Upvote Upvoted 3 Downvote Downvoted
sharex hacked?
posted in Off Topic
1
#1
0 Frags +

I was just doing a virus scan with MBytes and saw that the newest version of ShareX was marked as having a trojan-downloader in it. I don't know if this is on my end, a false positive, or if something happened akin to puush but this is usually the first place I come.

Anybody else seen this? Or am I just a lone target? (I can't find anything on reddit).

I was just doing a virus scan with MBytes and saw that the newest version of ShareX was marked as having a trojan-downloader in it. I don't know if this is on my end, a false positive, or if something happened akin to puush but this is usually the first place I come.

Anybody else seen this? Or am I just a lone target? (I can't find anything on reddit).
2
#2
0 Frags +

ugh just downloaded this update not thinking much of it, i'll run some scans on my computer and get back to you.

edit: their changelog is not updated for today (or recently) so i'm beginning to worry

ugh just downloaded this update not thinking much of it, i'll run some scans on my computer and get back to you.

edit: their [url=https://github.com/ShareX/ShareX/wiki/Changelog]changelog[/url] is not updated for today (or recently) so i'm beginning to worry
3
#3
0 Frags +

I had the exe for both the 10.0 and the 10.1 version in my download folder. Think maybe MBytes is overly freaking out over it.

I had the exe for both the 10.0 and the 10.1 version in my download folder. Think maybe MBytes is overly freaking out over it.
4
#4
0 Frags +

The files marked were /sharex/recorder-devices-setup.exe (which hasnt been changed since like july)
/temp/sharex-10.0.0-setup.exe
/temp/sharex-10.1.0-setup.exe

Which all sound a bit weird.
It might be malwarebytes freaking out but I already uninstalled sharex.

I wish I would've waited to scan it with something else like windows defender before I completely uninstalled but it was probably better to be on the safe side.

The files marked were /sharex/recorder-devices-setup.exe (which hasnt been changed since like july)
/temp/sharex-10.0.0-setup.exe
/temp/sharex-10.1.0-setup.exe

Which all sound a bit weird.
It might be malwarebytes freaking out but I already uninstalled sharex.

I wish I would've waited to scan it with something else like windows defender before I completely uninstalled but it was probably better to be on the safe side.
5
#5
0 Frags +

yeah i don't blame you after puush. nod32 is not picking up anything so far but this is only the start of the scan.

it's also not picking up anything with real-time protection so i think it's just a false positive.

yeah i don't blame you after puush. nod32 is not picking up anything so far but this is only the start of the scan.

it's also not picking up anything with real-time protection so i think it's just a false positive.
6
#6
0 Frags +

Yeah for me MBam didn't pick it up until like 3 minutes in and this is a relatively new OS (i just fucking reinstalled windows)

Currently doing a secondary scan to see if the trojan.downloader picked anything up before it went down, but it didn't catch anything the first time so I'm thinking maybe false positive.

If NOD32 doesnt pick anything up try running MBam if you have it so we can see if it's a false positive

If it does turn out to be a likely false positive, I'm still leaving it uninstalled until I can get around to maybe doing a false positive report to MBam (although I now don't have the quarantined files)

Yeah for me MBam didn't pick it up until like 3 minutes in and this is a relatively new OS (i just fucking reinstalled windows)

Currently doing a secondary scan to see if the trojan.downloader picked anything up before it went down, but it didn't catch anything the first time so I'm thinking maybe false positive.

If NOD32 doesnt pick anything up try running MBam if you have it so we can see if it's a false positive

If it does turn out to be a likely false positive, I'm still leaving it uninstalled until I can get around to maybe doing a false positive report to MBam (although I now don't have the quarantined files)
7
#7
0 Frags +

Sounds like y'all need to compare md5 hashes for your installers to see if your files are actually identical

Sounds like y'all need to [url=http://winmd5.com/]compare md5 hashes[/url] for your installers to see if your files are actually identical
8
#8
0 Frags +

My other ShareX exe temp file (9-1) wasn't marked and is still there, just to toss somethign else in.

I'd do that but I already don't want to un-quarantine those files

My other ShareX exe temp file (9-1) wasn't marked and is still there, just to toss somethign else in.

I'd do that but I already don't want to un-quarantine those files
9
#9
0 Frags +

Looks to be a false positive from MBam according to this:

https://www.virustotal.com/en/file/70887b7616b4524ee5d79e06ca0e5865f4a8915d8c04e921c0ed8b32e350d7e2/analysis/

Although I'd still keep tiptoes around for any official post from ShareX/MBam regarding this.

Looks to be a false positive from MBam according to this:

https://www.virustotal.com/en/file/70887b7616b4524ee5d79e06ca0e5865f4a8915d8c04e921c0ed8b32e350d7e2/analysis/

Although I'd still keep tiptoes around for any official post from ShareX/MBam regarding this.
10
#10
2 Frags +

ok definitely confirmed false positive i am a fearmongerer https://github.com/ShareX/ShareX/issues/920

ok definitely confirmed false positive i am a fearmongerer https://github.com/ShareX/ShareX/issues/920
Please sign in through STEAM to post a comment.