Miranda NG Official Community Forum
Forum for English speaking Miranda NG users => Support/Help => Topic started by: bpsep on 16 07 2018, 08:14:48
-
Hi, today after getting a pu_stub.exe popup to update the application, Miranda was flagged and quarantined by Malwarebytes as a ransmoware. Any idea what might have caused it?
-
Quite strange. I would say it's a false positive but you can check the sha checksums if your miranda64 is the same as the official one (that is, if you use the dev builds
https://www.virustotal.com/#/file/a3193fac1f51e04ff8baed764469f338eabf7e8315074a04a19a8d7d3448f620/detection
-
Antiviruses "Behavioral Analysis" still very dumb
He does not like that the Miranda requests privileges via pu_stub (otherwise, Miranda running without administrator privileges can not update itself in Program Files) and rewrites some files inside Program Files.
We have nothing to do with this.
You can compile Miranda64.exe with VS2017 (/bin15/mir_full.sln) and check hashes.
-
you can check the sha checksums if your miranda64 is the same as the official one
Or just check for updates via Plugin Updater. If local file have different checksum (compared to hashes.zip from server), Plugin Updater will regard it as requiring an update.
Stable: https://www.miranda-ng.org/distr/stable/x64/hashes.zip
Dev: https://www.miranda-ng.org/distr/x64/hashes.zip
-
Thanks for all the suggestions, however I couldn't get any of these hashes even on a clean install.
Must have been a weird false positive, because after I removed it from quarantine Malwarebytes didn't flag it second time (nor did virustotal.com).