Author Topic: Miranda NG flagged as ransomware by Malwarebytes during update  (Read 2664 times)

0 Members and 1 Guest are viewing this topic.

Offline bpsep

  • Newbie
  • *
  • Posts: 2
Hi, today after getting a pu_stub.exe popup to update the application, Miranda was flagged and quarantined by Malwarebytes as a ransmoware. Any idea what might have caused it?
 

Offline Vulpix

Quite strange. I would say it's a false positive but you can check the sha checksums if your miranda64 is the same as the official one (that is, if you use the dev builds

https://www.virustotal.com/#/file/a3193fac1f51e04ff8baed764469f338eabf7e8315074a04a19a8d7d3448f620/detection
 

Offline dartraiden

Antiviruses "Behavioral Analysis" still very dumb
He does not like that the Miranda requests privileges via pu_stub (otherwise, Miranda running without administrator privileges can not update itself in Program Files) and rewrites some files inside Program Files.
We have nothing to do with this.

You can compile Miranda64.exe with VS2017 (/bin15/mir_full.sln) and check hashes.
 

Offline dartraiden

you can check the sha checksums if your miranda64 is the same as the official one
Or just check for updates via Plugin Updater. If local file have different checksum (compared to hashes.zip from server), Plugin Updater will regard it as requiring an update.

Stable: https://www.miranda-ng.org/distr/stable/x64/hashes.zip
Dev: https://www.miranda-ng.org/distr/x64/hashes.zip
 

Offline bpsep

  • Newbie
  • *
  • Posts: 2
Thanks for all the suggestions, however I couldn't get any of these hashes even on a clean install.

Must have been a weird false positive, because after I removed it from quarantine Malwarebytes didn't flag it second time (nor did virustotal.com).