Forum for English speaking Miranda NG users > Support/Help

Miranda NG flagged as ransomware by Malwarebytes during update

(1/1)

bpsep:
Hi, today after getting a pu_stub.exe popup to update the application, Miranda was flagged and quarantined by Malwarebytes as a ransmoware. Any idea what might have caused it?

Vulpix:
Quite strange. I would say it's a false positive but you can check the sha checksums if your miranda64 is the same as the official one (that is, if you use the dev builds

https://www.virustotal.com/#/file/a3193fac1f51e04ff8baed764469f338eabf7e8315074a04a19a8d7d3448f620/detection

dartraiden:
Antiviruses "Behavioral Analysis" still very dumb
He does not like that the Miranda requests privileges via pu_stub (otherwise, Miranda running without administrator privileges can not update itself in Program Files) and rewrites some files inside Program Files.
We have nothing to do with this.

You can compile Miranda64.exe with VS2017 (/bin15/mir_full.sln) and check hashes.

dartraiden:

--- Quote from: Vulpix on 16 07 2018, 12:38:18 ---you can check the sha checksums if your miranda64 is the same as the official one
--- End quote ---
Or just check for updates via Plugin Updater. If local file have different checksum (compared to hashes.zip from server), Plugin Updater will regard it as requiring an update.

Stable: https://www.miranda-ng.org/distr/stable/x64/hashes.zip
Dev: https://www.miranda-ng.org/distr/x64/hashes.zip

bpsep:
Thanks for all the suggestions, however I couldn't get any of these hashes even on a clean install.

Must have been a weird false positive, because after I removed it from quarantine Malwarebytes didn't flag it second time (nor did virustotal.com).

Navigation

[0] Message Index