Electrum wallet virus - page 2. | Bitcointalksearch.org

keyboard warrior

sr. member

Activity: 266

Merit: 251

Quote from: thenarog on January 07, 2018, 08:21:33 AM

Very strange Electrum 3.04 seems a phising link for me...They say to update but i can't read nothing on electrum official website.

This warning is written at the top of the electrum website home page. I don't know how you missed it.

https://electrum.org/#home

Quote

Security Notice: A vulnerability has been found in Electrum, and patched in version 3.0.5. Please update your software if you are running an earlier version

The release notes on the electrum github explain that version 3.0.4 didn't completely fix the vulnerability, so version 3.0.5 was quickly released a day later.

https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

Quote

# Release 3.0.5 : (Security update)

This is a follow-up to the 3.0.4 release, which did not completely fix
issue #3374. Users should upgrade to 3.0.5.

* The JSONRPC interface is password protected
* JSONRPC commands are disabled if the GUI is running, except 'ping',
which is used to determine if a GUI is already running

thenarog

member

Activity: 113

Merit: 10

Very strange Electrum 3.04 seems a phising link for me...They say to update but i can't read nothing on electrum official website.

AlexBeast

newbie

Activity: 2

Merit: 0

Quote from: bob123 on January 06, 2018, 09:44:55 AM

Quote from: AlexBeast on January 05, 2018, 05:39:12 PM

Hey guys, I know It's an old thread, but my antivirus
finds new infected files every 5 minutes

always in the same directory.. I can't do a system restore because it's windows 8.1 recovery error 0x80070005

And every single infected file ends with .pyc
e.g.: bitcoin.pyc

.pyc are compiled python files (modules loaded in scripts).
Did you already try to do a full scan of your pc with your AV?

How is this problem related to electrum? Did this problem start occuring after you installed electrum?
If so, did you check the signature or at least the checksum?

You can find the signature for the current windows installer [1] and the standalone executable [2] on their official site, just like the ThomasV's PGP key [3].
You can verify your files (if you have gpg installed) with gpg --verify electrum-3.0.3.exe.asc electrum-3.0.3.exe in your command line.

[1] .asc
[2] .asc
[3] https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6

Yeah, It happend immediately after installing Electrum and GPG thing, I don't know which one is the culprit. I managed to restore my system..
But I'm still using Electrum 2.xx.
I'm afraid of using the gpg verifier because It might happen again. So I'll backup my system and try Electrum 3.0.3.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: TeePee on January 07, 2018, 01:01:31 AM

Would it be incredibly dangerous to therefore skip that step, as long as I make sure I only download Electrum from the official website https://electrum.org/#download ?

Generally speaking, no. Its relatively hard to replace the information on that site. However, it is by no means, impossible if you have a zero day exploit or is a huge organisation with vast resources (ie. Governments).

Quote from: TeePee on January 07, 2018, 01:01:31 AM

After all, the version on there has to be the original, real one for sure? Any yes, some people will now probably answer that you can never be sure, but as long as I can be 99,9999999% sure then it's fine for me.

No. There's no such thing as real or fake. If you were to download from there and verify the signature, it would be just like saying you trust ThomasV and he is correct.

If you need to verify: https://bitcointalksearch.org/topic/m.25624488.

TeePee

member

Activity: 183

Merit: 13

Quick question guys:

I'm not very good with computers and I therefore have troubles understanding how to verify a signature. I read everywhere that you need to do this when downloading Electrum 3.0.4
Would it be incredibly dangerous to therefore skip that step, as long as I make sure I only download Electrum from the official website https://electrum.org/#download ?
After all, the version on there has to be the original, real one for sure? Any yes, some people will now probably answer that you can never be sure, but as long as I can be 99,9999999% sure then it's fine for me.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: digaran on January 06, 2018, 10:52:17 PM

Warning, read the news header in here, do not use Electrum 3.0.3 because it is compromised, update your Electrum clients immediately.[/color][/size]

stop being dramatic, Electrum is not compromised and it certainly has NOTHING to do with this topic.

what happened is that any version below 3.0.3 has a vulnerability that may be compromised if
- you have Electrum open
- you haven't set a password
- at the same time you visit a website that is looking for this exploit and runs a script using the RPC commands to steal your private keys

digaran

copper member

Activity: 1330

Merit: 899

🖤😏

Warning, read the news header in here, do not use Electrum 3.0.3 because it is compromised, update your Electrum clients immediately.

