Yeah, this looks to be a false positive based on heuristics analysis of the file. It acts similar to some other spyware but isn't known to be spyware itself.
As long as you verify the hashes from electrum's website, you should be fine. I'd recommend reporting to the emsisoft about the false positive so they can fix it as well.
Topic: HELP- Malware warning about my electrum !!! (Read 460 times)
I had this happen a few months back I believe and it ended up being a false positive. If I scan it now it comes up fine. I panicked and got 99% of everything onto a paper wallet though lol. Try a different antivirus software and see if it finds anything but this is almost definitely a false positive.
It's almost certainly a false positive.
A few virus scanners have given malware warnings for electrum over the last year. This is a thread about the problem
https://bitcointalksearch.org/topic/electrum-bitcoin-wallet-is-trojan-1639722
One of the posts in it gives this virustotal scan result link for electrum-2.7.2-portable.exe
https://www.virustotal.com/en/file/5e7ecfb66f3fec010ff9ffdebb745550b6a550a87de4e0239d357f447ed19dee/analysis/1476074020/
On 10 October virustotal scanned the file with 56 different virus scanners and the only positive result was from a scanner called Invincea.
I re-scanned the same file today through virustotal and the Invincea scanner said the file is now clean.
https://www.virustotal.com/en/file/5e7ecfb66f3fec010ff9ffdebb745550b6a550a87de4e0239d357f447ed19dee/analysis/1483120578/
However now a scanner called Baidu is the only one of 56 different virus scanners to give a positive result. Ironically Baidu said the file was clean on 10 October.
The two urls prove both virustotal scans were of the same file because both of them contain the file's hash (shown below).
5e7ecfb66f3fec010ff9ffdebb745550b6a550a87de4e0239d357f447ed19dee
If there is only one positive result from 56 different virus scanners it's probably a false positive. If a scanner that gave a positive result two months ago (like Invincea) now says the file is clean it's almost certainly a false positive result.
A few virus scanners have given malware warnings for electrum over the last year. This is a thread about the problem
https://bitcointalksearch.org/topic/electrum-bitcoin-wallet-is-trojan-1639722
One of the posts in it gives this virustotal scan result link for electrum-2.7.2-portable.exe
https://www.virustotal.com/en/file/5e7ecfb66f3fec010ff9ffdebb745550b6a550a87de4e0239d357f447ed19dee/analysis/1476074020/
On 10 October virustotal scanned the file with 56 different virus scanners and the only positive result was from a scanner called Invincea.
I re-scanned the same file today through virustotal and the Invincea scanner said the file is now clean.
https://www.virustotal.com/en/file/5e7ecfb66f3fec010ff9ffdebb745550b6a550a87de4e0239d357f447ed19dee/analysis/1483120578/
However now a scanner called Baidu is the only one of 56 different virus scanners to give a positive result. Ironically Baidu said the file was clean on 10 October.
The two urls prove both virustotal scans were of the same file because both of them contain the file's hash (shown below).
5e7ecfb66f3fec010ff9ffdebb745550b6a550a87de4e0239d357f447ed19dee
If there is only one positive result from 56 different virus scanners it's probably a false positive. If a scanner that gave a positive result two months ago (like Invincea) now says the file is clean it's almost certainly a false positive result.
I got a new warning as below from EMSISOFT malware scanner
https://gyazo.com/d46782e29f6f9517fb322e0967fa68c9
is this a false positive or is some motherfucker trying to hijack my btc ??
i google the MD5 and SHA signature and google has never heard of either of them as you can see below
https://www.google.co.th/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=3EBAB1B45819DBE1E1D0015ED1B6C263
(AFAIK i downloaded electrum 2.7.12 from the official site )
The first thing that came to my mind is whats EMSISOFT? https://gyazo.com/d46782e29f6f9517fb322e0967fa68c9
is this a false positive or is some motherfucker trying to hijack my btc ??
i google the MD5 and SHA signature and google has never heard of either of them as you can see below
https://www.google.co.th/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=3EBAB1B45819DBE1E1D0015ED1B6C263
(AFAIK i downloaded electrum 2.7.12 from the official site )
EMSISOFT is probably analysing Electrum based on the behavior and how it creates the connection to the Electrum servers. Although it is entirely possible someone infected your Electrum client, the analysis doesn't indicate such.
You can verify the signature by downloading the signature file[1] and use it to verify against the exe. All files are signed with ThomasV's PGP key. You can find a tutorial here: https://www.torproject.org/docs/verifying-signatures.html.en. Replace the files accordingly, eg. (The asc file you downloaded and your exe file). ThomasV's fingerprint is 0x2BD5824B7F9470E6.
[1] https://download.electrum.org/2.7.12/electrum-2.7.12.exe.asc
I got a new warning as below from EMSISOFT malware scanner
https://gyazo.com/d46782e29f6f9517fb322e0967fa68c9
is this a false positive or is some motherfucker trying to hijack my btc ??
i google the MD5 and SHA signature and google has never heard of either of them as you can see below
https://www.google.co.th/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=3EBAB1B45819DBE1E1D0015ED1B6C263
(AFAIK i downloaded electrum 2.7.12 from the official site )
https://gyazo.com/d46782e29f6f9517fb322e0967fa68c9
is this a false positive or is some motherfucker trying to hijack my btc ??
i google the MD5 and SHA signature and google has never heard of either of them as you can see below
https://www.google.co.th/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=3EBAB1B45819DBE1E1D0015ED1B6C263
(AFAIK i downloaded electrum 2.7.12 from the official site )
Jump to: