    Blackfyre Maha Guru

    Messages:
    1,021
    Likes Received:
    41
    GPU:
    MSI 1070 Gaming X
    Exactly. Thank you.

    It actually goes to show how thorough Malwarebytes Anti-Malware is in comparison to other Anti-Malware software.
     
  2. MacT

    MacT Member Guru

    Messages:
    185
    Likes Received:
    0
    GPU:
    2 x Sapphire HD 7970 OC
    I am sorry, did AMD write the RadeonMod? It is not up to AMD to fix unintentional consequences a 3rd party program has introduced.

    In and of itself, is Shader Cache not just a function within graphics API's? AMD don't OWN exclusive use of shader cache. They are just using the function (through their Crimson) to benefit relevant games/applications (Their AMD optimised setting). Or if you like you can set Shader Cache for each individual application within the Crimson.

    Global enable of Shader Cache through RadeonMod could very well be turning on or injecting into any and all graphics APIs (And, not just DX. Like, OpenGL has shader cache, Mantle etc). Whereas within Crimson, the Global Settings, Shader Cache - AMD Optimised is selectively controlled/limited by AMD to only apply to programs and/or games of their choosing.
     
  3. PrMinisterGR

    PrMinisterGR Ancient Guru

    Messages:
    7,005
    Likes Received:
    139
    GPU:
    Sapphire 7970 Quadrobake
    What are you even talking about? Caching Shaders is something that either the app or the GPU driver can do. It's not "there" and AMD decided to use it. The driver needs to interpret compiled shaders, store them, and then retrieve them when the app tries to compile again. It's actually quite a lot of work. There isn't really a "hack" via RadeonMod, it's a single registry switch.

    The sane option would be to have a blacklist, not a whitelist. That way we can enable and test it for everything without weird side effects like this one.
     
  4. theoneofgod

    theoneofgod Ancient Guru

    Messages:
    4,137
    Likes Received:
    74
    GPU:
    RX 580 8GB
    Shader Cache in Radeon Settings is for DX10/11 only. If AMD didn't want it being on globally I doubt we'd be able to.
     
    Last edited: Dec 1, 2015

  5. PrMinisterGR

    PrMinisterGR Ancient Guru

    Messages:
    7,005
    Likes Received:
    139
    GPU:
    Sapphire 7970 Quadrobake
    He doesn't even understand what it is. He believes that it's something preexisting that AMD simply turned on.
     
  6. Cave Waverider

    Cave Waverider Master Guru

    Messages:
    904
    Likes Received:
    49
    GPU:
    GeForce RTX 2080 Ti
    I'm wondering if this is still happening with the new Crimson 15.11.1 beta drivers.
     
  7. Falcy

    Falcy Member

    Messages:
    16
    Likes Received:
    0
    GPU:
    1060 @2.1/4.8
    Yes.
    I didn't have any "P"-folder before, but now i do.
    And Malware found three entrys.
     
  8. PrMinisterGR

    PrMinisterGR Ancient Guru

    Messages:
    7,005
    Likes Received:
    139
    GPU:
    Sapphire 7970 Quadrobake
    Can you show the names and sizes of the files? They should be 64kb in size and mostly empty if you open then with a hex editor or Notepad++.
     
  9. Falcy

    Falcy Member

    Messages:
    16
    Likes Received:
    0
    GPU:
    1060 @2.1/4.8
    Trojan.Agent, C:\Windows\System32\P, No Action By User, [9a94cdb7a6e5979fbbb764f95ea433cd],
    Trojan.Agent, C:\Windows\System32\P\AMD, No Action By User, [9a94cdb7a6e5979fbbb764f95ea433cd],
    Trojan.Agent, C:\Windows\System32\P\AMD\DxCache, No Action By User, [9a94cdb7a6e5979fbbb764f95ea433cd],


    hmm, i dont see any files.
    Seems like Malware just reacting on the folder itself.
     
  10. The Mac

    The Mac Ancient Guru

    Messages:
    4,408
    Likes Received:
    0
    GPU:
    Sapphire R9-290 Vapor-X
    still no P folder for me on the hotfix..
     

  11. PrMinisterGR

    PrMinisterGR Ancient Guru

    Messages:
    7,005
    Likes Received:
    139
    GPU:
    Sapphire 7970 Quadrobake
    You have activated the Shader Cache globally through regedit?
     
  12. The Mac

    The Mac Ancient Guru

    Messages:
    4,408
    Likes Received:
    0
    GPU:
    Sapphire R9-290 Vapor-X
    no, only in the global profile and in individual games.
     
