false antivirus notifications DashCore wallet

dashprofessor

New Member
Dec 19, 2017
8
0
1
40
21.12.2017 01.57.27 FOUND OBJECT (file removed) C:\Program Files\DashCore\daemon\dashd.exe programm Microsoft Compatibility Telemetry

file C:\Program Files\DashCore\daemon\dashd.exe name: Backdoor.Win32.mIRC-based.bp

21.12.2017 01.57.27 object,file restricted C:\Program Files\DashCore\daemon\dashd.exe program: Microsoft Compatibility Telemetry file: C:\Program Files\DashCore\daemon\dashd.exe name : Backdoor.Win32.mIRC-based.bp

file C:\Program Files\DashCore\daemon\dashd.exe , Microsoft Compatibility Telemetry file C:\Program Files\DashCore\daemon\dashd.exe name Backdoor.Win32.mIRC-based.bp
 
Last edited:

strophy

Administrator
Dash Core Team
Moderator
Dash Support Group
Feb 13, 2016
725
426
133
I'm running the latest version of Windows Defender and I never got that. Where did you download Dash from?
 

dashprofessor

New Member
Dec 19, 2017
8
0
1
40
Here is nothing about windows defender . I check it with Antivirus .
DL was from dash.org

Its time to hire security department check&update everything

Backdoor:Win32/mIRCbased - This threat can give a malicious hacker unauthorized access and control of your PC.
 

moocowmoo

Bovine Bit-flipper
Foundation Member
Jun 15, 2014
483
603
263
masternode.me
Dash Address
XmoocowYfrPKUR6p6M5aJZdVntQe71irCX
Categorically a false positive.

Earlier bitcoin versions used irc to locate peers. Dash is based on one of these earlier versions.

Your antivirus is just noticing the code can talk over irc, a feature replaced by dnsseeds.

Will edit above with code snippets once I find the relevant sections.
 

moocowmoo

Bovine Bit-flipper
Foundation Member
Jun 15, 2014
483
603
263
masternode.me
Dash Address
XmoocowYfrPKUR6p6M5aJZdVntQe71irCX
maybe update your original post to reflect your now-better understanding of the nature of the false positive?

I don't mind ignorance and panic, but please don't leave invalid assumptions lying around as fact.

You stand a good chance perpetuating the baseless panic and create confusion.

But, I don't see any code that could have triggered that warning. IRC was removed well before dash was even an idea.

Code:
commit c2efd981aa14e94cce4a0a888b6ee1f4e4347924
Author: Matt Corallo <[email protected]>
Date:   Sun Mar 24 19:38:19 2013 -0400

    (finally) Remove IRC Seed support now that lfnet is down.
Guess it's triggering on the letters IRC in comments that still linger all these years later.
 
Last edited:

moocowmoo

Bovine Bit-flipper
Foundation Member
Jun 15, 2014
483
603
263
masternode.me
Dash Address
XmoocowYfrPKUR6p6M5aJZdVntQe71irCX
Its time to hire security department check&update everything.
It's rude and presumptive to insinuate our security has been compromised over a single, easily explainable false positive.

I appreciate that English doesn't appear to be your first language, but since you're new here, maybe ask questions next time instead of posting outright lies and accusations.

If you look closely, you can see the checksums and downloads are signed by a core developer, a final verification before being released to the world.
 

strophy

Administrator
Dash Core Team
Moderator
Dash Support Group
Feb 13, 2016
725
426
133
Just had another user encounter this same false positive with Kaspersky. Seems to be something different in 12.2.2 that is triggering these AV products?