Things I have tried
What I’m trying to do
Yesterday I received a manual update prompt and clicked on the Download button. The download went as usual through Chrome (
https://objects.githubusercontent.com/github-production-release-asset-2e65be/262342594/192e6db9-33ba-4a32-a231-9fba61c43b77?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220727%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220727T083259Z&X-Amz-Expires=300&X-Amz-Signature=fdee066bd7ccc14ffddb69717dc2ebf4163e1862a098a859b158497c132d2780&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=262342594&response-content-disposition=attachment%3B%20filename%3DObsidian.0.15.9.exe&response-content-type=application%2Foctet-stream), then the update proceeded without any issue. When I opened Obsidian after update, a popup from Dr. Web antivirus appeared saying that it eliminated threat of trojan.
Trojan.Siggen18.28329 was located at C:\Users[myusername]\AppData\Local\obsidian-updater\installer.exe
Should I be worried now? Strangely I checked the installer file I got from github with VirusTotal and it didn’t find any viruses.
July 28, 2022, 4:01am
@obsleep. You’re not looking at a Trojan. You’re looking at processes that could POTENTIALLY be used maliciously, hence the reason we don’t download untrusted software. Specifically, VirusTotal shows NO SECURITY VENDER DETECTIONS for Obsidian 15.9 (See linked report). Looking at Dr. Web’s report, it sandboxed the file because pieces of it could potentially be used maliciously. Importantly, it did not detect maliciousness here, which is why it’s listed as neutral. Looking deeper into that report, it shows the concern was with the program being able to CREATE NEW WINDOWS, DELETE FILES, and similar things that Obsidian ordinarily does, things we want it to do, which are FEATURES (See linked report).
Dr. Web Link
So, based on this, along with my longstanding trust of Obsidian’s developers. I had no problem installing this update. That’s my choice. Everybody else has the same choice! Enjoy your evening, folks.
Dr. Web antivirus
LOL! That about summarizes this post. Use BitDefender, Microsoft Defender, or Kaspersky AV.
Yeah, that’s why I’m confused. Thanks for clearing that up. Still, it found a specific trojan which was not present in my system.
As for Dr. Web I can’t change it since it installed by my employer.
Dr. Web has been constantly flagging the installers the last few updates,
it was always a false positive.
It always flags the same thing, which COULD be used maliciously, but is not in this case.
Injects code into the following user processes:
which is not unusual for a installer.
Thanks! I can be at peace for now
August 5, 2022, 12:35am
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.