Microsoft Defender Antivirus has detected malware in lexart model included with this extension #12
Description
Until this is resolved, I highly recommend switching to a different, safe model (see first comment below), and if you don't know how to do that, cease using this extension. Could be a false alarm, but safer to trust Microsoft rather than disable pickle checks.
Repro steps:
- Install extension
- Switch to promptgen tab, generate a result
- In auto1111, this error is reported:
AttributeError: 'NoneType' object has no attribute 'keys' - Windows Defender alerted me to a threat
Note that promptgen cannot be used once the file has been quarantined. So this is a critical issue even if Defender is throwing a false alarm.
I'll note that I've been using promptgen happily for months, this is the first time Defender popped up. Possible this is a false alarm, but also possible it's a newly updated model on huggingface, or a newly updated definition by MS which finds malware which had always been present. Looking at Defender, this issue started popping up 3/15.
See details below:
auto1111 console:
Error completing request
Arguments: ('task(haiekb5zjbi57or)', 'AUTOMATIC/promptgen-lexart', 1, 10, 'android', 20, 150, 1, 1, 1, 1, 'Top K', 12, 0.15) {}
Traceback (most recent call last):
File "D:\hal\stable-diffusion\auto\modules\call_queue.py", line 56, in f
res = list(func(*args, **kwargs))
File "D:\hal\stable-diffusion\auto\modules\call_queue.py", line 37, in f
res = func(*args, **kwargs)
File "D:\hal\stable-diffusion\auto\extensions\stable-diffusion-webui-promptgen\scripts\promptgen.py", line 99, in generate
current.model = transformers.AutoModelForCausalLM.from_pretrained(path)
File "D:\hal\stable-diffusion\auto\venv\lib\site-packages\transformers\models\auto\auto_factory.py", line 463, in from_pretrained
return model_class.from_pretrained(
File "D:\hal\stable-diffusion\auto\venv\lib\site-packages\transformers\modeling_utils.py", line 2258, in from_pretrained
loaded_state_dict_keys = [k for k in state_dict.keys()]
AttributeError: 'NoneType' object has no attribute 'keys'
Error verifying pickled file from C:\Users\hal/.cache\huggingface\hub\models--AUTOMATIC--promptgen-lexart\snapshots\fe1dd16ac290199872bb27a0f72dc20839e81ed5\pytorch_model.bin:
Traceback (most recent call last):
File "D:\hal\stable-diffusion\auto\modules\safe.py", line 135, in load_with_extra
check_pt(filename, extra_handler)
File "D:\hal\stable-diffusion\auto\modules\safe.py", line 81, in check_pt
with zipfile.ZipFile(filename) as z:
File "C:\Users\hal\AppData\Local\Programs\Python\Python310\lib\zipfile.py", line 1249, in __init__
self.fp = io.open(file, filemode)
OSError: [Errno 22] Invalid argument: 'C:\\Users\\hal/.cache\\huggingface\\hub\\models--AUTOMATIC--promptgen-lexart\\snapshots\\fe1dd16ac290199872bb27a0f72dc20839e81ed5\\pytorch_model.bin'
The file may be malicious, so the program is not going to read it.
You can skip this check with --disable-safe-unpickle commandline argument.
Windows event log:
Log Name: Microsoft-Windows-Windows Defender/Operational
Source: Microsoft-Windows-Windows Defender
Date: 3/19/2023 10:39:36 AM
Event ID: 1116
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: <name>
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0
Name: Trojan:Script/Wacatac.H!ml
ID: 2147814524
Severity: Severe
Category: Trojan
Path: file:_C:\Users\hal\.cache\huggingface\hub\models--AUTOMATIC--promptgen-lexart\blobs\8bb89c281830a1a860eab274def8a89f401ef1a38f727ace494edd0f90081404
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
User: MANDO\hal
Process Name: C:\Users\hal\AppData\Local\Programs\Python\Python310\python.exe
Security intelligence Version: AV: 1.385.456.0, AS: 1.385.456.0, NIS: 1.385.456.0
Engine Version: AM: 1.1.20100.6, NIS: 1.1.20100.6