Author

Topic: NOD32 detects new heur_pe in Bitcoin (Read 13909 times)

sr. member
Activity: 350
Merit: 252
probiwon.com
December 05, 2010, 09:21:40 AM
#8
You can see the code in sourceforge and compile that same code yourself, creating the same .exe files. There is no virus inside bitcoin.

Might be worth something to change in the official build?
legendary
Activity: 1540
Merit: 1002
November 26, 2010, 12:48:47 PM
#7
Or should we just state that bitcoin is the virus instead? Smiley

That should be sufficiently confusing to still scare the average person. I think we should stay away from that.

Either your irony skills are much better than mine, or my irony skills suck to the point of them going unnoticed...
legendary
Activity: 1540
Merit: 1002
November 26, 2010, 10:21:07 AM
#6
We all want / expect bitcoin to be viral, so let me fix this for you:

There is no bad virus inside bitcoin.

Or should we just state that bitcoin is the virus instead? Smiley
sr. member
Activity: 350
Merit: 252
probiwon.com
November 25, 2010, 11:31:33 PM
#5
Problem still exists and it frightens users.
newbie
Activity: 24
Merit: 4
February 15, 2010, 02:20:32 PM
#4
I thought so, but my boss wasn't so pleased to find out I had a "virus" on my computer. I will add the software to the "identify this as allowed software" list.
legendary
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
February 15, 2010, 12:13:44 PM
#3
OK I have sent it to:

Jotti online file scanning service at http://virusscan.jotti.org/ - All participating AVs will get a copy

VirusTotal online file scanning service at http://www.virustotal.com/ - All participating AVs will get a copy

Also, Ad-aware ThreatWork and some other online scanners.

I don't expect them to report any real problems. However, this will help to get Bitcoin added to their users 'allowed' lists more quickly. Cool

http://virusscan.jotti.org/en/scanresult/965fa033015c3f5be619dbe58dc5706dbde9fdec/2e346be0ba06c1c9a36b00705b92cd34f7d37893

https://www.virustotal.com/analisis/8fd5fefced48112b03e9683c52a62daac0b2e007a0a83dc4dd9b856d3dfbe487-1266194710

OK. All 'false positives' as far as I can gather !

legendary
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
February 15, 2010, 11:58:02 AM
#2
I'm 100% certain that it is a 'false positive' NewHEUR_PE is a 'Heur'istic-based detection.

See: http://www.eset.com/threat-center/encyclopedia/glossary/newheurpe

I will repeat part of a previous post.

Let me explain further. Bitcoin is not a virus. What you have experienced is know as an anti-virus 'false positive' identification.

See: http://wikipedia.org/wiki/Antivirus_software#False_positives "A false positive is identifying a file as a virus when it is not a virus."

This often happens with 'new' software because anti-virus programs have never seen the program before. Anti-virus programs use Heuristic-based detection to try and identify unknown viruses, they basically guess if a program is malicious or not to try and 'protect' your PC.

Anti-virus programs are somewhat simple in this respect, however they must enforce an "It's better to be safe than sorry" policy to secure their customer base.

Maybe one day they will accept Bitcoins as payment for their products. Grin

I'm going to send a copy of the Bitcoin.exe installers to as many security, anti-adware, anti-malware and anti-virus companies as I can find, for clarification.

This will make sure that Bitcoin is put on their 'allowed' list more quickly and will reduce the number of confused new users.
newbie
Activity: 24
Merit: 4
February 15, 2010, 10:52:43 AM
#1
Using hitman pro, the anti-virus tool detected a new heur_pe threat in Bitcoin. Is it possible that Bitcoin contains code of worms/trojans? Or is this a false positve.

Code:
bitcoin.exe
C:\Program Files (x86)\Bitcoin\

probably unknown NewHEUR_PE virus
Jump to: