Serraniel/DiscordMediaLoader
1
0
Fork 0
Code Issues 30 Pull requests 16 Packages Projects Releases 18 Wiki Activity

Ransomware Detected #112

New issue
Open
opened 2022-02-25 11:29:05 +01:00 by aminiqmal39 · 2 comments
aminiqmal39 commented 2022-02-25 11:29:05 +01:00 (Migrated from github.com)
Copy link

I'm using Malwarebytes Anti-Ransomware Beta Security and while using Discord Media Loader. Suddenly, Malwarebytes software detect ransomware attack from the Discord Media Loader itself and immediately quarantine the software. Does the attack come from media that i'm download from discord or your software?

Ransomware

I'm using Malwarebytes Anti-Ransomware Beta Security and while using Discord Media Loader. Suddenly, Malwarebytes software detect ransomware attack from the Discord Media Loader itself and immediately quarantine the software. Does the attack come from media that i'm download from discord or your software? ![Ransomware](https://user-images.githubusercontent.com/63519621/155699569-cf1c57e3-e09e-4a60-91e5-736567323aa1.png)
Serraniel commented 2022-02-27 13:12:18 +01:00 (Migrated from github.com)
Copy link

It seems like malwarebytes is detecting the executable as a false positive. I tried running it through virustotal and malwarebytes is one of two vendors (out of 69) which flag the tool as malicious.
https://www.virustotal.com/gui/file/da8a01781f74fdddcae9eadf716ef0e05f65de103b74a1d44e3a4e44f4fa44cf/detection

Do you know if there is something as a log or detailed information in the software which you could provide? It may help to understand why this happens.

A possible reason I could think of is because the tool, when downloading and saving, does a lot of IO operation and writing files to drive which they mind find suspiscious.

I also find it kind of weird they flag the executable itself, cause it does basically nothing. It only contains the splash screen and update routine via Github releases, the Application logic itself is deployed in the dlls.

It seems like malwarebytes is detecting the executable as a false positive. I tried running it through virustotal and malwarebytes is one of two vendors (out of 69) which flag the tool as malicious. https://www.virustotal.com/gui/file/da8a01781f74fdddcae9eadf716ef0e05f65de103b74a1d44e3a4e44f4fa44cf/detection Do you know if there is something as a log or detailed information in the software which you could provide? It may help to understand why this happens. A possible reason I could think of is because the tool, when downloading and saving, does a lot of IO operation and writing files to drive which they mind find suspiscious. I also find it kind of weird they flag the executable itself, cause it does basically nothing. It only contains the splash screen and update routine via Github releases, the Application logic itself is deployed in the dlls.
aminiqmal39 commented 2022-02-28 22:34:22 +01:00 (Migrated from github.com)
Copy link

Thank you for responds. The problem didn't happen anymore or not yet, maybe the media i'm downloading contains ransomware. i guess.

Here log file. I don't know if it help much

Full Version
MBAMSERVICE.LOG

Medium Version
MBAMSERVICE.LOG

Short Version
MBAMSERVICE.LOG

Thank you for your work.

Thank you for responds. The problem didn't happen anymore or not yet, maybe the media i'm downloading contains ransomware. i guess. Here log file. I don't know if it help much Full Version [MBAMSERVICE.LOG](https://github.com/Serraniel/DiscordMediaLoader/files/8157135/MBAMSERVICE.LOG) Medium Version [MBAMSERVICE.LOG](https://github.com/Serraniel/DiscordMediaLoader/files/8157077/MBAMSERVICE.LOG) Short Version [MBAMSERVICE.LOG](https://github.com/Serraniel/DiscordMediaLoader/files/8157138/MBAMSERVICE.LOG) Thank you for your work.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
feature/updates
snyk-fix-4165273a9096478146fe82a4d2b2fa81
snyk-fix-d0fb2f342f19d6e14d68e235cade2e96
dependabot/nuget/Octokit-5.0.0
dependabot/nuget/LiteDB-5.0.15
dependabot/nuget/Discord-Media-Loader.Application/Newtonsoft.Json-13.0.2
dependabot/nuget/Discord-Media-Loader/Newtonsoft.Json-13.0.2
dependabot/nuget/Newtonsoft.Json-13.0.2
dependabot/nuget/System.Collections.Immutable-7.0.0
dependabot/nuget/Microsoft.NETCore.Platforms-7.0.0
snyk-fix-768f3f40820a0776a039141249c31abf
snyk-fix-78fcf061627e5d0aa1155a0871928549
dependabot/nuget/SweetLib-0.2.1-alpha.2
dependabot/nuget/System.Linq.Async-6.0.1
dependabot/nuget/Nito.Disposables-2.3.0
bugfix/#105-after-autoupdate-to-last-version-is-cant-download-anything-and-keep-scanning-for-no-reason
dependabot/nuget/System.Security.AccessControl-6.0.0
dependabot/nuget/System.Runtime.CompilerServices.Unsafe-6.0.0
feature/update-libs
feature/#96-pull-nickname-from-discord-api
dependabot/add-v2-config-file
feature/#27-new-job-scheduler
develop
support/1.2
bugfix/#20-application-cannot-be-closed-during-setup
support/1.1
support/1.0
v1.5.3.0
v1.5.2.0
v1.5.1.0
v1.5.0.0
v1.4.0.0
v1.3.0.0
v1.2.1.0
v1.2.0.0
v1.1.2.0
v1.1.1.0
v1.1.0.0
v1.0.1.0
v1.0.2.0
v1.0.0.1
v1.0.0.0
v0.99.151.0
v0.99.150.0
v0.99.148.0
v0.2.148.0
v0.2.99.0
v0.1.1.58
Labels
Clear labels   
beta

This feature will be implemented in the beta branch first

  
bug

Something isn't working

  
dependencies

Pull requests that update a dependency file

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
invalid

This doesn't seem right

  
postponed

This issue has been postponed to a later release

  
question

Further information is requested

  
release: bugfix

This issue will be closed with the next bugfix release

  
release: major

This issue will be closed with the next major release

  
release: minor

This issue will be closed with the next minor release

  
repository improvment

This is an improvment to the repository only

  
required

This issue is required to be closed for the next release

  
unclear

This issue is unclear

  
wontfix

This will not be worked on

No labels
beta
bug
dependencies
duplicate
enhancement
invalid
postponed
question
release: bugfix
release: major
release: minor
repository improvment
required
unclear
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Serraniel/DiscordMediaLoader#112
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?