There is no problem here. If the hashes match and you properly verify the download by following: https://bitcointalksearch.org/topic/verifying-bitcoin-core-1588906 then there will be absolutely no problems.
The AV warnings are all false positives. They usually flag Bitcoin Core as a coin stealer (because it looks for a wallet.dat since it creates the file) or a bitcoin miner (because it contains a miner in the software if you want to mine on regtest or testnet).
Topic: Most likely - Possible malware in latest Bitcoin Core 64 bits bitcoin-qt.exe - page 2. (Read 2915 times)
November 27, 2016, 11:14:42 AM
November 27, 2016, 08:02:30 AM
Malware creator always keeps eye on prey that where they could ignite their malware on system. And bitcoin software is one such source through which they could spead their bad codes. We should be really carefull even with bitcoin softwares also.
November 27, 2016, 06:41:42 AM
Sites like https://www.virustotal.com makes use of Heuristics and code that might look or behave like a virus, will be flagged. Do you really
think code that are not proprietary, would hide viruses or Malware? It is under constant scrutiny from competitors to find "weakpoints" to
discredit it, so why would people insert Malware on purpose?
Make sure you are downloading it from "trusted" sites.
think code that are not proprietary, would hide viruses or Malware? It is under constant scrutiny from competitors to find "weakpoints" to
discredit it, so why would people insert Malware on purpose?
Make sure you are downloading it from "trusted" sites. 
November 27, 2016, 06:26:43 AM
This is terrible, I don't supppse you'll ever know the full truth here though. I'm hesitant to upgrade my Core Client to 0.13.1 now.
November 27, 2016, 04:52:38 AM
For me, its sounds like a false positive, but if you downloaded it from shady sources, be careful.
November 27, 2016, 04:51:58 AM
I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety
And also report this to bitcoin.org team.
Quote
verifying your download using signatures from multiple developers using the gitian signatures repository
And also report this to bitcoin.org team.
Why? I only see 3 options here.
#1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess?
#2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.
#3 bitcoin devs did not slio malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone.
The SHA256 signatures match the signatures specified by bitcoin.org. I will contact ASAP Bitcoin.org and some antivirus vendors...
November 27, 2016, 04:45:08 AM
I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety
And also report this to bitcoin.org team.
Quote
verifying your download using signatures from multiple developers using the gitian signatures repository
And also report this to bitcoin.org team.
Why? I only see 3 options here.
#1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess?
#2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.
#3 bitcoin devs did not slip malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone.
November 27, 2016, 04:41:37 AM
I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety
And also report this to bitcoin.org team.
Quote
Furthermore, we recommend verifying your download using signatures from multiple developers using the gitian signatures repository.
And also report this to bitcoin.org team.
November 27, 2016, 04:17:30 AM
Just downloaded the latest Bitcoin Core from bitcoin.org, scanned it at https://www.virustotal.com
And bingo
SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338
SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2 bitcoin-0.13.1-win64.zip
Link to the scanner results:
https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/
AegisLab Uds.Dangerousobject.Multi!c 20161127
Kaspersky Trojan.MSIL.CoinStealer.km 20161127
Rising Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud) 20161127
And bingo
SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338
SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2 bitcoin-0.13.1-win64.zip
Link to the scanner results:
https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/
AegisLab Uds.Dangerousobject.Multi!c 20161127
Kaspersky Trojan.MSIL.CoinStealer.km 20161127
Rising Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud) 20161127
https://securelist.com/blog/virus-watch/58553/analysis-of-malware-from-the-mtgox-leak-archive/
Quote
The malware creates and executes the TibanneSocket.exe binary and searches for the files bitcoin.confand wallet.dat v the latter is a critical data file for a Bitcoin crypto-currency user: if it is kept unencrypted and is stolen, cybercriminals will gain access to all Bitcoins the user has in his possession for that specific account.
November 27, 2016, 03:12:33 AM
This is serious. Chances are that this is a false positive (I hope so).
Please report back to bitcoin.org!
Please report back to bitcoin.org!
November 27, 2016, 02:54:41 AM
Just downloaded the latest Bitcoin Core from bitcoin.org, scanned it at https://www.virustotal.com
And bingo
SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338
SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2 bitcoin-0.13.1-win64.zip
Edit: The SHA256 match the signatures specified in the Bitcoin.org website
Link to the scanner results:
https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/
AegisLab Uds.Dangerousobject.Multi!c 20161127
Kaspersky Trojan.MSIL.CoinStealer.km 20161127
Rising Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud) 20161127
Edit2: Seems like the Rising antivirus doesnt mark it anymore as a malware. Edit 2.1: Added again as malware
Edit3: I see that the 32 bits binary is totally clean in virustotal. This only happen with the 64 bits binary of bitcoin-qt.exe
Edit4: Confirmed. Kaspersky deletes the file on sight, and more antivirus marked the file as infected. Doesnt seems to be a false positive.
And bingo
SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338
SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2 bitcoin-0.13.1-win64.zip
Edit: The SHA256 match the signatures specified in the Bitcoin.org website
Link to the scanner results:
https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/
AegisLab Uds.Dangerousobject.Multi!c 20161127
Kaspersky Trojan.MSIL.CoinStealer.km 20161127
Rising Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud) 20161127
Edit2: Seems like the Rising antivirus doesnt mark it anymore as a malware. Edit 2.1: Added again as malware
Edit3: I see that the 32 bits binary is totally clean in virustotal. This only happen with the 64 bits binary of bitcoin-qt.exe
Edit4: Confirmed. Kaspersky deletes the file on sight, and more antivirus marked the file as infected. Doesnt seems to be a false positive.
Jump to: