waste of time.

[mvsite]

nevermind, i believe it's probably a trojan but no need to rant about it. good luck everyone.

[michtesar]

I can confirm it works as it should.

[llagerlof]

@mvsite Do you mind explaining why you are thinking that? I mean, you probably have a reason.

[mvsite]

It started with installing gpt4all-0.1.0-win64.exe under sandboxie and the exe kept spawning hundreds of copies of itself which was not reassuring. It didn't make sense in any context and I never see that behavior. (each instance closed and I was only seeing this because of the process management in the sandbox) I run a huge amount of software in sandboxes like this and never see this behavior. I then tried the process in a virtual machine and it ran. I thought maybe it was triggering a payload on bare metal, but was detecting the virtual machine environment and staying dormant. In the VM since the software was working I downloaded the default model and asked several lowball questions like "list three colors." and always got bogus eliza-type answers that could have been answers to anything, leading me to think the entire software was fake. Combined with the suspicous spawning on bare metal (albeit in a sandbox) I started some triage and saw this. It could be some false positives, but it was in this context that I posted my rant:

[llagerlof]

Interesting. Just to add some information to this thread, I sent the file gpt4all-0.1.0-win64.exe (md5: 0dc66b8c396ca4502d5ac338a6fc087f) to Virus Total and it passed all scans.

[TheTinfoilTricorn]

I got a strange PUA:Win32/CandyOpen in an old FL studio file upon placing the extracted zip in a C drive directory path. I removed the old FL studio file affected, but I do wonder about injections into the zip.