đŸ Archived View for tilde.pink âș ~ssb22 âș gradint-wrapper.gmi captured on 2024-02-05 at 10:28:26. Gemini links have been rewritten to link to archived content
âŹ ïž Previous capture (2023-04-19)
-=-=-=-=-=-=-
The genuine gradint-wrapper.exe is not a virus.
The Windows version of Gradint defaults to starting itself automatically once per day. This is because Iâve sometimes installed it for people who say they donât know how to start programs (!) and/or want to be reminded about their daily vocabulary practice.
Modern Windows laptops tend to hibernate rather than shut down. Therefore itâs no longer enough to put Gradint in the âStartupâ folderâI also have to run a background process to make sure the âonce per dayâ thing works.
It shouldnât!âThe background process wakes up once per hour and checks to see if the computer has hibernated overnight in the meantime. If the computer is being slow then it must have other problems, such as:
1. Multiple anti-virus programs all scanning at once (an anti-virus program is no substitute for being careful and/or using a safer operating system, but if you must have one then consider if *one* is sufficient because the benefits of having more are rarely worth the cost in watching them âfight each otherâ over disk access),
2. Malware that is unknown to the anti-virus programs, and/or excessive amounts of âadvertisementâ software that was either pre-loaded by a shop or downloaded by a user who canât tell the difference between advert-supported âfreeâ and real free (try telling them to check for GPL, Apache or similar licenses, and/or *verify* the reputation of the publisher; donât trust suggestions just because they *seem* to be from friends or the system),
3. Disk errors on very old hardware.
Sometimes itâs easier to replace Windows with a good GNU/Linux installation as long as the hardware is functioning.
There should normally be only one background instance, plus another if Gradint is currently open.âWhen Gradint is launched from the desktop or start menu, it tries to stop the other instances and start its own, but on Vista and above this sometimes fails and multiple background processes can result.âThis is harmless as old ones should detect the situation next time they wake up (the code to do this has been improved in recent versions).âItâs still occasionally possible for a user to launch two Gradint windows accidentally, but you should never see more than one automatically started.
Yes, this is safe. But it will start again next time you reboot or run Gradint.
That will break your Gradint installation. gradint-wrapper.exe is not just the background process: it is also the âwrapperâ for loading the main part of Gradint on Windows (I use a 2-part loader to make the Windows version easier to update from GNU/Linux).
If you upgrade to Gradint v0.9979+ you can:
Alternatively, go to Start menu > All programs > Startup, right-click on âRun gradint once per dayâ and delete it.âGradint will still start the background process when you run it manually (I set that in case it fails to find the startup folder); if you want to stop this, go to Start menu > All programs > Gradint and/or desktop > Gradint, right-click on Gradint, open in Notepad, delete once_per_day=2 and save.
Go to Start menu > All programs > Gradint > uninstall, or desktop > Gradint > uninstall. If it isnât there, try re-downloading the Gradint installer and run itâit should replace the uninstall scripts which you can then use.
To get into the âAdd/Remove Programsâ list, a program must be installed system-wide.âGradint does not install itself system-wide; it installs itself in your user nameâs home folder (unless you have an ancient version of Windows that doesnât have them).âThis means you can install Gradint even when you donât have permission to install system-wide programs (such as in a computer lab), but it also means Gradint cannot use the âAdd/Remove Programsâ list.
I have seen software that is much harder to remove.
On 13th August 2020, some anti-virus labs Iâd never heard of (AnyRun and VirusTotal, the latter citing Antiy-AVL, CrowdStrike Falcon, K7AntiVirus, Zillya, SecureAge APEX, Jiangmin and K7GW) incorrectly tagged the Gradint installer as a malicious trojan, and a company called Netcraft even sent a take-down notice to Cambridge University Information Services and the Student-Run Computing Facility hosting my website.
After I contacted AnyRun support asking for an appeal against the âverdict: malicious activityâ they had published, they confirmed their technicians decided it was a âfalse positiveâ and made that report private to the submitter, but they were unable to relay a message to the submitter that they had done so.
I donât know if this âdetectionâ effort was anything to do with an incident that began the same day involving 200+ attempts from DigitalOcean-owned IP addresses to issue POST requests to gradint.exe (causing over a gigabyte of traffic), which I then blocked and reported to DigitalOcean.âSince whoever it was continued to try (making another 700+ attempts over the next 5 days), we could just be looking at two separate issues that coincidentally started at about the same time.â(My report to DigitalOcean was made *after* Cambridge University received the take-down notice, but before I had been told about it.)
I donât yet know what it is about the Gradint installer that these âdetectorsâ objected to, but I suspect itâs because the Gradint installer unpacks copies of certain free and open source software components that Gradint uses, namely, Python (with its standard libraries), eSpeak, LAME, MadPlay, PTTS and SoX.âIt seems that the authors of these âdetectorsâ regarded any attempt to unpack another executable as suspicious, especially if itâs being done from an installer that is âunsignedâ because I have not paid Microsoftâs extortionate fee to be a ârecognisedâ publisher.âIâm glad to say that this was not the case with the âbigâ anti-virus programs (the ones Iâd heard of), which did *not* flag Gradint as malicious on that day.
I have asked Netcraft for an explanation of their take-down request and have not yet received any reply.
As I said on the Gradint download page, I have not paid Microsoft to make me a âknown publisherâ (I consider it a bit extortionate of them to require this payment even for small hobby projects)âif you make sure to fetch the installer from my own page and via HTTPS, that should be âsignatureâ enough.âIf youâre being *really* cautious then you are welcome to download the source code, install Python and all required dependencies yourself and run it that way; I simply packaged up an installer as a convenience to those Windows users who prefer a âone-clickâ setup, and I donât see why I should have to *pay Microsoft not to issue a warning*âthat seems wrong.
Some previous versions of Gradint used Task Scheduler for the âonce per dayâ feature.âThe installer for the current version of Gradint contains one call to the Task Scheduler, but only to *delete* the task that those old versions left, if present.
There are no Bitcoin addresses in Gradint.âAnyRunâs detector must have found a false positive.
Again this appears to be a false positive.âSearchProtocolHost.exe is a Microsoft component pre-installed on many versions of Windows that has frequently been known to misbehave, and it seems AnyRunâs detector misidentified it as being run by Gradint on that occasion.
All material © Silas S. Brown unless otherwise stated. Apache is a registered trademark of The Apache Software Foundation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Microsoft is a registered trademark of Microsoft Corp. Python is a trademark of the Python Software Foundation. Windows is a registered trademark of Microsoft Corp. Any other trademarks I mentioned without realising are trademarks of their respective holders.