  13. theoneofgod

    theoneofgod Ancient Guru

    Messages:
    4,137
    Likes Received:
    74
    GPU:
    RX 580 8GB
    It happens when caching is set on globally.

    I've seen the cache directory in System32 but it's never populated with any .bin files.
     
  14. sicksilvo

    sicksilvo Member

    Messages:
    20
    Likes Received:
    0
    GPU:
    Ati Mobility HD 5650 1GB
    This isn't related, but this seems like best thread to ask this.

    I've only installed driver without Crimson software, ~24h after that AMD Install Manager (installmanagerapp.exe) started sendng & recieving data packs according to my firewall.

    What kind of info has been exchanged? If new CS did this it would make more sens, collecting data to improve users expirience in future etc.

    Stopped using CCC awhile ago, old install manager never expressed such behavior
     
  15. PrMinisterGR

    PrMinisterGR Ancient Guru

    Messages:
    7,005
    Likes Received:
    139
    GPU:
    Sapphire 7970 Quadrobake
    Crimson has an "automatically update graphics driver" option at the end of the installation. You either kept that enabled, or it's an opt-in and it does the check anyway.
     

  16. sicksilvo

    sicksilvo Member

    Messages:
    20
    Likes Received:
    0
    GPU:
    Ati Mobility HD 5650 1GB
    I opted out. Tnx for fast reply!

    I don't mind it, it's just interesting to me that's all
     
  17. The Mac

    The Mac Ancient Guru

    Messages:
    4,408
    Likes Received:
    0
    GPU:
    Sapphire R9-290 Vapor-X
    could be the web content updating as well.
     
  18. MacT

    MacT Member Guru

    Messages:
    185
    Likes Received:
    0
    GPU:
    2 x Sapphire HD 7970 OC
    It is 'there'. As in : Shader caching as a function has been in DX's since forever nearly. And OpenGL. Probably Mantle too. Guessing any API would have some kind of shader caching functions which any programmer could do within the API's.

    Now, how does AMD go about doing their Shader Caching? Do they use existing available command functions through the relevant API's, or have they written something completely autonomous of the relevant API being used by the game? OK, I admit I guessed that they would be using current available command functions within the relevant API to set up the caching. Sure I could be wrong. Am I? I will stand corrected. My bad.

    Of course, of course. Umm What is that in my AppData/Local/AMD/GLCache folder?
    Just because you can 'flip' the switch does not mean it must be intended. That 'switch' is not found in the Crimson is it? If they wanted it to be used as you are using it, they would have allowed it to be enabled as such in the Crimson when you turned on Shader Cache. Instead, in Crimson you get the "AMD optimised", which is a way of AMD excluding unwanted/unrelated cache creation - something which you have sidestepped.
     
    Last edited: Dec 2, 2015
  19. theoneofgod

    theoneofgod Ancient Guru

    Messages:
    4,137
    Likes Received:
    74
    GPU:
    RX 580 8GB
    OpenGL Shader Cache doesn't obey the Shader Cache setting in Radeon Settings. Like I said. The option in Radeon Settings is for DX10/11 applications.

    Let's think of it another way. Setting Shader Cache on globally is like adding every single DX10/11 application to Radeon Settings and enabling Shader Cache individually. The result will be the same. AMD have whitelisted a handful of applications for AMD optimized. Instead, they should blacklist those that don't require it.
     
  20. PrMinisterGR

    PrMinisterGR Ancient Guru

    Messages:
    7,005
    Likes Received:
    139
    GPU:
    Sapphire 7970 Quadrobake
    All of the above can have Shader Caching enabled. The fact that most games don't have something like that means that it needs to be enforced by interpreting the game's calls. Imagine it like the frame limiter from RTSS or Triple Buffering/Vsync from RadeonPro, but on the driver level. They basically "inject" their code in the game's code, and they save the compiled shaders and serve them compiled later as needed. They might do it through one or another method, but I doubt that there are a lot of standards adhered in there, so in that sense they didn't "enable" anything. More like "forced" or "emulated".

    The earliest signs of a GLCache that I can find from AMD, are from 30/09/2014. It seems it has been there for quite a while. I believe it was enabled to help with Linux performance, and as an answer to the same thing done by NVIDIA for higher profile titles like Wolfenstein.

    This is very true. On the other hand, see below. You can enable it for everything by hand. So what's really needed is a blacklist for critical Windows processes at least. Mantle has had the Shader Cache enabled by default. It is interesting to note that it was introduced from NVIDIA as a feature to lower CPU utilization in the now famous (?) DX11 337.50 driver.
    All and all I'm quite happy they did this. It has helped a lot with loading times, stutter and CPU temps.

     

Share This Page