Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Possible malware in latest Bitcoin Core (64 bits bitcoin-qt.exe)?
by
pooya87
on 29/11/2016, 06:06:21 UTC
Quote from: IH-Antonio on November 28, 2016, 02:02:25 PM
Quote from: pooya87 on November 28, 2016, 04:20:26 AM
Quote from: socks435 on November 27, 2016, 05:58:04 PM
Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/

This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/

I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..

FYI:
This is a common mistake people make when using virustotal.
the two first links you posted are not scanning any files (.zip, ...) they are instead scanning the URL you can see it from the link itself which is marked by ../url/... and reporting if the website has any malware on if when you visit.

the last link however is scanning the file because you have uploaded it. the link has ../file/... in it.
i could not find a way to not download then upload so far so if anyone has any solution i would be glad to know it. but with virustotal if you want to scan a file you have to upload it just putting the link and scanning will not scan the file.

You can click, in the upper part: File scan:   Go to downloaded file analysis

VirusTotal does not check the file itself when you give only the download link.
what you see is the file which socks435 uploaded from his computer to virustotal and since the files are the same virustotal links that analysis in the /url/... link too.

here is an example:
results for scanning: https://download.electrum.org/2.7.12/electrum-2.7.12-setup.exe
https://www.virustotal.com/en/url/64b402b0bcdc6e59521f143305987a83afacc3986548efec1cd47c797cfeccd0/analysis/1480399277/

and since virustotal could not find any file uploaded before it did not include any link to "file analysis"


however if you check the other link to https://download.electrum.org/2.7.12/electrum-2.7.12.exe you can see there is a link to "file analysis" since someone had uploaded the .exe before manually from his computer.
https://www.virustotal.com/en/url/f64b0cba4ed0afc2b5ed9fedfc8189a3ebf4e6893fd7825057cfb5a928900d4c/analysis/