Spendulus

legendary

Activity: 2926

Merit: 1386

Quote from: olubams on December 13, 2017, 12:02:56 AM

Quote from: bcgloat on December 12, 2017, 09:00:38 PM

Hello everybody! I was just getting ready to start my experience with bitcoin and as many recommended, I downloaded Electrum for windows 10 from the official site but as the download finished, windows defender has found a virus, a trojan and deleted it automatically. This seems a bit strange because I've seen many people talking about this wallet positively, could you tell me if you get the same result? I plan to buy soon from Coinbase, what wallet for desktop should I get instead of Electrum? Please let me know, thank you very much!

Since you have said it's from the official site, then its to be sure its really from the official site. If its there, then there is nothing to worry about. A lot of people uses this software and it is yet to fail which its expected to stay that way. I have downloaded it but on Windows 8.1 which I haven't had any issue whatsoever even with a very strong anti virus until I discontinue its use. Just go trace the source, validate it, then make exception for your antivirus or better still download the android version.

It's not enough to tell people to "be sure it's really from the official site."

This is what is necessary.

A) Locate the official site, such as by looking at bitcoin talk.org. NOT GOOGLE.

B) Type the URL in. Do not click on a link.

C) DL the program and verify the PGP signature.

Do it, get used to it. Do it again just for practice.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: AlexBeast on January 05, 2018, 05:39:12 PM

Hey guys, I know It's an old thread, but my antivirus
finds new infected files every 5 minutes

always in the same directory.. I can't do a system restore because it's windows 8.1 recovery error 0x80070005

And every single infected file ends with .pyc
e.g.: bitcoin.pyc

.pyc are compiled python files (modules loaded in scripts).
Did you already try to do a full scan of your pc with your AV?

How is this problem related to electrum? Did this problem start occuring after you installed electrum?
If so, did you check the signature or at least the checksum?

You can find the signature for the current windows installer [1] and the standalone executable [2] on their official site, just like the ThomasV's PGP key [3].
You can verify your files (if you have gpg installed) with gpg --verify electrum-3.0.3.exe.asc electrum-3.0.3.exe in your command line.

[1] https://download.electrum.org/3.0.3/electrum-3.0.3-setup.exe.asc
[2] https://download.electrum.org/3.0.3/electrum-3.0.3.exe.asc
[3] https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6

AlexBeast

newbie

Activity: 2

Merit: 0

Hey guys, I know It's an old thread, but my antivirus
finds new infected files every 5 minutes

always in the same directory.. I can't do a system restore because it's windows 8.1 recovery error 0x80070005

And every single infected file ends with .pyc
e.g.: bitcoin.pyc

bcgloat

newbie

Activity: 14

Merit: 0

i've accidentally tried again to download electrum and i haven't had that problem again

bcgloat

newbie

Activity: 14

Merit: 0

thanks, I know that bitcoin site but I would like to know, if Electrum is considered the best for Win10, what's the second one? A person suggested me Jaxx but on Quora they said it was badly coded and that has been hacked etc. I prefer not to install something on my cellphone nor installing other OS on my laptop but in the near future I plan to buy an hardware wallet. However, is it so dangerous to keep them on Coinbase? I've read there that they are insured and that they store the 98% of the customer's funds in a cold storage

HCP

legendary

Activity: 2086

Merit: 4363

I downloaded v3.0.3 yesterday... tried to run it... Windows popped up a big red box saying that it was blocked... Something about it not being signed software... Defender and MalwareBytes both detected nothing... I verified the digital signature of the file using GPG and signature... Re-ran it, and clicked the "proceed anyway" button on the big red warning box Tongue

I assume the warning was because it wasn't a "windows" signed application... probably requiring payment to Microsoft Tongue

harizen

legendary

Activity: 3122

Merit: 1398

For support ➡️ help.bc.game

Quote from: bcgloat on December 13, 2017, 01:25:34 AM

thanks to everybody, you have been all very kind. Could you suggest me another good wallet that I could try?

https://bitcoin.org/en/wallets/desktop/windows/

https://bitcoin.org/en/wallets/hardware/

You can also consider using Mobile wallets but study first what is that all about.

