Recently updated to the latest beta, now Malwarebytes is flagging multiple program files as malware

I installed the latest version of the Scrivener 3 beta yesterday. Didn’t seem to have any issues - Norton designated the install as clean and there didn’t seem to be anything fishy going on when I launched Scrivener shortly after.

This morning, during a scheduled Malwarebytes scan, three Scrivener program files were flagged as malware. I re-scanned the folder C:\ProgramFiles\Scrivener and two more files were flagged, for a total of five. I have a feeling that if I kept running scans, more files might be flagged. The flagged files are as follows:

C:\ProgramFiles\Scrivener\paddle\Paddle.exe
C:\ProgramFiles\Scrivener\tools\lame\lame.exe
C:\ProgramFiles\Scrivener\qtpaths.exe
C:\ProgramFiles\Scrivener\qtdiag.exe
C:\ProgramFiles\Scrivener\QTWEBENGINEPROCESS.EXE

I quarantined the files just in case, but I’m wondering if this is all just a false flag. Has anyone else experienced something like this?

Moved to beta forum. – Katherine

Updated to 2.9.9.9 and ran malwarebytes, got 3 warnings

I have the same files you mentioned.
But only 3 of those were tagged as malware, these are the ones:
qtpaths,exe
qtwebenginprocess.exe
qtdiag.exe

QT is a third party platform for GUI and apps. I’m guessing L&L are using. It’s probable that the version of QT L&L are using got updated so that malwarebytes for some reason now reacts to them. Or the other way around malwarebytes introduced something new in their software, based on the link malwarebytes provided for the warnings, blog.malwarebytes.com/detection … heuristic/, seems they are using a heuristic to detect zero day threats aka guesssing what might be harmful and it is likely that it might guess wrong because its only looking for general things(i assume)

QT is a legit company so it is very unlikely that they would insert malware in their files and i doubt L&L would. Mistakes happen of course but i think its probable that this is a false positive.

Hopefully this is helpful

If I remember correctly, Malwarebytes also tracks which versions of various libraries are used and will warn you about applications that use libraries with outdated/unpatched versions that are being actively exploited by malware in the wild.

My memory tells me there was a period of time after a gigantic OpenSSL bug was discovered (OpenSSL is the security library used by a ton of applications across all platforms; it provides implementations of security protocols and standards such as X.509v3 certifictates, SSL, TLS, and various cryptographic protocols) when Malwarebytes was flagging any application that linked to the insecure version of OpenSSL. This may be another one of those sorts of situations.

Interesting - those are the three files that were initially flagged for me in a general malwarbytes scan (a targeted scan of the Scrivener program files folder is what flagged the other two). It does seem like it’s probably a false positive. Thanks for running this experiment, I appreciate it!

Got it - so at worst it seems like malwarebytes might have caught something insecure, but not actively malicious. Which isn’t great, but much better than malware.

Probably not relevant to say, but I run Malwarebytes-paid on three laptops, and I’ve had no problems with the latest RC-9 release getting flagged. On the other hand, I’ve never run Norton, so there’s that.

Interesting - I’m also running the paid version of Malwarebytes.

UPDATE

I took the offending files out of quarantine because Scrivener was acting very buggy without them. Once they were restored, I ran another malwarebytes scan and now it’s coming back clean. Very likely this was all just a false positive.

If you’re on Win 10, and running Defender, Norton, and Malwarebytes, I’m surprised you haven’t had more problems. You might want to think about losing Norton, unless there’s some specific reason you need it on Win 10. Here’s a link on how to run Malwarebytes with another antivirus:

https://www.howtogeek.com/230158/how-to-run-malwarebytes-alongside-another-antivirus/