Author

Topic: HELP- Malware warning about my electrum !!! (Read 467 times)

legendary
Activity: 1736
Merit: 1023
December 30, 2016, 04:45:39 PM
#6
Yeah, this looks to be a false positive based on heuristics analysis of the file. It acts similar to some other spyware but isn't known to be spyware itself.

As long as you verify the hashes from electrum's website, you should be fine. I'd recommend reporting to the emsisoft about the false positive so they can fix it as well.
legendary
Activity: 966
Merit: 1042
December 30, 2016, 01:24:09 PM
#5
I had this happen a few months back I believe  and it ended up being a false positive. If I scan it now it comes up fine. I panicked and got 99% of everything onto a paper wallet though lol. Try a different antivirus software and see if it finds anything but this is almost definitely a false positive.
legendary
Activity: 2772
Merit: 2846
December 30, 2016, 01:11:26 PM
#4
It's almost certainly a false positive.

A few virus scanners have given malware warnings for electrum over the last year. This is a thread about the problem

https://bitcointalksearch.org/topic/electrum-bitcoin-wallet-is-trojan-1639722

One of the posts in it gives this virustotal scan result link for electrum-2.7.2-portable.exe

https://www.virustotal.com/en/file/5e7ecfb66f3fec010ff9ffdebb745550b6a550a87de4e0239d357f447ed19dee/analysis/1476074020/

On 10 October virustotal scanned the file with 56 different virus scanners and the only positive result was from a scanner called Invincea.

I re-scanned the same file today through virustotal and the Invincea scanner said the file is now clean.

https://www.virustotal.com/en/file/5e7ecfb66f3fec010ff9ffdebb745550b6a550a87de4e0239d357f447ed19dee/analysis/1483120578/

However now a scanner called Baidu is the only one of 56 different virus scanners to give a positive result. Ironically Baidu said the file was clean on 10 October.

The two urls prove both virustotal scans were of the same file because both of them contain the file's hash (shown below).

5e7ecfb66f3fec010ff9ffdebb745550b6a550a87de4e0239d357f447ed19dee

If there is only one positive result from 56 different virus scanners it's probably a false positive. If a scanner that gave a positive result two months ago (like Invincea) now says the file is clean it's almost certainly a false positive result.
legendary
Activity: 1316
Merit: 1000
Si vis pacem, para bellum
December 30, 2016, 10:50:36 AM
#3
its a malware scanning app for PC

https://www.emsisoft.com/en/software/antimalware/?id=0
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
December 30, 2016, 09:57:02 AM
#2
I got a new warning as below from EMSISOFT malware scanner

https://gyazo.com/d46782e29f6f9517fb322e0967fa68c9

is this a false positive or is some motherfucker trying to hijack my btc ??

 i google the MD5 and  SHA signature and google has never heard of either of them as you can see below

https://www.google.co.th/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=3EBAB1B45819DBE1E1D0015ED1B6C263

(AFAIK i downloaded electrum 2.7.12 from the official site )


The first thing that came to my mind is whats EMSISOFT?

EMSISOFT is probably analysing Electrum based on the behavior and how it creates the connection to the Electrum servers. Although it is entirely possible someone infected your Electrum client, the analysis doesn't indicate such.

You can verify the signature by downloading the signature file[1] and use it to verify against the exe. All files are signed with ThomasV's PGP key. You can find a tutorial here: https://www.torproject.org/docs/verifying-signatures.html.en. Replace the files accordingly, eg. (The asc file you downloaded and your exe file). ThomasV's fingerprint is 0x2BD5824B7F9470E6.

[1] https://download.electrum.org/2.7.12/electrum-2.7.12.exe.asc
legendary
Activity: 1316
Merit: 1000
Si vis pacem, para bellum
December 30, 2016, 08:48:30 AM
#1
I got a new warning as below from EMSISOFT malware scanner

https://gyazo.com/d46782e29f6f9517fb322e0967fa68c9

is this a false positive or is some motherfucker trying to hijack my btc ??

 i google the MD5 and  SHA signature and google has never heard of either of them as you can see below

https://www.google.co.th/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=3EBAB1B45819DBE1E1D0015ED1B6C263

(AFAIK i downloaded electrum 2.7.12 from the official site )

Jump to: