As of today, the 64 bit binary bitcoin-qt.exe shouldn't be detected by Kaspersky IS anymore.
The other anti-malware vendors haven't replied to my requests yet.
Topic: Most likely - Possible malware in latest Bitcoin Core 64 bits bitcoin-qt.exe (Read 2915 times)
December 07, 2016, 02:27:25 AM
December 02, 2016, 06:12:32 PM
Updated original post.
November 29, 2016, 01:06:21 AM
Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/
This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/
I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/
This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/
I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..
FYI:
This is a common mistake people make when using virustotal.
the two first links you posted are not scanning any files (.zip, ...) they are instead scanning the URL you can see it from the link itself which is marked by ../url/... and reporting if the website has any malware on if when you visit.
the last link however is scanning the file because you have uploaded it. the link has ../file/... in it.
i could not find a way to not download then upload so far so if anyone has any solution i would be glad to know it. but with virustotal if you want to scan a file you have to upload it just putting the link and scanning will not scan the file.
You can click, in the upper part: File scan: Go to downloaded file analysis
VirusTotal does not check the file itself when you give only the download link.
what you see is the file which socks435 uploaded from his computer to virustotal and since the files are the same virustotal links that analysis in the /url/... link too.
here is an example:
results for scanning: https://download.electrum.org/2.7.12/electrum-2.7.12-setup.exe
https://www.virustotal.com/en/url/64b402b0bcdc6e59521f143305987a83afacc3986548efec1cd47c797cfeccd0/analysis/1480399277/
and since virustotal could not find any file uploaded before it did not include any link to "file analysis"
however if you check the other link to https://download.electrum.org/2.7.12/electrum-2.7.12.exe you can see there is a link to "file analysis" since someone had uploaded the .exe before manually from his computer.
https://www.virustotal.com/en/url/f64b0cba4ed0afc2b5ed9fedfc8189a3ebf4e6893fd7825057cfb5a928900d4c/analysis/
November 28, 2016, 09:02:25 AM
Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/
This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/
I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/
This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/
I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..
FYI:
This is a common mistake people make when using virustotal.
the two first links you posted are not scanning any files (.zip, ...) they are instead scanning the URL you can see it from the link itself which is marked by ../url/... and reporting if the website has any malware on if when you visit.
the last link however is scanning the file because you have uploaded it. the link has ../file/... in it.
i could not find a way to not download then upload so far so if anyone has any solution i would be glad to know it. but with virustotal if you want to scan a file you have to upload it just putting the link and scanning will not scan the file.
You can click, in the upper part: File scan: Go to downloaded file analysis
November 27, 2016, 11:20:26 PM
Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/
This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/
I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/
This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/
I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..
FYI:
This is a common mistake people make when using virustotal.
the two first links you posted are not scanning any files (.zip, ...) they are instead scanning the URL you can see it from the link itself which is marked by ../url/... and reporting if the website has any malware on if when you visit.
the last link however is scanning the file because you have uploaded it. the link has ../file/... in it.
i could not find a way to not download then upload so far so if anyone has any solution i would be glad to know it. but with virustotal if you want to scan a file you have to upload it just putting the link and scanning will not scan the file.
November 27, 2016, 07:21:40 PM
Some antivirus flag anything that has to do with Bitcoin, or alt-coins as a virus.
For example, some of the Monero mining programs are flagged by Malwarebytes and Google as a virus,
probably because there were some botnets mining coins, and the programs trigger on the same heuristics.
Still, OP or anyone else who has information on this should follow up in this thread,
since there have been instances of github and similar websites being hacked and binaries or compiled programs being replaced with backdoored versions.
For example, some of the Monero mining programs are flagged by Malwarebytes and Google as a virus,
probably because there were some botnets mining coins, and the programs trigger on the same heuristics.
Still, OP or anyone else who has information on this should follow up in this thread,
since there have been instances of github and similar websites being hacked and binaries or compiled programs being replaced with backdoored versions.
November 27, 2016, 06:32:29 PM
May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw 
I also run a full node at home
It's fine for me cause i run my computer 24/7 anyway and i dont have any limits from my broadband provider, everyone who can, should run a full node. You're lucky that you can run your computer all the time and dont have any internet limits!
May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw
Dedicated server, anyway, if you run a computer 24/7 it does work without problems.
How much does it cost for a dedicated server per month? I looked awhile back and they were fairly expensive.
November 27, 2016, 05:13:57 PM
May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw
Dedicated server, anyway, if you run a computer 24/7 it does work without problems.
November 27, 2016, 05:13:03 PM
Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/
This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/
I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/
This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/
I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..
I'm scanning the bitcoin-qt.exe client. Try with the one you have installed.
November 27, 2016, 05:03:09 PM
As long as no vulnerabilities are present this may display as a false positive... It's extremely unlikely that somebody would tap into your device in that way so either ignore until another sign comes up or scan the computer to, prevent further complications.
I recommend using encrypted web wallets or run exclusive with a personal design.
I recommend using encrypted web wallets or run exclusive with a personal design.
Can you elaborate? It sounds like you suggest OP to write their own wallet software.
November 27, 2016, 04:12:53 PM
As long as no vulnerabilities are present this may display as a false positive... It's extremely unlikely that somebody would tap into your device in that way so either ignore until another sign comes up or scan the computer to, prevent further complications.
I recommend using encrypted web wallets or run exclusive with a personal design.
I recommend using encrypted web wallets or run exclusive with a personal design.
November 27, 2016, 04:07:14 PM
May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw
I also run a full node at home
It's fine for me cause i run my computer 24/7 anyway and i dont have any limits from my broadband provider, everyone who can, should run a full node. November 27, 2016, 03:44:43 PM
May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw
November 27, 2016, 02:28:14 PM
I have 0.13.1 installed from Friday. You scared me! But I scanned now bitcoin-qt.exe (since I didn't keep the installer) with virustotal and I've found it clean (wtf?!).
I will try to boot that computer from a stick tomorrow and scan it, but I doubt that I'll find anything.
Maybe you should do the same. Better safe than sorry, always.
I will try to boot that computer from a stick tomorrow and scan it, but I doubt that I'll find anything.
Maybe you should do the same. Better safe than sorry, always.
November 27, 2016, 01:56:57 PM
This happens all the time, although be safe and not sorry, i had an antivirus constantly find malware in the appdata folder of bitcoin block chain. usually a false positive.
November 27, 2016, 12:58:04 PM
Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/
This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/
I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/
This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/
I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..
November 27, 2016, 12:19:17 PM
It is most likely a false positive.
Any serious malware dev will write something that is not going to be detected by a website like virustotal if they want to make a big splash. Best to notify the devs that this happens so they can fix it. There is probably a small part of code that triggers this.
Until an official response, I wouldn't touch it though.
Any serious malware dev will write something that is not going to be detected by a website like virustotal if they want to make a big splash. Best to notify the devs that this happens so they can fix it. There is probably a small part of code that triggers this.
Until an official response, I wouldn't touch it though.
November 27, 2016, 11:43:58 AM
I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety
And also report this to bitcoin.org team.
Quote
verifying your download using signatures from multiple developers using the gitian signatures repository
And also report this to bitcoin.org team.
Why? I only see 3 options here.
#1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess?
#2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.
#3 bitcoin devs did not slip malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone.
#4 bitcoin devs didnt slip the malware, but a security breach allowed a hack to do it. Contact them to solve the problem.
November 27, 2016, 11:29:45 AM
I'm essentially parroting what everyone else has said in the thread so far; if there are matching hash keys and you got it from a respectable source, or your usual one, then it should be fine.
I'd be incredibly surprised if the core team slipped malware in, but you never know for sure.
I'd be incredibly surprised if the core team slipped malware in, but you never know for sure.
November 27, 2016, 11:21:16 AM
If the hashes match with bitcoin.org then there's nothing to worry about, just false positives. It happens all the time. I remember back in the day when I used to mine altcoins with my humble graphics card, the mining software started to show up as malware because the developers of antivirus and anti malware tools decided so... I don't understand why they would label bitcoin malware, unless someone with an agenda is paying them to do so?
It could always be that bitcoin.org got compromised and the hashes got changed but that would quickly be spotted and core developers would post about it here or tweet or whatever.
It could always be that bitcoin.org got compromised and the hashes got changed but that would quickly be spotted and core developers would post about it here or tweet or whatever.
Jump to: