SquirrelUpdater Exhibits MALWARE-LIKE BAHVIOR and DELETES CHIA!

[awesomeferret]

I ran the 1.1.4 updater, and it gave me an error that I forgot, I then noticed that Chia was effectively deleted (you get the "this shortcut refers to has been changed or moved, do you want to delete) then opened this log. All you have to do to find out what is horribly horribly wrong is read the log, it speaks for itself:

576> 2020-04-24 16:58:44> Program: Starting Squirrel Updater: --install . 576> 2020-04-24 16:58:45> Program: Starting install, writing to C:\Users\alexandero11\AppData\Local\SquirrelTemp 576> 2020-04-24 16:58:45> Program: About to install to: C:\Users\alexandero11\AppData\Local\Discord 576> 2020-04-24 16:58:45> SingleGlobalInstance: Grabbing lockfile with timeout of 00:00:10 576> 2020-04-24 16:58:45> CheckForUpdateImpl: Reading RELEASES file from C:\Users\alexandero11\AppData\Local\SquirrelTemp 576> 2020-04-24 16:58:45> CheckForUpdateImpl: Remote version 0.0.306 differs from local 576> 2020-04-24 16:58:45> CheckForUpdateImpl: First run or local directory is corrupt, starting from scratch 576> 2020-04-24 16:58:45> ApplyReleasesImpl: Writing files to app directory: C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\chrome_100_percent.pak to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\chrome_100_percent.pak 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\chrome_200_percent.pak to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\chrome_200_percent.pak 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\app.ico to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\app.ico 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\d3dcompiler_47.dll to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\d3dcompiler_47.dll 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\Discord.exe to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\Discord.exe 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\ffmpeg.dll to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\ffmpeg.dll 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\libEGL.dll to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\libEGL.dll 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\libGLESv2.dll to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\libGLESv2.dll 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\icudtl.dat to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\icudtl.dat 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\natives_blob.bin to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\natives_blob.bin 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\snapshot_blob.bin to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\snapshot_blob.bin 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\v8_context_snapshot.bin to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\v8_context_snapshot.bin 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\Squirrel.exe to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\Squirrel.exe 576> 2020-04-24 16:58:49> ApplyReleasesImpl: Moving file C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\lib\net45\resources.pak to C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\resources.pak 576> 2020-04-24 16:58:50> ApplyReleasesImpl: Started updateSelf pid 11140 576> 2020-04-24 16:58:50> ApplyReleasesImpl: Squirrel Enabled Apps: [C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\Discord.exe] 576> 2020-04-24 16:58:52> Utility: Process Started: C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\Discord.exe --squirrel-install 0.0.306, pid 10588 576> 2020-04-24 16:58:54> Utility: Received exitcode 0 from process C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\Discord.exe 576> 2020-04-24 16:58:54> ApplyReleasesImpl: ran C:\Users\alexandero11\AppData\Local\Discord\app-0.0.306\Discord.exe, pid 5500 576> 2020-04-24 16:58:54> ApplyReleasesImpl: Starting fixPinnedExecutables 576> 2020-04-24 16:58:54> ApplyReleasesImpl: fixPinnedExecutables: newCurrentFolder: app-0.0.306 576> 2020-04-24 16:58:54> ApplyReleasesImpl: File 'C:\Users\alexandero11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk' could not be converted into a valid ShellLink: System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002) at Squirrel.Shell.ShellLink.IShellLinkW.Resolve(IntPtr hWnd, UInt32 fFlags) at Squirrel.Shell.ShellLink.Open(String linkFile, IntPtr hWnd, EShellLinkResolveFlags resolveFlags, UInt16 timeOut) at Squirrel.UpdateManager.ApplyReleasesImpl.b11_0(FileInfo file) 576> 2020-04-24 16:58:54> ApplyReleasesImpl: File 'C:\Users\alexandero11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk' could not be converted into a valid ShellLink: System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002) at Squirrel.Shell.ShellLink.IShellLinkW.Resolve(IntPtr hWnd, UInt32 fFlags) at Squirrel.Shell.ShellLink.Open(String linkFile, IntPtr hWnd, EShellLinkResolveFlags resolveFlags, UInt16 timeOut) at Squirrel.UpdateManager.ApplyReleasesImpl.b__11_0(FileInfo file) 576> 2020-04-24 16:58:55> ApplyReleasesImpl: Updating shortcut C:\Users\alexandero11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk 576> 2020-04-24 16:58:55> ApplyReleasesImpl: Updating shortcut C:\Users\alexandero11\Desktop\Discord.lnk 576> 2020-04-24 16:58:55> ApplyReleasesImpl: Fixing up tray icons 576> 2020-04-24 16:58:55> ApplyReleasesImpl: cleanDeadVersions: for version 0.0.306 576> 2020-04-24 16:58:55> ApplyReleasesImpl: cleanDeadVersions: exclude current version folder app-0.0.306 2020-05-30 13:13:20> Program: Starting Squirrel Updater: --install . --checkInstall --source=PROPLUS --silent --exeName=Teams.exe 2020-05-30 13:13:21> RegistryService: RegKeyExists: HKEY_CURRENT_USER\Software\Microsoft\Office\Teams does not exist 2020-05-30 13:13:21> RegistryService: TryGetRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\ProductReleaseIds exists. Data - O365BusinessRetail 2020-05-30 13:13:21> RegistryService: TryGetRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\AudienceData does not exist 2020-05-30 13:13:21> RegistryService: TryGetRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\LastScenario exists. Data - UPDATE 2020-05-30 13:13:21> RegistryService: RegKeyExists: HKEY_CURRENT_USER\Software\Policies\Microsoft\Cloud\Office\16.0\Teams does not exist 2020-05-30 13:13:21> Program: Registry value Software\Policies\Microsoft\Cloud\Office\16.0\Teams\PreventFirstLaunchAfterInstall does not exist 2020-05-30 13:13:21> RegistryService: RegKeyExists: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Teams does not exist 2020-05-30 13:13:21> Program: Registry value Software\Policies\Microsoft\Office\16.0\Teams\PreventFirstLaunchAfterInstall does not exist 2020-05-30 13:13:21> RegistryService: RegKeyExists: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Teams does not exist 2020-05-30 13:13:21> Program: Registry value Software\Microsoft\Office\16.0\Teams\PreventFirstLaunchAfterInstall does not exist 2020-05-30 13:13:21> Program: Registry flags are not set: proceed with default value NotConfigured 2021-04-14 18:16:31> Program: Starting Squirrel Updater: --install . 2021-04-14 18:16:32> Program: Starting install, writing to C:\Users\alexandero11\AppData\Local\SquirrelTemp 2021-04-14 18:16:32> Program: About to install to: C:\Users\alexandero11\AppData\Local\TIDAL 2021-04-14 18:16:32> CheckForUpdateImpl: Couldn't write out staging user ID, this user probably shouldn't get beta anything: System.IO.DirectoryNotFoundException: Could not find a part of the path 'C:\Users\alexandero11\AppData\Local\TIDAL\packages.betaId'. at System.IO.Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.StreamWriter.CreateFile(String path, Boolean append, Boolean checkHost) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize, Boolean checkHost) at System.IO.File.InternalWriteAllText(String path, String contents, Encoding encoding, Boolean checkHost) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at Squirrel.UpdateManager.CheckForUpdateImpl.getOrCreateStagedUserId() 2021-04-14 18:16:32> CheckForUpdateImpl: Failed to load local releases, starting from scratch: System.IO.DirectoryNotFoundException: Could not find a part of the path 'C:\Users\alexandero11\AppData\Local\TIDAL\packages\RELEASES'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at Squirrel.Utility.LoadLocalReleases(String localReleaseFile) at Squirrel.UpdateManager.CheckForUpdateImpl.d__2.MoveNext() 2021-04-14 18:16:32> CheckForUpdateImpl: Reading RELEASES file from C:\Users\alexandero11\AppData\Local\SquirrelTemp 2021-04-14 18:16:32> CheckForUpdateImpl: First run or local directory is corrupt, starting from scratch 2021-04-14 18:16:33> ApplyReleasesImpl: Writing files to app directory: C:\Users\alexandero11\AppData\Local\TIDAL\app-2.27.6 2021-04-14 18:16:35> LogHost: Rigging execution stub for TIDAL_ExecutionStub.exe to C:\Users\alexandero11\AppData\Local\TIDAL\TIDAL.exe 2021-04-14 18:16:39> ApplyReleasesImpl: Squirrel Enabled Apps: [C:\Users\alexandero11\AppData\Local\TIDAL\app-2.27.6\TIDAL.exe] 2021-04-14 18:16:41> ApplyReleasesImpl: Starting fixPinnedExecutables 2021-04-14 18:16:41> ApplyReleasesImpl: Examining Pin: File Explorer.lnk 2021-04-14 18:16:41> ApplyReleasesImpl: Examining Pin: Google Chrome.lnk 2021-04-14 18:16:41> ApplyReleasesImpl: Examining Pin: Spotify.lnk 2021-04-14 18:16:41> ApplyReleasesImpl: Fixing up tray icons 2021-04-14 18:16:41> ApplyReleasesImpl: cleanDeadVersions: for version 2.27.6 2021-04-14 18:16:41> ApplyReleasesImpl: cleanDeadVersions: exclude folder app-2.27.6

I respectfully demand an explanation, this is tech news blog worthy and is really creeping me out, this is malware-like behavior after all.

UPDATE: supplementary info: the machine that this occurred on was running Windows 10 and it's a 4th gen i5 based laptop. On my desktop rig (i7 6700k, Win10, GTX 1070) it worked perfectly. This is the exact download link, as you can see, it's an official Github link: https://github-releases.githubusercontent.com/197153676/b824ac00-ad1d-11eb-8a58-4bbfde76835b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210507%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210507T052721Z&X-Amz-Expires=300&X-Amz-Signature=10ef4c6f265e4e7b795a1ed1c943aa92efa6bb7c52e1a20af8557413fb3d119e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=197153676&response-content-disposition=attachment%3B%20filename%3DChiaSetup-1.1.4.exe&response-content-type=application%2Foctet-stream

[ghost]

Are you aware that the log file entries are mostly over one year old? All of them predate the release of chia 1.1.4

[awesomeferret]

Are you aware that the log file entries are mostly over one year old? All of them predate the release of chia 1.1.4

Yep. So, I need an explanation. You can obviously see by the great variation in the dates (many months apart) that the dates are not reliable. If those entries are valid, then how can it start off with referencing SquirrelUpdater? I will have to go to the tech news sites if I don't get an explanation soon. None of this makes sense. Remember, after running 1.1.4 and it "updated", Chia was deleted. This is malware-like behavior. How has this not gotten more traction?

[awesomeferret]

OK, time to escalate this. Chia has malware-like behavior and I WILL NOT BE IGNORED.

[ddcruver]

I assume this is a joke because SquirrelUpdater is a set of tools that developers can use to manage their installed programs. It appears that Chia has decided to use it on windows. So no it is not malware-like behavior for an Installer to Delete an Old Version of a program in order to reinstall a newer version. Like what did you expect to happen when you double clicked on the installer?

[awesomeferret]

I expected it to install normally like it did on my other machines, not spit out an error, not open a spooky log and not delete Chia from my system (had to reinstall Chia from scratch, resync and everything).

On Wed, May 12, 2021, 2:31 PM Dan @.***> wrote:

I assume this is a joke because SquirrelUpdater is a set of tools that developers can use to manage their installed programs. It appears that Chia has decided to use it on windows. So no it is not malware-like behavior for an Installer to Delete an Old Version of a program in order to reinstall a newer version. Like what did you expect to happen when you double clicked on the installer?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Chia-Network/chia-blockchain/issues/4028#issuecomment-840110520, or unsubscribe https://github.com/notifications/unsubscribe-auth/APEJQMFWFIL42OJRLWGXFNDTNLXULANCNFSM44JBRNMQ .

[ddcruver]

Yes sometime applications fail and display error message. That doesn't mean it is a virus. If you are scared of viruses and that isn't a bad thing I suggest you avoid the crypto applications in general.

[github-actions[bot]]

This issue has been flagged as stale as there has been no activity on it in 14 days. If this issue is still affecting you and in need of review, please update it to keep it open.

[github-actions[bot]]

This issue was automatically closed because it has been flagged as stale and subsequently passed 7 days with no further activity.