[dantillberg]

This "UpdateCheckThread" code looks pretty funky, [0]. It downloads some stuff from a URL, writes a file to disk, and creates a process to run it.

0: https://github.com/dbgsymbol/getsymbol/blob/cb4bdedc1a85c308...

[bdowling]

If the code is wrapped in

   if (updateDlg.DoModal() == IDOK) { … }

then doesn’t that mean it only runs that code if the user clicks “OK” on the update dialog?

(Edit: I think I understand now. It’s not the code, it’s the update URL that’s the problem, because it’s controlled by NK. So if you run this and blindly click “OK”, then it will download an executable that will infect your PC.)

(Edit 2: Or the issue is not in the source at all, but is in the prebuilt binary.)

[rightbyte]

It could be that the code is fine but the URL is compromised?