Trojan virus found on my new download Electrum wallet

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: Coin_trader on November 17, 2022, 04:24:36 AM

Terrible update. My computer hard drive got corrupted today. ...

All my backup wallet is on this computer since I'm restricting myself to don't over extend my budget for my gambling.

It's sucks that I don't have a physical backup just because I'm restricting myself for over expenses.

If your wallets are Electrum wallets then all you need to recover them are your mnemonic recovery words which you should have written at least once on a piece of paper (strictly offline). If you didn't create any physical offline backup of your mnemonic recovery words for your Electrum wallet(s), well, that's probably one of the biggest mistakes.

I wouldn't trust any computer technician unless all wallets have a really strong wallet password and none of those passwords have been stored on the harddrive.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Coin_trader on November 17, 2022, 04:24:36 AM

When you say backups, you mean seeds and private keys are all digitally stored on the hard drive that now stopped working? I agree with Lucius and don't see how that way of storing sensitive data could prevent you from spending more coins than you would want to because you still have access to that computer and you can take whatever you want from it at anytime.

Hopefully you can recover your data and this becomes just a slap in your face and not a loss of money. But as soon as you do, you have to improve your ways of backing up those seeds. Good luck to you!

Lucius

legendary

Activity: 3108

Merit: 5364

Blackjack.fun-Free Raffle-Join&Win $50🎲

@Coin_trader, I don't see how a physical backup would be a problem, unless you really have big problems with gambling (if I understand correctly), because the backup you have is actually very risky, especially if something like this happens. Now you can only hope that you will be able to save the data, and that you have confidence in the person who will get access to your hard drive.

In any case, good luck and think about making a physical backup anyway, maybe in a way that you entrust part of the backup to someone you trust, and keep the part with you.

Coin_trader

copper member

Activity: 2688

Merit: 1145

Leading Crypto Sports Betting & Casino Platform

Terrible update. My computer hard drive got corrupted today. I don't if this is related on this or not but the last time I use my computer is when I post this thread and shut down after I update my electrum.

All my backup wallet is on this computer since I'm restricting myself to don't over extend my budget for my gambling.

It's sucks that I don't have a physical backup just because I'm restricting myself for over expenses. I hope I will still recover my files once I bring it to my technician. Cry

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

Quote from: Coin_trader on November 14, 2022, 08:29:02 PM

Recently I encounter a problem to my old Electrum wallet which my transaction is reverted back to my wallet balance even though the transaction already appeared on blockchain as unconfirmed so I decided to download the latest version using the download link provided on my electrum wallet.

Malwarebytes and other antiviruses can often show false positive virus warnings, and let's be realistic they can't really protect you from anything in 2022, except giving you false sense of better security.
If you really want to fix this permanently than consider switching to Linux OS like Debian or Fedora, and you won't have to use any antiviruses ever again.
Most of your Bitcoin related applications including Electrum wallet will work just fine, so you could have separate computer only with Linux or make a dual boot with wiNd0ws os.
If you encrypt disk with Linux OS I guarantee you will have much safer system for every day use and for anything related with Bitcoin.

BitMaxz

legendary

Activity: 3206

Merit: 2904

Block halving is coming.

This is a common issue in Electrum some servers are actually blocked by AV or sometimes Electrum is not syncing properly or the electrum is totally red/disconnected from the server due to malware.

Changing the server manually should fix this issue and I do recommend you to keep your AV/Malwarebytes aggressive to make sure your PC is safe if it detects and blocked a few servers just let it block only the server and then use other servers which are not infected.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Electrum and false positives is a known thing already. Since the software came from the right place and the signatures were verified, there is no need to worry about it.

But what I find interesting is the thing you said here:

Quote from: Coin_trader on November 14, 2022, 08:29:02 PM

Recently I encounter a problem to my old Electrum wallet which my transaction is reverted back to my wallet balance even though the transaction already appeared on blockchain as unconfirmed...

This is not something your anti-virus or firewall can do. If the transaction was verified and broadcast to the network properly, how did it come back to you if you didn't doublespend it? Are you sure you didn't create the transaction, but instead of broadcasting it, you saved it locally in your Electrum client? After deleting the local transaction, the amount came back to your own wallet.

nc50lc

legendary

Activity: 2338

Merit: 5297

Self-proclaimed Genius

Quote from: Coin_trader on November 14, 2022, 11:53:44 PM

-snip- Strangely, some other notification is popping aside from the screenshot I a provide the moment I open the nw portable application. I will give a feedback later.

If those other Antivirus detection aren't about the new auto-selected server, then you can safely disregard it as long as it's verified with the signature.
Electrum's Windows binaries are notorious for having false-positives.

For example, 4.3.2 stand-alone, the executable itself has 2 detections is Virustotal.

pooya87

legendary

Activity: 3402

Merit: 10424

I have seen such warnings too using my Eset Internet Security. It is just the firewall preventing connection to some of the Electrum nodes that your client tries to connect to and sync. Possibly because those IP addresses are flagged.
Considering that the communication between your client and these servers can not be exploited since the messages and the whole protocol is kept simple, there should not be any risks here.

Coin_trader

copper member

Activity: 2688

Merit: 1145

Leading Crypto Sports Betting & Casino Platform

Quote from: vv181 on November 14, 2022, 08:53:24 PM

Have you verified the file signature?

It seems the AV blocked the electrum server, you can ignore it, so Electrum will find another server. If it still shows with another server(website), it might be a false positive. Make sure you verified the Electrum, and then try to exclude any server that the AV tries blocking.

Just to make sure, the latest version of Electrum is 4.3.2, are you sure you are downloading from the official website and using it?

Yes I verified the file signature before I downloaded it. I will try to exclude this to my AV, I’m just making sure that this is possible scenario when downloading the electrum wallet. Strangely, some other notification is popping aside from the screenshot I a provide the moment I open the nw portable application. I will give a feedback later.

Quote from: DaveF on November 14, 2022, 10:39:54 PM

Looks like something on that website that Electrum is talking to is triggering something:

https://www.virustotal.com/gui/url/141b75102559ed04810d8c51f6e042354ad52468548fd59437e47c4a0f164864?nocache=1

Would not worry about it.

However, your version of electrum is almost a year and a 1/2 old. You should probably update it.

-Dave

Thanks Dave! I’m not always updating my pc wallet since I rarely opening it to avoid possible malware attack. It's just strange that my AV react like this since I didn't update for a long time.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Looks like something on that website that Electrum is talking to is triggering something:

https://www.virustotal.com/gui/url/141b75102559ed04810d8c51f6e042354ad52468548fd59437e47c4a0f164864?nocache=1

Would not worry about it.

However, your version of electrum is almost a year and a 1/2 old. You should probably update it.

-Dave

vv181

legendary

Activity: 1932

Merit: 1273

Have you verified the file signature?

It seems the AV blocked the electrum server, you can ignore it, so Electrum will find another server. If it still shows with another server(website), it might be a false positive. Make sure you verified the Electrum, and then try to exclude any server that the AV tries blocking.

Just to make sure, the latest version of Electrum is 4.3.2, are you sure you are downloading from the official website and using it?

Coin_trader

copper member

Activity: 2688

Merit: 1145

Leading Crypto Sports Betting & Casino Platform

Recently I encounter a problem to my old Electrum wallet which my transaction is reverted back to my wallet balance even though the transaction already appeared on blockchain as unconfirmed so I decided to download the latest version using the download link provided on my electrum wallet.

But my newly download wallet on official electrum website has detected by my malwarebytes that it contain a virus as shown on screenshot below. The virus attack my previous version wallet. Anyone encounter this? I download the portable version here: https://electrum.org/#download

Topic: Trojan virus found on my new download Electrum wallet (Read 227 times)