Topic: Trojan in Electrum wallet? (Read 154 times)
Also in addition to what keychainX said, if you got an app that is making lots of connections to random servers, as Electrum does for its network of SPV nodes, then any antivirus is going to think that is malicious activity, because that's what malware does too. Although I have no idea what kind of virus "Win32.Patched" is refering to in this context, and it doesn't help that different vendors give viruses completely illogical and meaningless names for them.
I downloaded a portable version of Electrum wallet from the official website. Checked it with VirusTotal service and one engine showed me that there is a trojan in the wallet. What do you think, is it true that the file from the official site may contain a trojan or is it a false positive of the Ikarus engine?
P.S. The Windows Installer version is clean, but the Standalone Executable version also has the same trojan.
¨P.S. The Windows Installer version is clean, but the Standalone Executable version also has the same trojan.
Windows flags several Bitcoin wallets as trojans.
make sure to verify the signature with the wallet file that you downloaded. If the file is signed by the developer, do not pay attention to these warnings because they are false positive, else there is a virus that will redirect you outside electrum.org.
If you have downloaded Electrum for the official website (electrum.org) then you should have read this note on the bottom of the download page:
Verifying the signature does not completely rule out that possibility.
If you trust the signers (Electrum devs) and you have properly imported their public keys from trusted sources then verifying the gpg signature should be enough. 
I believe it is a false positive from Virustotal but to make sure, we must get official answer from Electrum team.
Can send a PM in bitcointalk to ThomasV or create an issue on Electrum Github or Electrum Twitter and wait for their team reply.
Can send a PM in bitcointalk to ThomasV or create an issue on Electrum Github or Electrum Twitter and wait for their team reply.
legendary
Activity: 2828
Merit: 1213
Call your grandparents and tell them you love them
If it is from their official website, then highly unlikely to be a true positive AV flag.
A remote possibility of their site having been hacked and posted a malware bound software there.
Hence that tingling spider sense of mine tells me that you should wait it out before operating that software. Mostly likely its false positive, but ..
A remote possibility of their site having been hacked and posted a malware bound software there.
Just one report, then it seems a false positive.
If you still worried about it then verifying it on your own is recommended : [GUIDE] How to Safely Download and Verify Electrum
How to verify your Electrum download
Verifying the signature does not completely rule out that possibility.If you still worried about it then verifying it on your own is recommended : [GUIDE] How to Safely Download and Verify Electrum
How to verify your Electrum download
Hence that tingling spider sense of mine tells me that you should wait it out before operating that software. Mostly likely its false positive, but ..
Definitely a false positive. I have never even heard of Ikarus Antivirus before. 
So false positives have been popping up in the past too if you explore the closed issues in Github. At one point, there were 9 AV engines that would flag electrum as a malware, but a fix was done to reduce on those false positive detections.
So false positives have been popping up in the past too if you explore the closed issues in Github. At one point, there were 9 AV engines that would flag electrum as a malware, but a fix was done to reduce on those false positive detections.
Just one report, then it seems a false positive.
If you still worried about it then verifying it on your own is recommended : [GUIDE] How to Safely Download and Verify Electrum
How to verify your Electrum download
If you still worried about it then verifying it on your own is recommended : [GUIDE] How to Safely Download and Verify Electrum
How to verify your Electrum download
I downloaded a portable version of Electrum wallet from the official website. Checked it with VirusTotal service and one engine showed me that there is a trojan in the wallet. What do you think, is it true that the file from the official site may contain a trojan or is it a false positive of the Ikarus engine?
P.S. The Windows Installer version is clean, but the Standalone Executable version also has the same trojan.
P.S. The Windows Installer version is clean, but the Standalone Executable version also has the same trojan.
Jump to: