Pages:
Author

Topic: Most likely - Possible malware in latest Bitcoin Core 64 bits bitcoin-qt.exe (Read 2920 times)

newbie
Activity: 3
Merit: 0
As of today, the 64 bit binary bitcoin-qt.exe shouldn't be detected by Kaspersky IS anymore.
The other anti-malware vendors haven't replied to my requests yet.
member
Activity: 79
Merit: 10
Updated original post.
legendary
Activity: 3472
Merit: 10611
Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/

This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/

I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..

FYI:
This is a common mistake people make when using virustotal.
the two first links you posted are not scanning any files (.zip, ...) they are instead scanning the URL you can see it from the link itself which is marked by ../url/... and reporting if the website has any malware on if when you visit.

the last link however is scanning the file because you have uploaded it. the link has ../file/... in it.
i could not find a way to not download then upload so far so if anyone has any solution i would be glad to know it. but with virustotal if you want to scan a file you have to upload it just putting the link and scanning will not scan the file.

You can click, in the upper part: File scan:   Go to downloaded file analysis

VirusTotal does not check the file itself when you give only the download link.
what you see is the file which socks435 uploaded from his computer to virustotal and since the files are the same virustotal links that analysis in the /url/... link too.

here is an example:
results for scanning: https://download.electrum.org/2.7.12/electrum-2.7.12-setup.exe
https://www.virustotal.com/en/url/64b402b0bcdc6e59521f143305987a83afacc3986548efec1cd47c797cfeccd0/analysis/1480399277/

and since virustotal could not find any file uploaded before it did not include any link to "file analysis"


however if you check the other link to https://download.electrum.org/2.7.12/electrum-2.7.12.exe you can see there is a link to "file analysis" since someone had uploaded the .exe before manually from his computer.
https://www.virustotal.com/en/url/f64b0cba4ed0afc2b5ed9fedfc8189a3ebf4e6893fd7825057cfb5a928900d4c/analysis/
member
Activity: 79
Merit: 10
Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/

This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/

I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..

FYI:
This is a common mistake people make when using virustotal.
the two first links you posted are not scanning any files (.zip, ...) they are instead scanning the URL you can see it from the link itself which is marked by ../url/... and reporting if the website has any malware on if when you visit.

the last link however is scanning the file because you have uploaded it. the link has ../file/... in it.
i could not find a way to not download then upload so far so if anyone has any solution i would be glad to know it. but with virustotal if you want to scan a file you have to upload it just putting the link and scanning will not scan the file.

You can click, in the upper part: File scan:   Go to downloaded file analysis
legendary
Activity: 3472
Merit: 10611
Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/

This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/

I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..

FYI:
This is a common mistake people make when using virustotal.
the two first links you posted are not scanning any files (.zip, ...) they are instead scanning the URL you can see it from the link itself which is marked by ../url/... and reporting if the website has any malware on if when you visit.

the last link however is scanning the file because you have uploaded it. the link has ../file/... in it.
i could not find a way to not download then upload so far so if anyone has any solution i would be glad to know it. but with virustotal if you want to scan a file you have to upload it just putting the link and scanning will not scan the file.
sr. member
Activity: 434
Merit: 250
Some antivirus flag anything that has to do with Bitcoin, or alt-coins as a virus.
For example, some of the Monero mining programs are flagged by Malwarebytes and Google as a virus,
probably because there were some botnets mining coins, and the programs trigger on the same heuristics.

Still, OP or anyone else who has information on this should follow up in this thread,
since there have been instances of github and similar websites being hacked and binaries or compiled programs being replaced with backdoored versions.
full member
Activity: 224
Merit: 100
May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw  Grin Grin Grin

I also run a full node at home  Wink  It's fine for me cause i run my computer 24/7 anyway and i dont have any limits from my broadband provider,  everyone who can, should run a full node.  Wink

You're lucky that you can run your computer all the time and dont have any internet limits!

May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw  Grin Grin Grin

Dedicated server, anyway, if you run a computer 24/7 it does work without problems.

How much does it cost for a dedicated server per month? I looked awhile back and they were fairly expensive.
member
Activity: 79
Merit: 10
May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw  Grin Grin Grin

Dedicated server, anyway, if you run a computer 24/7 it does work without problems.
member
Activity: 79
Merit: 10
Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/

This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/

I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..

I'm scanning the bitcoin-qt.exe client. Try with the one you have installed.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
As long as no vulnerabilities are present this may display as a false positive... It's extremely unlikely that somebody would tap into your device in that way so either ignore until another sign comes up or scan the computer to, prevent further complications.

I recommend using encrypted web wallets or run exclusive with a personal design.

Can you elaborate? It sounds like you suggest OP to write their own wallet software.
full member
Activity: 294
Merit: 100
Life is a game, you either play it or get played.
As long as no vulnerabilities are present this may display as a false positive... It's extremely unlikely that somebody would tap into your device in that way so either ignore until another sign comes up or scan the computer to, prevent further complications.

I recommend using encrypted web wallets or run exclusive with a personal design.
hero member
Activity: 1106
Merit: 521
May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw  Grin Grin Grin

I also run a full node at home  Wink  It's fine for me cause i run my computer 24/7 anyway and i dont have any limits from my broadband provider,  everyone who can, should run a full node.  Wink
full member
Activity: 224
Merit: 100
May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw  Grin Grin Grin
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I have 0.13.1 installed from Friday. You scared me! But I scanned now bitcoin-qt.exe (since I didn't keep the installer) with virustotal and I've found it clean (wtf?!).
I will try to boot that computer from a stick tomorrow and scan it, but I doubt that I'll find anything.
Maybe you should do the same. Better safe than sorry, always.
hero member
Activity: 1106
Merit: 521
This happens all the time, although be safe and not sorry, i had an antivirus constantly find malware in the appdata folder of bitcoin block chain.  usually a false positive.
legendary
Activity: 2058
Merit: 1030
I'm looking for free spin.
Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/

This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/

I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..
legendary
Activity: 1946
Merit: 1007
It is most likely a false positive.

Any serious malware dev will write something that is not going to be detected by a website like virustotal if they want to make a big splash. Best to notify the devs that this happens so they can fix it. There is probably a small part of code that triggers this.

Until an official response, I wouldn't touch it though.
full member
Activity: 210
Merit: 100
I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety
Quote
verifying your download using signatures from multiple developers using the gitian signatures repository

And also report this to bitcoin.org team.

Why? I only see 3 options here.

#1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess?
#2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.
#3 bitcoin devs did not slip malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone.
Maybe:
#4 bitcoin devs didnt slip the malware, but a security breach allowed a hack to do it. Contact them to solve the problem.
legendary
Activity: 1218
Merit: 1007
I'm essentially parroting what everyone else has said in the thread so far; if there are matching hash keys and you got it from a respectable source, or your usual one, then it should be fine.

I'd be incredibly surprised if the core team slipped malware in, but you never know for sure.
legendary
Activity: 1610
Merit: 1183
If the hashes match with bitcoin.org then there's nothing to worry about, just false positives. It happens all the time. I remember back in the day when I used to mine altcoins with my humble graphics card, the mining software started to show up as malware because the developers of antivirus and anti malware tools decided so... I don't understand why they would label bitcoin malware, unless someone with an agenda is paying them to do so?

It could always be that bitcoin.org got compromised and the hashes got changed but that would quickly be spotted and core developers would post about it here or tweet or whatever.
Pages:
Jump to: