Author

Topic: Avast detects a virus in blocks folder when downloading the blockchain (Read 3444 times)

newbie
Activity: 14
Merit: 0
always good to run a Nmap scan on your local host see whats running (check versions) See if there are any exploits doing the rounds out there.

Linux can be quite daunting to new users thats why not many people take it up as there regular OS.

But I would have to say it offers many advantages over the usual windows platform, Since windows 10 is a absolute disgrace.
hero member
Activity: 1344
Merit: 656
lol i work for MDs. ENTs to be more precise.

point taken however Smiley i do tend to post in a hurry..

Genuinely glad it made you laugh Smiley.

I still don't understand why Linux users think that operating system is safer than Windows !?

I (don't know about the others) don't think that it's safer, I think that home Linux PCs (not talking about (companies) big servers) are way less targeted because Windows is more widely adopted. I may have used the wrong wording to convey what I meant. Moreover, for me, it's easier to monitor what's going on on a Linux than on a Windows.

I disagree. Linux and Mac can be popped just as easy as a windows machine..

You just need to look at Exploit DB to see the "massive" list of vuls for each system.

https://www.exploit-db.com/shellcode/?order_by=title&order=asc&p=Lin_x86

Nice list, will keep an eye on it Wink.


I am a Linux user and as long as your know how to use your IP tables and make sure there is nothing running that could expose the system then Its quiet save.  Only issue these days is exploit kits.. and iffy social media links. One click on a exploit pack link without fully patches system or worse running flash! (not recommended) and it could be good bye system!

I do use Linux too and as you say, as long as you adopt some practices, risks are minimized ...

Of course that doesn't protect you from someone specifically targeting you.

Av might protect you from the skids out there with there daft remote admint tools, But the real cybercrims will have your system and anything on it without so much as a popup from you AV..

I agree, let's hope no real cybercrim is targeting me specifically Smiley.
newbie
Activity: 14
Merit: 0
I disagree. Linux and Mac can be popped just as easy as a windows machine..

You just need to look at Exploit DB to see the "massive" list of vuls for each system.

https://www.exploit-db.com/shellcode/?order_by=title&order=asc&p=Lin_x86

I am a Linux user and as long as your know how to use your IP tables and make sure there is nothing running that could expose the system then Its quiet save.  Only issue these days is exploit kits.. and iffy social media links. One click on a exploit pack link without fully patches system or worse running flash! (not recommended) and it could be good bye system!

Av might protect you from the skids out there with there daft remote admint tools, But the real cybercrims will have your system and anything on it without so much as a popup from you AV..
sr. member
Activity: 700
Merit: 250

Quote
On a Linux, there's no need for that, I'll probably switch to full Linux very soon.



[no av needed or virii (<-is that a word?) for linux]

*cough*bullshit*cough*

I still don't understand why Linux users think that operating system is safer than Windows !?
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?

Quote
On a Linux, there's no need for that, I'll probably switch to full Linux very soon.



[no av needed or virii (<-is that a word?) for linux]

*cough*bullshit*cough*

Any Pc can be compromised.

Yes of course, the meaning was that Linux PCs (for home usage) seem to be less targeted by infections, or is this not the case?

vapourminer, you should go see a doctor so that your cough doesn't get worse and ask them on how you could actually write sentences to express your point of view, you seem to have trouble with that too ...


lol i work for MDs. ENTs to be more precise.

point taken however Smiley i do tend to post in a hurry..
sr. member
Activity: 462
Merit: 250
Quote
On a Linux, there's no need for that, I'll probably switch to full Linux very soon.
[no av needed or virii (<-is that a word?) for linux]
*cough*bullshit*cough*
Any Pc can be compromised.
Yes of course, the meaning was that Linux PCs (for home usage) seem to be less targeted by infections, or is this not the case?
Indeed, there are way more (home) pc's running Windows than Linux and the people using Windows are generally less tech-savvy so it'd be easy to make them click on something. Of course that doesn't protect you from someone specifically targeting you.
hero member
Activity: 1344
Merit: 656

Quote
On a Linux, there's no need for that, I'll probably switch to full Linux very soon.



[no av needed or virii (<-is that a word?) for linux]

*cough*bullshit*cough*

Any Pc can be compromised.

Yes of course, the meaning was that Linux PCs (for home usage) seem to be less targeted by infections, or is this not the case?

vapourminer, you should go see a doctor so that your cough doesn't get worse and ask them on how you could actually write sentences to express your point of view, you seem to have trouble with that too ...
legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'

Quote
On a Linux, there's no need for that, I'll probably switch to full Linux very soon.



[no av needed or virii (<-is that a word?) for linux]

*cough*bullshit*cough*

Any Pc can be compromised.

I don't use virus on any of my pcs but I have 12 dedicated miners

Three Mac minis
Two tablets
A laptop.
Three mini pcs

Almost all online is done with the macs.

There harder to infect but they have three cloned backups per each mac. And three time machines

And two in house nas for backup.

It is an alternative to virus programs.

I also,know what not,to click and what to,click.

Still can't be perfectly safe.
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?

Quote
On a Linux, there's no need for that, I'll probably switch to full Linux very soon.



[no av needed or virii (<-is that a word?) for linux]

*cough*bullshit*cough*
hero member
Activity: 1344
Merit: 656
I would recomend using a good online scanner for checking downloads and files before using them something like virus total would do.

Will surely try to do that in the future.

My advice.. Remove AV and stay away from the underground of the internet!

I can't bring myself to run Windows without an AV Smiley, do you have a Windows on which you don't have an AV? On a Linux, there's no need for that, I'll probably switch to full Linux very soon.

I don't think it's a safe practice at all to remove the av's and firewalls etc. It may end up being worse, because you may get infected by some attacker and get stolen your credit card and banking information, personal information and crypto, you could get deployed ramsomware... endless attacks. That vs inevitably being exposed to government seems better. They store too much data anyway, nobody will care about you.

These attacks can be dealt with by adopting some best practices, like not using IE Smiley, not opening suspicious emails, checking websites security certificates etc. My AV rarely alerts me, actually it started alerting me the most when I started using crypto Smiley. Generally false positives ...

They store too much data anyway, nobody will care about you.

I think I agree on this part, yet, for me, it's quite troubling to know that my data is out there for some people to use ... (even if they might never use it).

In any case if you want true privacy the only way is to use a Linux OS and Tor/VPN.

Yep, that's the way to go.
legendary
Activity: 1358
Merit: 1014
I wouldn't trust many AV's to be honest.  Yes I agree scanning files is a must if you are a downloaded but having it constantly sniffing your webtrafic I would say is spying.  as you never know where your data will end up.

Privicy friendly av is a tough one. as many of them hide there activitys in there EPIC terms and conditions. I would recomend using a good online scanner for checking downloads and files before using them something like virus total would do.

Just to prove what I mean here is the terms of avast!

https://www.avast.com/privacy-policy

See this passage

V. Storage, Retention, and Deletion of Personal Information
Storage of information.

Information that we collect is stored on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf. Personally identifiable information on our servers is only accessible from our physical premises, or via an encrypted virtual private network (VPN). Access is limited to authorized personnel only, and company networks are password protected, and subject to additional policies and procedures for security.

Data collected by Avast BackUp is transmitted in encrypted format using SSL technology, and stored under minimum 256-bit key encryption. Information collected by Avast CreditAlert is transmitted using SSL technology, and very private information such as financial data is stored under rotating 256-bit key encryption. Data transmitted using Avast SecureLine VPN service is also encrypted. In all cases data is transmitted to and from our servers using https protocol. In some cases this information may be transmitted to or stored within the European Union (“EU”), and in other cases the information may be transmitted to or stored at a location outside the territory of EU member states, such as the United States or other non-EU locations.


If you read ALL there terms (3659 pages) it makes clear that there partners include the federal government Smiley

All AV's are the same and have the same sort of rules..

My advice.. Remove AV and stay away from the underground of the internet!
I don't think it's a safe practice at all to remove the av's and firewalls etc. It may end up being worse, because you may get infected by some attacker and get stolen your credit card and banking information, personal information and crypto, you could get deployed ramsomware... endless attacks. That vs inevitably being exposed to government seems better. They store too much data anyway, nobody will care about you.

In any case if you want true privacy the only way is to use a Linux OS and Tor/VPN.
newbie
Activity: 14
Merit: 0
I wouldn't trust many AV's to be honest.  Yes I agree scanning files is a must if you are a downloaded but having it constantly sniffing your webtrafic I would say is spying.  as you never know where your data will end up.

Privicy friendly av is a tough one. as many of them hide there activitys in there EPIC terms and conditions. I would recomend using a good online scanner for checking downloads and files before using them something like virus total would do.

Just to prove what I mean here is the terms of avast!

https://www.avast.com/privacy-policy

See this passage

V. Storage, Retention, and Deletion of Personal Information
Storage of information.

Information that we collect is stored on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf. Personally identifiable information on our servers is only accessible from our physical premises, or via an encrypted virtual private network (VPN). Access is limited to authorized personnel only, and company networks are password protected, and subject to additional policies and procedures for security.

Data collected by Avast BackUp is transmitted in encrypted format using SSL technology, and stored under minimum 256-bit key encryption. Information collected by Avast CreditAlert is transmitted using SSL technology, and very private information such as financial data is stored under rotating 256-bit key encryption. Data transmitted using Avast SecureLine VPN service is also encrypted. In all cases data is transmitted to and from our servers using https protocol. In some cases this information may be transmitted to or stored within the European Union (“EU”), and in other cases the information may be transmitted to or stored at a location outside the territory of EU member states, such as the United States or other non-EU locations.


If you read ALL there terms (3659 pages) it makes clear that there partners include the federal government Smiley

All AV's are the same and have the same sort of rules..

My advice.. Remove AV and stay away from the underground of the internet!
hero member
Activity: 1344
Merit: 656
Your better off without AV and stay away from sketchy websites (Porn, Warze, p2p, Streams) keep your system up to date with latest security patches and use a good firewall! even buy a hardware firewall!

I actually never considered having a Windows PC without an Antivirus, I would feel my PC is less secure, I'm not yet ready for that Smiley ... Any advice on an AV that is more privacy-friendly? On a hardware firewall? Thx.

Your download of the blockchain should be on a dedicated pc.

So you don't need a virus program.

Thx for the suggestion, thinking that my PC was quite secure, I didn't really consider that option ... Yet you have a point, a day-to-day PC might not be suited for storing bitcoins no matter how secure (I think) it is ...
newbie
Activity: 14
Merit: 0


[/quote]

It depends on your view of them, I guess. I go for trustable companies only.

1. Popups are good for alerting your for threats. Sometimes "free" versions advertise the paid versions through popups. That's why I use a program that's 100% free, or use the paid version.

2. They scan your traffic for any incoming or outgoing packets that could be malicious or sending your private information to a malicious host.

3. The data you're sending to them is usually samples of files the antivirus isn't sure about, or that the antivirus sees as a virus.

4. Your AV can't be perfect. New viruses are being developed all the time, and some newer AVs are using server-side AI.


[/quote]

In todays world how do you define a "trusted" company..  To be very honest I have tested the top 10 AV companies via wireshark and DPI you would be surprised that all the traffic you send and receive is being analyzed and in todays "surveillance" world thats a very bad thing.

Yes I agree that scanning packets for "malicious" material is a good thing, But do you really know what the AV's are doing with this information they gather? Do you know for sure they don't pat old uncle sam on the back and hand it all over... My guess is they do.. AV is on almost every system in some form or another what better way to "collect it all" piggybacking off the AV's networks.

I direct you to this post

http://uk.pcmag.com/opinion/10154/symantec-says-antivirus-is-dead-world-rolls-eyes


Thanks

UMHZ

legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
Your download of the blockchain should be on a dedicated pc.

So you don't need a virus program.
legendary
Activity: 1232
Merit: 1030
give me your cryptos
To be honest most AV these days is typical spyware.  You name one AV that dose not have popups, Scan your traffic, Send epic amounts of "private" data back to the company.. let alone countless false positives they throw up.

In todays world of the Internet criminals know how to bypass any AV. yes they do stop the skids with there silly rat's but the serious cybercrims out there know how to FUD (fully un detectable) there virus's.

Your better off without AV and stay away from sketchy websites (Porn, Warze, p2p, Streams) keep your system up to date with latest security patches and use a good firewall! even buy a hardware firewall!



It depends on your view of them, I guess. I go for trustable companies only.

1. Popups are good for alerting your for threats. Sometimes "free" versions advertise the paid versions through popups. That's why I use a program that's 100% free, or use the paid version.

2. They scan your traffic for any incoming or outgoing packets that could be malicious or sending your private information to a malicious host.

3. The data you're sending to them is usually samples of files the antivirus isn't sure about, or that the antivirus sees as a virus.

4. Your AV can't be perfect. New viruses are being developed all the time, and some newer AVs are using server-side AI.

newbie
Activity: 14
Merit: 0
To be honest most AV these days is typical spyware.  You name one AV that dose not have popups, Scan your traffic, Send epic amounts of "private" data back to the company.. let alone countless false positives they throw up.

In todays world of the Internet criminals know how to bypass any AV. yes they do stop the skids with there silly rat's but the serious cybercrims out there know how to FUD (fully un detectable) there virus's.

Your better off without AV and stay away from sketchy websites (Porn, Warze, p2p, Streams) keep your system up to date with latest security patches and use a good firewall! even buy a hardware firewall!

hero member
Activity: 1022
Merit: 500
Two years ago download all blockhain with no virus.Eset not 32 or Norton.
hero member
Activity: 1344
Merit: 656
IIRC some blocks in the bitcoin blockchain will show up as viruses because people decided to include the code of known viruses into the signature of some transactions

Just for fun Smiley? (Or could it have any consequences?)

should probably add those folders to your AV exclusion list no matter what AV you use.

which is why it's detected by Avast. They can't get triggered though, so it's safe to ignore them.

Yep, I'll be ignoring them from now on.

Thx for the replies.



legendary
Activity: 2772
Merit: 3284
IIRC some blocks in the bitcoin blockchain will show up as viruses because people decided to include the code of known viruses into the signature of some transactions, which is why it's detected by Avast. They can't get triggered though, so it's safe to ignore them.
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
running avast free here. no probs, i just exclude the blockchain, wallet and miner folders.

should probably add those folders to your AV exclusion list no matter what AV you use.
hero member
Activity: 1344
Merit: 656
I'll recommend Avira. I used to use AVG free for a while, but my computer got a virus (SearchProtect, IIRC), which was even obious to me, but didn't seem to want to be detected by AVG. I then uninstalled it and sent through a phase looking for a good AV. I went from AVG, avast, Norton malwarebytes and bitdefender, and finally Avira, which was the only one that detected it.

Thx for the suggestion. I remember trying Avira for a limited period of time a while ago, I remember it needing more resources than Avast, but maybe it's not the case anymore. I also had Norton and AVG and these also needed more resources. If you say Avira can detect viruses that Avast won't, maybe it's worth the additional resources. Have you switched to Avira recently or was it a while ago?
legendary
Activity: 1232
Merit: 1030
give me your cryptos
You better change to another antivirus like eset nod32 its more accurate than avast, because avast sometimes very strict and could not identify actual virus database even if you updated it from the virus database. I can really prove it exactly because i had an experience with avast for 3 years of pc servicing, i fail from it due to viruses was stack at drive without even detected by avast and detected some false viruses which is a part of the installed games which cannot harm my computer. I think that the problem stated in the detected virus while downloading the blockchain was false detected by avast.

Thx for the suggestion. Didn't know about this software, always used Avast, it's free, doesn't use a lot af resources and does the job (I think). I'll look into nod32.

I'll recommend Avira. I used to use AVG free for a while, but my computer got a virus (SearchProtect, IIRC), which was even obious to me, but didn't seem to want to be detected by AVG. I then uninstalled it and sent through a phase looking for a good AV. I went from AVG, avast, Norton malwarebytes and bitdefender, and finally Avira, which was the only one that detected it.
hero member
Activity: 1344
Merit: 656
You better change to another antivirus like eset nod32 its more accurate than avast, because avast sometimes very strict and could not identify actual virus database even if you updated it from the virus database. I can really prove it exactly because i had an experience with avast for 3 years of pc servicing, i fail from it due to viruses was stack at drive without even detected by avast and detected some false viruses which is a part of the installed games which cannot harm my computer. I think that the problem stated in the detected virus while downloading the blockchain was false detected by avast.

Thx for the suggestion. Didn't know about this software, always used Avast, it's free, doesn't use a lot af resources and does the job (I think). I'll look into nod32.
hero member
Activity: 630
Merit: 500
Cryptocurrency Wallet - Denaro.io
Write them a mail, at the very least they should ask and not just delete the files.

I just checked, Avast is configured to repair, if it fails, it tries to move the infected file to quarantine, if it fails, it deletes it. I don't remember if this is the default setting or if it was mine Smiley. Anyway, I changed it to ask Wink, I think it's better than to exclude files/dirs, you never know. Thx.

You better change to another antivirus like eset nod32 its more accurate than avast, because avast sometimes very strict and could not identify actual virus database even if you updated it from the virus database. I can really prove it exactly because i had an experience with avast for 3 years of pc servicing, i fail from it due to viruses was stack at drive without even detected by avast and detected some false viruses which is a part of the installed games which cannot harm my computer. I think that the problem stated in the detected virus while downloading the blockchain was false detected by avast.
hero member
Activity: 1344
Merit: 656
Write them a mail, at the very least they should ask and not just delete the files.

I just checked, Avast is configured to repair, if it fails, it tries to move the infected file to quarantine, if it fails, it deletes it. I don't remember if this is the default setting or if it was mine Smiley. Anyway, I changed it to ask Wink, I think it's better than to exclude files/dirs, you never know. Thx.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Hi,

Having read what is written here and on other similar threads, I assume that the issue I am facing is also a false positive. I am posting it in case there is a chance it can be something else ...

So, when dowloading the blockchain for Bitcoin core 0.13.1, on Windows 10 64 bits, Avast alerts me that a virus has been found and that it will be deleting it. Here is what it logs/deletes:

Code:
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Frodo (4k, 200 years) (0)
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Leprosy (0)
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Syslock (0)
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Murphy (0)
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] AntiCad-4096 (0)
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] BV:Akuma-A (0)

I'll be configuring Avast to ignore the blocks directory in order to move on. If anyone have an(other) advice, please don't be shy Smiley.

Thank you.

Write them a mail, at the very least they should ask and not just delete the files.
hero member
Activity: 1344
Merit: 656
Hi,

Having read what is written on other similar threads, I assume that the issue I am facing is a false positive. I am posting it in case there is a chance it can be something else ...

So, when dowloading the blockchain for Bitcoin core 0.13.1, on Windows 10 64 bits, Avast alerts me that a virus has been found and that it will be deleting it. Here is what it logs/deletes:

Code:
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Frodo (4k, 200 years) (0)
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Leprosy (0)
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Syslock (0)
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Murphy (0)
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] AntiCad-4096 (0)
C:\Users\\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] BV:Akuma-A (0)

I'll be configuring Avast to ignore the blocks directory in order to move on. If anyone have an(other) advice, please don't be shy Smiley.

Thank you.
Jump to: