If you updated or installed in 2025 after June-ish, the safe thing to do is uninstall, then download from the new (theoretically more secure) website and install the new (theoretically more secure) 8.9.1.
If you were pwned by an update during later 2025, they could disguise just about anything in your Notepad++ and its associated files - make it look perfectly normal, make it act perfectly normal, but have their own malware on your system doing… whatever it is they want it to do.
I understand one of the things they were doing is running a proxy to carry traffic through your system, so if you see a lot of unexpected network activity (under Windoze how can you tell?) you may have been compromised. But that’s not the only thing they could have done, nobody has really analyzed the attack yet and even after they do, you might have gotten a “special” payload that the analysis team didn’t see…
Odds are you weren’t on the “targeted list”.
If you don’t know, you’re probably auto updating.
If you updated or installed in 2025 after June-ish, the safe thing to do is uninstall, then download from the new (theoretically more secure) website and install the new (theoretically more secure) 8.9.1.
If you were pwned by an update during later 2025, they could disguise just about anything in your Notepad++ and its associated files - make it look perfectly normal, make it act perfectly normal, but have their own malware on your system doing… whatever it is they want it to do.
I understand one of the things they were doing is running a proxy to carry traffic through your system, so if you see a lot of unexpected network activity (under Windoze how can you tell?) you may have been compromised. But that’s not the only thing they could have done, nobody has really analyzed the attack yet and even after they do, you might have gotten a “special” payload that the analysis team didn’t see…