Malware with Crimson? Or False-Positive? - AMDJoe

Discussion in 'Videocards - AMD Radeon Drivers Section' started by Blackfyre, Nov 28, 2015.

  1. BoMbY

    BoMbY Member Guru

    Messages:
    185
    Likes Received:
    0
    GPU:
    Fury X
    Exactly. User folders, and stuff like that, do not necessarily work for system accounts, or ring 0, or whatever. So this folder is a fallback, maybe for the fallback. Nonetheless Malwarebytes should not wet itself about it.
     
  2. Blackfyre

    Blackfyre Maha Guru

    Messages:
    1,099
    Likes Received:
    89
    GPU:
    RTX 2070 Super
    I really hope they don't do that either.

    Malwarebytes Anti-Malware should definitely wet itself about it, and it's actually great that it did (I believe we already stated why earlier in the thread). But having established that it is not harmful as we suspected (and after PrMinisterGR looked deeper into it), we shouldn't wet ourselves about it (Malwarebyte users).

    --------------------------

    Either way I hope AMD does fix this issue that I came across, but at the same time I really hope they don't go down the path of White-Listing, but rather down the path of Black-Listing.

    Or if they do go down the path of White-Listing, they should allow us access via Crimson drivers to add whatsoever we wish into the white-list.
     
  3. Athlonite

    Athlonite Maha Guru

    Messages:
    1,316
    Likes Received:
    36
    GPU:
    Pulse RX5700 8GB
    That stands to reason MWB thinking it's trying to inject code when in actuality it is not doing that at all

    Windows 10 10586 all updated and downloaded crimson from AMD
    Global shader cache is enabled
    and no Windows\system32\amd\p directory
     
  4. Blackfyre

    Blackfyre Maha Guru

    Messages:
    1,099
    Likes Received:
    89
    GPU:
    RTX 2070 Super
    Global Shader Cache enabled via Regedit or RadeonMod? Or via "AMD Settings"?
     

  5. JonasBeckman

    JonasBeckman Ancient Guru

    Messages:
    17,475
    Likes Received:
    2,862
    GPU:
    MSI 6800 "Vanilla"
    I enabled ShaderCache globally (RegEdit but it should be the same if you use a tool for it.) and rebooted, checked and found the "p" folder and it's shader cache and then compared the time it was created against the prefetch folder and it matches LogonUI.exe so as I think someone already mentioned it's caching that programs shaders (As it will with Steam and other programs too, being able to set a blacklist would be handy - or having the driver exclude C:\Windows\* by default. - as more than fifty or so profiles slows down CNext pretty badly so one for each game is a bit problematic if you have many games installed.) so for some reason (Because the user is not yet logged in?) it's cache file appears in this "p" folder in system32 (Some backup default folder?) instead of the proper User folder with the cache files.

    EDIT: I'd say it's a bit of a annoyance but harmless, it's just a cache file and won't do anything but a fix would be welcome although on the other hand we aren't supposed to enable shader caching globally either, at least in this version of CNext even if it's supported in the current driver settings.
    (The startup autorun parameter for CNext is "-atlogon" so it's probably running when you're sitting there at the logon screen and typing in username/password thus it caches LogonUI.exe before you are properly logged in so the files end up in some default folder location though I would have preferred the temp folder or if that's unavailable the Windows temp folder.)
     
    Last edited: Dec 9, 2015
  6. Blackfyre

    Blackfyre Maha Guru

    Messages:
    1,099
    Likes Received:
    89
    GPU:
    RTX 2070 Super
    I've updated the original post so that hopefully the frequently asked questions get answered from the start for anyone seeing the post for the first time.
     

Share This Page