Author

Topic: Windows Defender detects DOS/Stoned in chainstate files (Read 2014 times)

hero member
Activity: 546
Merit: 500
I got this virus message today, blockchain was up to date, so it is not the same old message. Anyone else got it? Is it safe to make exception in antivirus?

full member
Activity: 360
Merit: 100
same shit here:   I get this -



Apparently the fix is you have to exclude the C:/Users/yourusername/AppData/Roaming/Bitcoin directory from Windows Defender

I blew away the entire directory just to be safe and am working off a backup wallet -- only 153 weeks behind now :-(

toolie fucking kids gotta fuck around...

sr. member
Activity: 388
Merit: 250
I doubt it would as the data there should not get executet. Also the data just matches the signature of a virus thats not the same as the actual virus.

I understand the second part, thanks for the clarification.

Maybe it's the paranoid part of me, but I can't help but feel that the type of action that we have to take to "fix" this is exactly the type of action that could be exploited down the line, especially because the folder that everyone has to ignore is in the same place. Even if the data cannot get executed, it still causes a security weakness.

It's like the boy who cried wolf.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
So this is a false positive detection and the only work around is to exclude the \chainstate folder from virus scan?

Doesn't this seem like it creates a vulnerability?


I doubt it would as the data there should not get executet. Also the data just matches the signature of a virus thats not the same as the actual virus.
legendary
Activity: 1470
Merit: 1000
Want privacy? Use Monero!
so we are safe?
sr. member
Activity: 388
Merit: 250
So this is a false positive detection and the only work around is to exclude the \chainstate folder from virus scan?

Doesn't this seem like it creates a vulnerability?
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
I think somebody introduced a virus code in the blockchain ..

But I'm not sure if it is possible ?

Its possible and it has been done. In fact it allready has been done a long time ago in the testnet.
See here https://bitcointalksearch.org/topic/security-dos-vulnerability-554738
where on of the devs talks about it. This also links to a swedish board where this is discussed.

Also here:
https://bitcointalksearch.org/topic/uploading-virus-signature-to-the-blockchain-470326

Also getting a positive for Virus:DOS/Stoned, but in Bitcoin\chainstate\285512.sst, from Microsoft Security Essentials.

Running Windows 7.

I believe I've also seen threads about this before, trying to dig up the relevant information...


There have been similar posts here:

https://bitcointalksearch.org/topic/solved-downloaded-viruses-by-bitcoin-core-090-558919
https://bitcointalksearch.org/topic/bitcoin-virus-559365
https://bitcointalksearch.org/topic/bitcoin-core-virus-alert-from-windows-security-essentials-560070
even from 2011:
https://bitcointalksearch.org/topic/avg-thinks-bitcoin-is-a-virus-43803
https://bitcointalksearch.org/topic/avg-is-flagging-bitcoinexe-as-generic-trojan-43752
https://bitcointalksearch.org/topic/avg-antivirus-finds-a-new-generic24bzcm-signature-43741
https://bitcointalksearch.org/topic/avg-claims-bitcoin-is-malware-23465

Maybe this should be in some sort of sticky or this will pop up again and again.
well... it probably will anyway.
member
Activity: 89
Merit: 10
I think somebody introduced a virus code in the blockchain ..

But I'm not sure if it is possible ?
sr. member
Activity: 388
Merit: 250
Different operating system, different virus, different anti-virus.

Not the same issue. Similar issue.

Not trying to pick nits, but there's a level of specificity that you just don't take for granted with computers. Since I'm not an expert, I'm asking the experts here.

Why do you think I didn't read those threads? I did two searches, for the virus name and for the error code. I gleaned what I could from them and I'm asking again to be sure.
legendary
Activity: 2058
Merit: 1452
I saw a couple threads about a similar issue. Is there anything specific I should do?

Running Windows 8. I keep getting alerts from Windows defender. The virus definitions were last updated this afternoon.
protip: if you saw similar threads about the same issue, consider reading those threads for a solution.
legendary
Activity: 1470
Merit: 1000
Want privacy? Use Monero!
I saw a couple threads about a similar issue. Is there anything specific I should do?

Running Windows 8. I keep getting alerts from Windows defender. The virus definitions were last updated this afternoon.

I got the same...

Should I just ignore it?
It closed my bitcoin core program.

Not willing to riskt it to restart until I got confirmation

chainstate\142266.sst is the "infected" file
sr. member
Activity: 388
Merit: 250
I saw a couple threads about a similar issue. Is there anything specific I should do?

Running Windows 8. I keep getting alerts from Windows defender. The virus definitions were last updated this afternoon.
Jump to: