Author

Topic: Bitcoin uninstall.exe Virus (Read 2460 times)

newbie
Activity: 57
Merit: 0
August 12, 2014, 09:24:25 PM
#18
so horrible!! Embarrassed
full member
Activity: 309
Merit: 100
August 12, 2014, 07:00:59 AM
#17
Finally I got a response from Symantec.

In relation to submission [3559553].

Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.

The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

If you are a software vendor, why not take part in our whitelisting program?
To participate in this program, please complete the following form: https://submit.symantec.com/whitelist
hero member
Activity: 588
Merit: 500
Get ready for PrimeDice Sig Campaign!
July 20, 2014, 10:50:33 PM
#16
Get your coins off that computer right now. I recommend never storing any bitcoins on that computer again until you have confirmed and removed any risks.
legendary
Activity: 2058
Merit: 1452
July 20, 2014, 10:44:49 PM
#15
MD5: E655FEB71448A6DCF0BFF48F4380B954
SHA-256:C46D9960AF09021CC58C1F5E59564E62F2CA9C94E4A1D70947C0D26E2A1E7DDB
Totally different file from mine. Here's my virustotal results:

https://www.virustotal.com/en/file/7541cba7cb701de1403aa75e6e1391bb689863e10aa5941fa0d1c893e8ab60ea/analysis/1404744581/

There's a very good chance a virus replaced a few executable files on your computer with the virus to reinstall itself.
No, it's because each uninstaller is custom generated at install time with install info to aid in uninstallation. That's why the hashes don't match. Mine uninstall.exe from a clean machine with verified digital signatures is: E2B89C3164C1A38F82BD613623010FFDE6E48FE7
hero member
Activity: 661
Merit: 502
July 20, 2014, 06:39:40 AM
#14
Reinstall the client from Github and see if you get the same message. I know most AVs pick up on miners and they're false positives but I see no reason why unistall.exe would get flagged.
legendary
Activity: 2058
Merit: 1452
July 19, 2014, 05:17:38 PM
#13
I also seem to be having a similar problem. I got reformatted my drive and, while downloading the bootstrap.dat, I got this... but like I said, it was just recently formatted, so I doubt something infected me that quick. Just a false positive.... right? Right........  Huh
Oh and I'm a big nub, so how do I check my md5sum?  Cheesy
http://imgur.com/RHhBLuF
http://implbits.com/hashtab.aspx
zvs
legendary
Activity: 1680
Merit: 1000
https://web.archive.org/web/*/nogleg.com
July 14, 2014, 04:59:37 AM
#12
I've always thought that bitcoin was doomed to fail because of the carelessness/ignorance/whatever you want to call it of most people.  You can just use Facebook as an example of how easy it is to get your random joe to install all sorts of crap on their computers by clicking random links that promise free credits, pr0n, whatever.  Thanks Javascript!

Ah, and then we have wireless and public networks and what not.  I'm sure most people will keep their bitcoin wallets on their main computer, easily accessible (and many w/o even a backup).  If they use some online wallet service, then someone could just grab their password over unprotected network, keylogger, etc.  (as well as targeting this online wallet service itself, if it's not set up properly)

Most of the people in the industrialized world have internet access now, sure as hell isn't the 80's anymore...

speaking of which, I was sad when Operation Sundevil owned killer  Sad
legendary
Activity: 2058
Merit: 1452
July 13, 2014, 10:10:46 AM
#11
I would say it's most likely safe OR you're already infected. The windows installer is digitally signed so it's very unlikely that you got a tampered installer. Also, anything in the program files directory requires administrator rights to modify, so if a virus managed to to modify the uninstaller, you're already screwed.
hero member
Activity: 854
Merit: 500
Nope..
July 13, 2014, 02:03:15 AM
#10
When I was installing the latest version of QT I got a Norton virus warning and it quarantined my uninstall.exe file.  Must be something in there that has a dangerously close signature to a real Trojan.ADH.
newbie
Activity: 1
Merit: 0
July 12, 2014, 01:24:07 PM
#9
I just had the same pleasure... installing a full node on windows 7   Roll Eyes

I am sure that newbies are running for their lives at this point


https://i.imgur.com/zeqP0Gk.png
full member
Activity: 309
Merit: 100
July 10, 2014, 02:56:32 AM
#8
I downloaded the installer again on a different computer and verified the MD5 Checksum. Because the Checksums match I assume it's a false-positive.

I reported the false-positive to Symantec, but they are not very helpfull. They thought I reported a virus and not a false-positive.
full member
Activity: 224
Merit: 100
July 09, 2014, 10:53:37 PM
#7
Thanks for the head up, will be careful about it.
Where did you get the uninstall.exe?
full member
Activity: 309
Merit: 100
July 07, 2014, 09:58:36 AM
#6
Allright, so I will clean up my computer. But it's neasty that this is possible.

Other people should be very carefull.
full member
Activity: 309
Merit: 100
July 07, 2014, 09:53:34 AM
#5
legendary
Activity: 882
Merit: 1000
July 07, 2014, 09:50:48 AM
#4
MD5: E655FEB71448A6DCF0BFF48F4380B954
SHA-256:C46D9960AF09021CC58C1F5E59564E62F2CA9C94E4A1D70947C0D26E2A1E7DDB
Totally different file from mine. Here's my virustotal results:

https://www.virustotal.com/en/file/7541cba7cb701de1403aa75e6e1391bb689863e10aa5941fa0d1c893e8ab60ea/analysis/1404744581/

There's a very good chance a virus replaced a few executable files on your computer with the virus to reinstall itself.
full member
Activity: 309
Merit: 100
July 07, 2014, 09:49:53 AM
#3
MD5: E655FEB71448A6DCF0BFF48F4380B954
SHA-256:C46D9960AF09021CC58C1F5E59564E62F2CA9C94E4A1D70947C0D26E2A1E7DDB
legendary
Activity: 882
Merit: 1000
July 07, 2014, 09:43:31 AM
#2
What's the md5sum of uninstall.exe?


Edit: Upload it to virustotal.
full member
Activity: 309
Merit: 100
July 07, 2014, 09:41:12 AM
#1
Hi

I had a virus warning before because of the Blockchain statedata.
Today I got the warning when I went to my control-panel to uninstall an other software.



I don't know if it's a correct or false-alarm.

I use the most current client 0.9.2.0
Jump to: