Author

Topic: Electrum 3.0.3 malware Atc4.Detection (Read 176 times)

legendary
Activity: 1624
Merit: 2481
January 04, 2018, 10:09:59 AM
#5
Yes you are right. Do you know how i can do that on windows?
I have download Keopatra but i don't know what should i do next...

Here is a small tutorial on how to verify signatures on windows: https://www.deepdotweb.com/jolly-rogers-security-guide-for-beginners/how-to-verify-your-downloaded-files-are-authentic/

Replace the mentioned signatures with the ones for electrum.

Current electrum installer (windows) :
Code:
-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJaL3HRAAoJECvVgkt/lHDml7cQAIFCtI3w+2/FPWzKImdJCRky
jlOsHWYNTlODAvj1SPCP/jZkrf9dpGjqXrAIQ7q4feOnCKvlKrJCZeHe+9sHkyqD
TDDOIOORFxCFdnk4TgPe+g3kVT2/9nsIwq4n35JZVC7QQD0q9k1Epv015fQhDdoQ
fcZoq9YqSQ8zDnhd6egRYe33Tip4JWFhaHYQw/FZp3W1+/L7WBqf+z5HxdzKOpJ/
93vnhh2m2xHltqL8hZ3KXaGXAPoubffu6+BIvlKbbDX9WULIrcbHgQABYhTZ7qWj
Gu+n+lXh4omZcltSxEk6zp1jU7+7pwu9GET0epN80OAY3AfoUors4oiYYM7ab4mk
rxvPODm68z4nZE4OWDptV71yI/T5OfDT+lB3KYgtdpco7NL11Vj8PdKQJBK6ItBx
qGDr5yAfS9tm9cEKUqQSpnN+GMTYNs8b3ChLGKi2XpVSSnjzX8Z1rvYJyxhkPKvF
qSjkZLLERbKwPYsxFGECLSET6G9MBXUL0v/R9zd22WVqtyT9uPVuzIqLH7Wh5H7k
7a48+6UmGbzmwPcvaqRe4QJOAHWJv9dQ3//6KI+PV4mBBfdAqzGccJ5Fsqh2+T1s
lvlh58wHzwD2LGyaGWhA5G+6LYudbixadoOKsey8l5trgcIOcQkwe+ES1QBWtIaL
9ctR8vlq48L+/GbkX4dT
=PtAe
-----END PGP SIGNATURE-----

Standalone executable:
Code:
-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJaL3HRAAoJECvVgkt/lHDm26gP/1jsHO6onEiy+wiNaZY5M1vo
QGCOyB7EixcPKXFZ8wCLmjFjdg4gubeFYIxJ0qfFOSSeRZ6JrHbKJAalhZ/x62yQ
nxSsNa+Zw8zP5p2wJ3+sLHsmF6GZrUAt07BzBmBjTUZNSfAxgRPo5U8X9SyDne23
p5zU+b5pJg90O4z5G8KgqefIyLMpo3ejgp8g7w7E0l9Tw3RH/7Ci5N4dURDkHXAY
AWVEoKpiMlGO3/umgm2AurZ0eq/9uLsHHIXlHTleXd3zVrkz+YngZs72z9S2XgkV
ADDjLojlr19EM6a6nFIIVGYUjIJo6wMDawmszQVrbcNHtV4/AuYFiNXIo9fF81qe
wml+3nmDf2sfhLPha5L1pzYkTdBI4KL3sBgyUXUKUYmmOb2W3gYtcwBeHlf46KJS
wslaRGS/X/BLvtu6QvQOvK/oggVa2J9jMTubLeT8/JXDJk7Dj4PeE3m9GGtcR3+c
VN+l5X4pA5BGvj4uahKJtUdpXNPxlgIMakplYGVHqD3x88IyalitapT6OGWuX9wi
7k3R18mICAE31ZwCEI1O8XyyzeZuAAqMawF6ovMOQFc2OYz/W/sB6Is1a+TeVV27
MUK+kk3jOOOo/H8ncuUNyN7YeXOxQU1D+huP1+R7Eq/j10hGuvX0mco78X4KmQtd
qXUrdp5Xe9RoxQzzxZUC
=E/my
-----END PGP SIGNATURE-----

Both to be found on the official site: https://electrum.org/#download

Additinally from the official site: Sources and executables are signed by ThomasV (https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6)
full member
Activity: 230
Merit: 100
19/11/2018 - Capitulation !!!!
January 04, 2018, 05:54:59 AM
#4
That's very likely just a false-positive. I downloaded the file from the website, scanned and got the same result.

Just make sure to download the file from electrum.org (which is the ONLY official website) and you will be fine.

downloading from the original (real) website only reduces the risk of downloading a fake wallet installation file with malware. the website may have been compromised and the attacker might have placed his malware in place of real files. although this is highly unlikely but the chance is not 0.

the only solution is to first find the real developer's PGP pubkey: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6
then verify the signature of downloaded files to make sure they are real. now you can be 100% sure.

Yes you are right. Do you know how i can do that on windows?
I have download Keopatra but i don't know what should i do next...
legendary
Activity: 3472
Merit: 10611
January 04, 2018, 12:04:53 AM
#3
That's very likely just a false-positive. I downloaded the file from the website, scanned and got the same result.

Just make sure to download the file from electrum.org (which is the ONLY official website) and you will be fine.

downloading from the original (real) website only reduces the risk of downloading a fake wallet installation file with malware. the website may have been compromised and the attacker might have placed his malware in place of real files. although this is highly unlikely but the chance is not 0.

the only solution is to first find the real developer's PGP pubkey: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6
then verify the signature of downloaded files to make sure they are real. now you can be 100% sure.
legendary
Activity: 2758
Merit: 6830
January 03, 2018, 02:00:12 PM
#2
That's very likely just a false-positive. I downloaded the file from the website, scanned and got the same result.

Just make sure to download the file from electrum.org (which is the ONLY official website) and you will be fine.
full member
Activity: 230
Merit: 100
19/11/2018 - Capitulation !!!!
January 03, 2018, 01:32:51 PM
#1
I have Bitdefender installed on my windows and when i try to open Electrum my antivirus moves it to quarantine. I upload it on virustotal https://www.virustotal.com/#/file/f030699fe93e38d882c0734664207000756a32d0606ed714473f2f29e8156a31/detection and it's flagged from 6 other antivirus but not from bitdefender (very weird). I have installed on my pc bitdefender and malwarebytes.
Any idea what should i do?
Jump to: