Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

false antivirus notifications DashCore wallet

Discussion in 'Daemon and QT Wallet Support' started by dashprofessor, Dec 20, 2017.

  1. dashprofessor

    dashprofessor New Member

    Joined:
    Dec 19, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    21.12.2017 01.57.27 FOUND OBJECT (file removed) C:\Program Files\DashCore\daemon\dashd.exe programm Microsoft Compatibility Telemetry

    file C:\Program Files\DashCore\daemon\dashd.exe name: Backdoor.Win32.mIRC-based.bp

    21.12.2017 01.57.27 object,file restricted C:\Program Files\DashCore\daemon\dashd.exe program: Microsoft Compatibility Telemetry file: C:\Program Files\DashCore\daemon\dashd.exe name : Backdoor.Win32.mIRC-based.bp

    file C:\Program Files\DashCore\daemon\dashd.exe , Microsoft Compatibility Telemetry file C:\Program Files\DashCore\daemon\dashd.exe name Backdoor.Win32.mIRC-based.bp
     
    #1 dashprofessor, Dec 20, 2017
    Last edited: Dec 21, 2017
  2. strophy

    strophy Administrator
    Dash Core Team Dash Support Group Moderator

    Joined:
    Feb 13, 2016
    Messages:
    669
    Likes Received:
    378
    Trophy Points:
    133
    I'm running the latest version of Windows Defender and I never got that. Where did you download Dash from?
     
  3. dashprofessor

    dashprofessor New Member

    Joined:
    Dec 19, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Here is nothing about windows defender . I check it with Antivirus .
    DL was from dash.org

    Its time to hire security department check&update everything

    Backdoor:Win32/mIRCbased - This threat can give a malicious hacker unauthorized access and control of your PC.
     
  4. moocowmoo

    moocowmoo Bovine Bit-flipper
    Foundation Member

    Joined:
    Jun 15, 2014
    Messages:
    483
    Likes Received:
    603
    Trophy Points:
    263
    Dash Address:
    XmoocowYfrPKUR6p6M5aJZdVntQe71irCX
    Categorically a false positive.

    Earlier bitcoin versions used irc to locate peers. Dash is based on one of these earlier versions.

    Your antivirus is just noticing the code can talk over irc, a feature replaced by dnsseeds.

    Will edit above with code snippets once I find the relevant sections.
     
  5. dashprofessor

    dashprofessor New Member

    Joined:
    Dec 19, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Ok ,

    thank you.
     
  6. moocowmoo

    moocowmoo Bovine Bit-flipper
    Foundation Member

    Joined:
    Jun 15, 2014
    Messages:
    483
    Likes Received:
    603
    Trophy Points:
    263
    Dash Address:
    XmoocowYfrPKUR6p6M5aJZdVntQe71irCX
    maybe update your original post to reflect your now-better understanding of the nature of the false positive?

    I don't mind ignorance and panic, but please don't leave invalid assumptions lying around as fact.

    You stand a good chance perpetuating the baseless panic and create confusion.

    But, I don't see any code that could have triggered that warning. IRC was removed well before dash was even an idea.

    Code:
    commit c2efd981aa14e94cce4a0a888b6ee1f4e4347924
    Author: Matt Corallo <[email protected]>
    Date:   Sun Mar 24 19:38:19 2013 -0400
    
        (finally) Remove IRC Seed support now that lfnet is down.
    
    Guess it's triggering on the letters IRC in comments that still linger all these years later.
     
    #6 moocowmoo, Dec 21, 2017
    Last edited: Dec 21, 2017
  7. moocowmoo

    moocowmoo Bovine Bit-flipper
    Foundation Member

    Joined:
    Jun 15, 2014
    Messages:
    483
    Likes Received:
    603
    Trophy Points:
    263
    Dash Address:
    XmoocowYfrPKUR6p6M5aJZdVntQe71irCX
    It's rude and presumptive to insinuate our security has been compromised over a single, easily explainable false positive.

    I appreciate that English doesn't appear to be your first language, but since you're new here, maybe ask questions next time instead of posting outright lies and accusations.

    If you look closely, you can see the checksums and downloads are signed by a core developer, a final verification before being released to the world.
     
  8. strophy

    strophy Administrator
    Dash Core Team Dash Support Group Moderator

    Joined:
    Feb 13, 2016
    Messages:
    669
    Likes Received:
    378
    Trophy Points:
    133
    Just had another user encounter this same false positive with Kaspersky. Seems to be something different in 12.2.2 that is triggering these AV products?
     
  9. anniyahsumner

    anniyahsumner New Member

    Joined:
    Apr 1, 2019
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    If you are still facing the issue then follow these steps:
    1. Click the Virus and threat protection tile.
    2. Then click the Virus & threat protection settings label:
    3. Now, Scroll to the Notifications section and click Change notification settings.
    4. Slide the switch to Off or On to disable or enable additional notifications.
    Here I found an article sharing similar thing. Just check it.
     
    #9 anniyahsumner, Apr 1, 2019
    Last edited: Apr 24, 2019