Quote from: bcgloat on December 12, 2017, 09:00:38 PM

Hello everybody! I was just getting ready to start my experience with bitcoin and as many recommended, I downloaded Electrum for windows 10 from the official site but as the download finished, windows defender has found a virus, a trojan and deleted it automatically. This seems a bit strange because I've seen many people talking about this wallet positively, could you tell me if you get the same result? I plan to buy soon from Coinbase, what wallet for desktop should I get instead of Electrum? Please let me know, thank you very much!

Windows Defender is not that sensitive in terms of malwares and small virus. I don't know what's the catch here so to verify that, I downloaded Electrum just now and my Windows Defender didn't detect such malwares.

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: bcgloat on December 13, 2017, 01:25:34 AM

thanks to everybody, you have been all very kind. Could you suggest me another good wallet that I could try?

Do you know how to use Linux? It does not really need a highly technical person to use it. I suggest you try Bitkey. It is a bootable Linux operating system with all your Bitcoin storage needs preinstalled.

https://bitkey.io/

bcgloat

newbie

Activity: 14

Merit: 0

thanks to everybody, you have been all very kind. Could you suggest me another good wallet that I could try?

Malamok101

full member

Activity: 868

Merit: 100

Proof-of-Stake Blockchain Network

I think it's not legit the electreum because most of us are scam and it's too much to use here because everyone has to use it just because of the time and tired of it because the electreum does not have an exchanger marketcap, I just say no to this facebook scam and do not waste time here because it does not pay anything.

olubams

hero member

Activity: 798

Merit: 503

Quote from: bcgloat on December 12, 2017, 09:00:38 PM

Hello everybody! I was just getting ready to start my experience with bitcoin and as many recommended, I downloaded Electrum for windows 10 from the official site but as the download finished, windows defender has found a virus, a trojan and deleted it automatically. This seems a bit strange because I've seen many people talking about this wallet positively, could you tell me if you get the same result? I plan to buy soon from Coinbase, what wallet for desktop should I get instead of Electrum? Please let me know, thank you very much!

Since you have said it's from the official site, then its to be sure its really from the official site. If its there, then there is nothing to worry about. A lot of people uses this software and it is yet to fail which its expected to stay that way. I have downloaded it but on Windows 8.1 which I haven't had any issue whatsoever even with a very strong anti virus until I discontinue its use. Just go trace the source, validate it, then make exception for your antivirus or better still download the android version.

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: pooya87 on December 12, 2017, 11:39:42 PM

first make sure that you have actually downloaded the correct file!
the real one is this:
https://download.electrum.org/3.0.3/electrum-3.0.3-setup.exe
then verify the signature of what you have downloaded by using the file signature:
https://download.electrum.org/3.0.3/electrum-3.0.3-setup.exe.asc
and the signers public key:
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6

if you did that and the signature was correct then you can be sure that your antivirus is detecting a false positive. simply ignore it (add Electrum to exclusion list of your AV or use another AV). it is not the first time they have detected Electrum as a trojan or something.

We cannot stress this enough to the new users.

Learn how to use PGP and checksums for verifying anything you download online, even if it is from a trusted source. Windows users especially.

With that in mind, I believe we should get ready for the newbies. Bitcoin's new found popularity among the mainstream will take them here to ask questions and complain. Haha.

pooya87

legendary

Activity: 3472

Merit: 10611

first make sure that you have actually downloaded the correct file!
the real one is this:
https://download.electrum.org/3.0.3/electrum-3.0.3-setup.exe
then verify the signature of what you have downloaded by using the file signature:
https://download.electrum.org/3.0.3/electrum-3.0.3-setup.exe.asc
and the signers public key:
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6

if you did that and the signature was correct then you can be sure that your antivirus is detecting a false positive. simply ignore it (add Electrum to exclusion list of your AV or use another AV). it is not the first time they have detected Electrum as a trojan or something.

Topic: Electrum wallet virus - page 2. (Read 916 times)