I installed the latest version of the Scrivener 3 beta yesterday. Didn't seem to have any issues - Norton designated the install as clean and there didn't seem to be anything fishy going on when I launched Scrivener shortly after.
This morning, during a scheduled Malwarebytes scan, three Scrivener program files were flagged as malware. I re-scanned the folder C:\ProgramFiles\Scrivener and two more files were flagged, for a total of five. I have a feeling that if I kept running scans, more files might be flagged. The flagged files are as follows:
C:\ProgramFiles\Scrivener\paddle\Paddle.exe
C:\ProgramFiles\Scrivener\tools\lame\lame.exe
C:\ProgramFiles\Scrivener\qtpaths.exe
C:\ProgramFiles\Scrivener\qtdiag.exe
C:\ProgramFiles\Scrivener\QTWEBENGINEPROCESS.EXE
I quarantined the files just in case, but I'm wondering if this is all just a false flag. Has anyone else experienced something like this?
Recently updated to the latest beta, now Malwarebytes is flagging multiple program files as malware
10 posts
Page 1 of 1
Updated to 2.9.9.9 and ran malwarebytes, got 3 warnings
I have the same files you mentioned.
But only 3 of those were tagged as malware, these are the ones:
qtpaths,exe
qtwebenginprocess.exe
qtdiag.exe
QT is a third party platform for GUI and apps. I'm guessing L&L are using. It's probable that the version of QT L&L are using got updated so that malwarebytes for some reason now reacts to them. Or the other way around malwarebytes introduced something new in their software, based on the link malwarebytes provided for the warnings, https://blog.malwarebytes.com/detection ... heuristic/, seems they are using a heuristic to detect zero day threats aka guesssing what might be harmful and it is likely that it might guess wrong because its only looking for general things(i assume)
QT is a legit company so it is very unlikely that they would insert malware in their files and i doubt L&L would. Mistakes happen of course but i think its probable that this is a false positive.
Hopefully this is helpful
I have the same files you mentioned.
But only 3 of those were tagged as malware, these are the ones:
qtpaths,exe
qtwebenginprocess.exe
qtdiag.exe
QT is a third party platform for GUI and apps. I'm guessing L&L are using. It's probable that the version of QT L&L are using got updated so that malwarebytes for some reason now reacts to them. Or the other way around malwarebytes introduced something new in their software, based on the link malwarebytes provided for the warnings, https://blog.malwarebytes.com/detection ... heuristic/, seems they are using a heuristic to detect zero day threats aka guesssing what might be harmful and it is likely that it might guess wrong because its only looking for general things(i assume)
QT is a legit company so it is very unlikely that they would insert malware in their files and i doubt L&L would. Mistakes happen of course but i think its probable that this is a false positive.
Hopefully this is helpful
Choo-bap choo-waaa!
-
devinganger
- Posts: 2521
- Joined: Sat Nov 06, 2010 1:55 pm
- Platform: Mac, Win + iOS
- Location: Monroe, WA 98272
- Contact:
If I remember correctly, Malwarebytes also tracks which versions of various libraries are used and will warn you about applications that use libraries with outdated/unpatched versions that are being actively exploited by malware in the wild.
My memory tells me there was a period of time after a gigantic OpenSSL bug was discovered (OpenSSL is the security library used by a ton of applications across all platforms; it provides implementations of security protocols and standards such as X.509v3 certifictates, SSL, TLS, and various cryptographic protocols) when Malwarebytes was flagging any application that linked to the insecure version of OpenSSL. This may be another one of those sorts of situations.
My memory tells me there was a period of time after a gigantic OpenSSL bug was discovered (OpenSSL is the security library used by a ton of applications across all platforms; it provides implementations of security protocols and standards such as X.509v3 certifictates, SSL, TLS, and various cryptographic protocols) when Malwarebytes was flagging any application that linked to the insecure version of OpenSSL. This may be another one of those sorts of situations.
--
Devin L. Ganger
Not a L&L employee; opinions are those of my cat
Life has a way of moving you past wants and hopes -- Kevin Flynn
Devin L. Ganger
Not a L&L employee; opinions are those of my cat
Life has a way of moving you past wants and hopes -- Kevin Flynn
Hoist wrote:Updated to 2.9.9.9 and ran malwarebytes, got 3 warnings
I have the same files you mentioned.
But only 3 of those were tagged as malware, these are the ones:
qtpaths,exe
qtwebenginprocess.exe
qtdiag.exe
Interesting - those are the three files that were initially flagged for me in a general malwarbytes scan (a targeted scan of the Scrivener program files folder is what flagged the other two). It does seem like it's probably a false positive. Thanks for running this experiment, I appreciate it!
devinganger wrote:My memory tells me there was a period of time after a gigantic OpenSSL bug was discovered (OpenSSL is the security library used by a ton of applications across all platforms; it provides implementations of security protocols and standards such as X.509v3 certifictates, SSL, TLS, and various cryptographic protocols) when Malwarebytes was flagging any application that linked to the insecure version of OpenSSL. This may be another one of those sorts of situations.
Got it - so at worst it seems like malwarebytes might have caught something insecure, but not actively malicious. Which isn't great, but much better than malware.
Twolane wrote:Probably not relevant to say, but I run Malwarebytes-paid on three laptops, and I've had no problems with the latest RC-9 release getting flagged. On the other hand, I've never run Norton, so there's that.
Interesting - I'm also running the paid version of Malwarebytes.
UPDATE
I took the offending files out of quarantine because Scrivener was acting very buggy without them. Once they were restored, I ran another malwarebytes scan and now it's coming back clean. Very likely this was all just a false positive.
I took the offending files out of quarantine because Scrivener was acting very buggy without them. Once they were restored, I ran another malwarebytes scan and now it's coming back clean. Very likely this was all just a false positive.
If you're on Win 10, and running Defender, Norton, and Malwarebytes, I'm surprised you haven't had more problems. You might want to think about losing Norton, unless there's some specific reason you need it on Win 10. Here's a link on how to run Malwarebytes with another antivirus:
https://www.howtogeek.com/230158/how-to-run-malwarebytes-alongside-another-antivirus/
https://www.howtogeek.com/230158/how-to-run-malwarebytes-alongside-another-antivirus/
Page 1 of 1