malware found inside - cond_stage_model_decode.pt - Real or FP?

[creeduk]

June 1st using another custom node with a Lama Remover I selected the model LDM, it starts to download dependency and has a use if IOPaint and the LDM Decode model:

LDM_DECODE_MODEL_URL = os.environ.get( "LDM_DECODE_MODEL_URL", "https://github.com/Sanster/models/releases/download/add_ldm/cond_stage_model_decode.pt",

Yesterday evening my AV reported Trojan:win32/Sirefef!cfg and quarantined the model. Some googling on the model has limited results, but the trojan I see some reports of false positives associated with other SD things. Can you check and confirm if it is safe or is it some how pickled or just an FP?

I will let the LayerStyles Custom node author now as well

[Saaalih2g]

تاكد من مدى ضرره على الجهاز في ثلاثاء، 4 يونيو، 2024 في 7:52 م، كتب creeduk ***@***.***>:

…

June 1st using another custom node with a Lama Remover I selected the model LDM, it starts to download dependency and has a use if IOPaint and the LDM Decode model: LDM_DECODE_MODEL_URL = os.environ.get( "LDM_DECODE_MODEL_URL", " https://github.com/Sanster/models/releases/download/add_ldm/cond_stage_model_decode.pt ", Yesterday evening my AV reported Trojan:win32/Sirefef!cfg and quarantined the model. Some googling on the model has limited results, but the trojan I see some reports of false positives associated with other SD things. Can you check and confirm if it is safe or is it some how pickled or just an FP? I will let the LayerStyles Custom node author now as well — Reply to this email directly, view it on GitHub <#536>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A5IDPXDLULEW4IDRBZ6GIUTZFXWDHAVCNFSM6AAAAABIY4YRGOVHI2DSMVQWIX3LMV43ASLTON2WKOZSGMZTGOJXGEYDONQ> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[creeduk]

I don't see any and hopefully there is none. Doing a full system check.

Checking this page - https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Sirefef!cfg I looked at the other files it shows could be on the system and found none. It did not report malware in memory, I did run that cleaner option a few times to evaluate which Lama Models did the best jobs for various situations.

Not sure if there is an alt model, did you train the model, is it capable of doing anything malicious while running in that model in comfy?
I would appreciate if anybody can validate a false positive? I have stopped using that module of the layerstyles node that called this and using alternative lama for now.