Bitcoin Forum
May 13, 2024, 01:19:35 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Wallet software > Electrum > Electrum 3.0.3 malware Atc4.Detection
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Electrum 3.0.3 malware Atc4.Detection  (Read 154 times)
F8N00 (OP)
Full Member
***
Offline Offline

Activity: 230
Merit: 100


19/11/2018 - Capitulation !!!!


View Profile
January 03, 2018, 06:32:51 PM
 #1
I have Bitdefender installed on my windows and when i try to open Electrum my antivirus moves it to quarantine. I upload it on virustotal https://www.virustotal.com/#/file/f030699fe93e38d882c0734664207000756a32d0606ed714473f2f29e8156a31/detection and it's flagged from 6 other antivirus but not from bitdefender (very weird). I have installed on my pc bitdefender and malwarebytes.
Any idea what should i do?
"If you don't want people to know you're a scumbag then don't be a scumbag." -- margaritahuyan
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
TryNinja
Legendary
*
Offline Offline

Activity: 2828
Merit: 6989



View Profile WWW
January 03, 2018, 07:00:12 PM
 #2
That's very likely just a false-positive. I downloaded the file from the website, scanned and got the same result.

Just make sure to download the file from electrum.org (which is the ONLY official website) and you will be fine.
.
.HUGE.
▄██████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄███████████████████████▄
▄█████████████████████████▄
███████▌██▌▐██▐██▐████▄███
████▐██▐████▌██▌██▌██▌██
█████▀███▀███▀▐██▐██▐█████
▀█████████████████████████▀
▀███████████████████████▀
▀█████████████████████▀
▀█████████████████▀
▀██████████▀▀
█▀▀▀▀











█▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINSPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀█











▄▄▄▄█
pooya87
Legendary
*
Offline Offline

Activity: 3444
Merit: 10558



View Profile
January 04, 2018, 05:04:53 AM
 #3
Quote from: TryNinja on January 03, 2018, 07:00:12 PM
That's very likely just a false-positive. I downloaded the file from the website, scanned and got the same result.

Just make sure to download the file from electrum.org (which is the ONLY official website) and you will be fine.

downloading from the original (real) website only reduces the risk of downloading a fake wallet installation file with malware. the website may have been compromised and the attacker might have placed his malware in place of real files. although this is highly unlikely but the chance is not 0.

the only solution is to first find the real developer's PGP pubkey: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6
then verify the signature of downloaded files to make sure they are real. now you can be 100% sure.
.
.BLACKJACK ♠ FUN.		█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████		CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
F8N00 (OP)
Full Member
***
Offline Offline

Activity: 230
Merit: 100


19/11/2018 - Capitulation !!!!


View Profile
January 04, 2018, 10:54:59 AM
 #4
Quote from: pooya87 on January 04, 2018, 05:04:53 AM
Quote from: TryNinja on January 03, 2018, 07:00:12 PM
That's very likely just a false-positive. I downloaded the file from the website, scanned and got the same result.

Just make sure to download the file from electrum.org (which is the ONLY official website) and you will be fine.

downloading from the original (real) website only reduces the risk of downloading a fake wallet installation file with malware. the website may have been compromised and the attacker might have placed his malware in place of real files. although this is highly unlikely but the chance is not 0.

the only solution is to first find the real developer's PGP pubkey: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6
then verify the signature of downloaded files to make sure they are real. now you can be 100% sure.

Yes you are right. Do you know how i can do that on windows?
I have download Keopatra but i don't know what should i do next...
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
January 04, 2018, 03:09:59 PM
 #5
Quote from: F8N00 on January 04, 2018, 10:54:59 AM
Yes you are right. Do you know how i can do that on windows?
I have download Keopatra but i don't know what should i do next...

Here is a small tutorial on how to verify signatures on windows: https://www.deepdotweb.com/jolly-rogers-security-guide-for-beginners/how-to-verify-your-downloaded-files-are-authentic/

Replace the mentioned signatures with the ones for electrum.

Current electrum installer (windows) :
Code:
-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJaL3HRAAoJECvVgkt/lHDml7cQAIFCtI3w+2/FPWzKImdJCRky
jlOsHWYNTlODAvj1SPCP/jZkrf9dpGjqXrAIQ7q4feOnCKvlKrJCZeHe+9sHkyqD
TDDOIOORFxCFdnk4TgPe+g3kVT2/9nsIwq4n35JZVC7QQD0q9k1Epv015fQhDdoQ
fcZoq9YqSQ8zDnhd6egRYe33Tip4JWFhaHYQw/FZp3W1+/L7WBqf+z5HxdzKOpJ/
93vnhh2m2xHltqL8hZ3KXaGXAPoubffu6+BIvlKbbDX9WULIrcbHgQABYhTZ7qWj
Gu+n+lXh4omZcltSxEk6zp1jU7+7pwu9GET0epN80OAY3AfoUors4oiYYM7ab4mk
rxvPODm68z4nZE4OWDptV71yI/T5OfDT+lB3KYgtdpco7NL11Vj8PdKQJBK6ItBx
qGDr5yAfS9tm9cEKUqQSpnN+GMTYNs8b3ChLGKi2XpVSSnjzX8Z1rvYJyxhkPKvF
qSjkZLLERbKwPYsxFGECLSET6G9MBXUL0v/R9zd22WVqtyT9uPVuzIqLH7Wh5H7k
7a48+6UmGbzmwPcvaqRe4QJOAHWJv9dQ3//6KI+PV4mBBfdAqzGccJ5Fsqh2+T1s
lvlh58wHzwD2LGyaGWhA5G+6LYudbixadoOKsey8l5trgcIOcQkwe+ES1QBWtIaL
9ctR8vlq48L+/GbkX4dT
=PtAe
-----END PGP SIGNATURE-----

Standalone executable:
Code:
-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJaL3HRAAoJECvVgkt/lHDm26gP/1jsHO6onEiy+wiNaZY5M1vo
QGCOyB7EixcPKXFZ8wCLmjFjdg4gubeFYIxJ0qfFOSSeRZ6JrHbKJAalhZ/x62yQ
nxSsNa+Zw8zP5p2wJ3+sLHsmF6GZrUAt07BzBmBjTUZNSfAxgRPo5U8X9SyDne23
p5zU+b5pJg90O4z5G8KgqefIyLMpo3ejgp8g7w7E0l9Tw3RH/7Ci5N4dURDkHXAY
AWVEoKpiMlGO3/umgm2AurZ0eq/9uLsHHIXlHTleXd3zVrkz+YngZs72z9S2XgkV
ADDjLojlr19EM6a6nFIIVGYUjIJo6wMDawmszQVrbcNHtV4/AuYFiNXIo9fF81qe
wml+3nmDf2sfhLPha5L1pzYkTdBI4KL3sBgyUXUKUYmmOb2W3gYtcwBeHlf46KJS
wslaRGS/X/BLvtu6QvQOvK/oggVa2J9jMTubLeT8/JXDJk7Dj4PeE3m9GGtcR3+c
VN+l5X4pA5BGvj4uahKJtUdpXNPxlgIMakplYGVHqD3x88IyalitapT6OGWuX9wi
7k3R18mICAE31ZwCEI1O8XyyzeZuAAqMawF6ovMOQFc2OYz/W/sB6Is1a+TeVV27
MUK+kk3jOOOo/H8ncuUNyN7YeXOxQU1D+huP1+R7Eq/j10hGuvX0mco78X4KmQtd
qXUrdp5Xe9RoxQzzxZUC
=E/my
-----END PGP SIGNATURE-----

Both to be found on the official site: https://electrum.org/#download

Additinally from the official site: Sources and executables are signed by ThomasV (https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6)

░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀
.ChipMixer.{ MIXING REINVENTED FOR YOUR PRIVACY #.ChipMixer.

░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Wallet software > Electrum > Electrum 3.0.3 malware Atc4.Detection
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!