Recently updated to the latest beta, now Malwarebytes is flagging multiple program files as malware

Vi
Vim34
Posts: 20
Joined: Sat Dec 30, 2017 5:17 pm
Platform: Windows

Mon Aug 17, 2020 6:55 pm Post

I installed the latest version of the Scrivener 3 beta yesterday. Didn't seem to have any issues - Norton designated the install as clean and there didn't seem to be anything fishy going on when I launched Scrivener shortly after.

This morning, during a scheduled Malwarebytes scan, three Scrivener program files were flagged as malware. I re-scanned the folder C:\ProgramFiles\Scrivener and two more files were flagged, for a total of five. I have a feeling that if I kept running scans, more files might be flagged. The flagged files are as follows:

C:\ProgramFiles\Scrivener\paddle\Paddle.exe
C:\ProgramFiles\Scrivener\tools\lame\lame.exe
C:\ProgramFiles\Scrivener\qtpaths.exe
C:\ProgramFiles\Scrivener\qtdiag.exe
C:\ProgramFiles\Scrivener\QTWEBENGINEPROCESS.EXE

I quarantined the files just in case, but I'm wondering if this is all just a false flag. Has anyone else experienced something like this?

Online
User avatar
kewms
Posts: 7166
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Mon Aug 17, 2020 7:27 pm Post

Moved to beta forum. -- Katherine
Scrivener Support Team

User avatar
Hoist
Posts: 10
Joined: Sun Mar 01, 2020 1:01 pm
Platform: Windows

Mon Aug 17, 2020 8:31 pm Post

Updated to 2.9.9.9 and ran malwarebytes, got 3 warnings

I have the same files you mentioned.
But only 3 of those were tagged as malware, these are the ones:
qtpaths,exe
qtwebenginprocess.exe
qtdiag.exe

QT is a third party platform for GUI and apps. I'm guessing L&L are using. It's probable that the version of QT L&L are using got updated so that malwarebytes for some reason now reacts to them. Or the other way around malwarebytes introduced something new in their software, based on the link malwarebytes provided for the warnings, https://blog.malwarebytes.com/detection ... heuristic/, seems they are using a heuristic to detect zero day threats aka guesssing what might be harmful and it is likely that it might guess wrong because its only looking for general things(i assume)

QT is a legit company so it is very unlikely that they would insert malware in their files and i doubt L&L would. Mistakes happen of course but i think its probable that this is a false positive.

Hopefully this is helpful
Choo-bap choo-waaa!

User avatar
devinganger
Posts: 2521
Joined: Sat Nov 06, 2010 1:55 pm
Platform: Mac, Win + iOS
Location: Monroe, WA 98272
Contact:

Mon Aug 17, 2020 8:52 pm Post

If I remember correctly, Malwarebytes also tracks which versions of various libraries are used and will warn you about applications that use libraries with outdated/unpatched versions that are being actively exploited by malware in the wild.

My memory tells me there was a period of time after a gigantic OpenSSL bug was discovered (OpenSSL is the security library used by a ton of applications across all platforms; it provides implementations of security protocols and standards such as X.509v3 certifictates, SSL, TLS, and various cryptographic protocols) when Malwarebytes was flagging any application that linked to the insecure version of OpenSSL. This may be another one of those sorts of situations.
--
Devin L. Ganger
Not a L&L employee; opinions are those of my cat
Life has a way of moving you past wants and hopes -- Kevin Flynn

Vi
Vim34
Posts: 20
Joined: Sat Dec 30, 2017 5:17 pm
Platform: Windows

Mon Aug 17, 2020 10:36 pm Post

Hoist wrote:Updated to 2.9.9.9 and ran malwarebytes, got 3 warnings

I have the same files you mentioned.
But only 3 of those were tagged as malware, these are the ones:
qtpaths,exe
qtwebenginprocess.exe
qtdiag.exe


Interesting - those are the three files that were initially flagged for me in a general malwarbytes scan (a targeted scan of the Scrivener program files folder is what flagged the other two). It does seem like it's probably a false positive. Thanks for running this experiment, I appreciate it!

Vi
Vim34
Posts: 20
Joined: Sat Dec 30, 2017 5:17 pm
Platform: Windows

Mon Aug 17, 2020 10:38 pm Post

devinganger wrote:My memory tells me there was a period of time after a gigantic OpenSSL bug was discovered (OpenSSL is the security library used by a ton of applications across all platforms; it provides implementations of security protocols and standards such as X.509v3 certifictates, SSL, TLS, and various cryptographic protocols) when Malwarebytes was flagging any application that linked to the insecure version of OpenSSL. This may be another one of those sorts of situations.


Got it - so at worst it seems like malwarebytes might have caught something insecure, but not actively malicious. Which isn't great, but much better than malware.

Tw
Twolane
Posts: 257
Joined: Sat May 12, 2012 7:39 pm
Platform: Windows

Tue Aug 18, 2020 1:52 pm Post

Probably not relevant to say, but I run Malwarebytes-paid on three laptops, and I've had no problems with the latest RC-9 release getting flagged. On the other hand, I've never run Norton, so there's that.

Vi
Vim34
Posts: 20
Joined: Sat Dec 30, 2017 5:17 pm
Platform: Windows

Tue Aug 18, 2020 6:43 pm Post

Twolane wrote:Probably not relevant to say, but I run Malwarebytes-paid on three laptops, and I've had no problems with the latest RC-9 release getting flagged. On the other hand, I've never run Norton, so there's that.


Interesting - I'm also running the paid version of Malwarebytes.

Vi
Vim34
Posts: 20
Joined: Sat Dec 30, 2017 5:17 pm
Platform: Windows

Tue Aug 18, 2020 7:17 pm Post

UPDATE

I took the offending files out of quarantine because Scrivener was acting very buggy without them. Once they were restored, I ran another malwarebytes scan and now it's coming back clean. Very likely this was all just a false positive.

Tw
Twolane
Posts: 257
Joined: Sat May 12, 2012 7:39 pm
Platform: Windows

Thu Aug 20, 2020 10:34 pm Post

If you're on Win 10, and running Defender, Norton, and Malwarebytes, I'm surprised you haven't had more problems. You might want to think about losing Norton, unless there's some specific reason you need it on Win 10. Here's a link on how to run Malwarebytes with another antivirus:

https://www.howtogeek.com/230158/how-to-run-malwarebytes-alongside-another-antivirus/