Bitcoin Forum

I downloaded bitcoin-0.8.5-win32 from bitcoin.org.

Of course I scanned the installer for viruses - looks clean.

But then the first thing that happens when I launched bitcoin-qt.exe it is that my anti-virus (online-armour) warned me that bitcoin-qt.exe wants to install a screen logger!

So of course I google
intext:("bitcoin-qt.exe" "screen logger")

I expected there to be some explanation of this suspicious behavior, but I couldn't find any discussion of this.

Why, on earth, is an official bitcoin installer behaving like a virus and why doesn't anyone seem to notice?

If there were a legitimate reason for such behavior, I would expect some mention of this in readme.txt.

I really can't see why anyone would trust an installer that secretly tries to do something like this.

Hm.. are you sure that you didn't get hijacked somehow and downloaded a malicious client? Don't ask me how, but the bitcoin-qt doesn't have any harmful code in it.. and I've installed it on multiple computers with different anti-virus software (Kaspersky, Norton, Avast) and never gotten a message like this.

I would delete the file you downloaded and re-download the qt client from sourceforge: http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.5/

It could also be a false positive.

Has it ever occurred to you that AV software can produce bogus messages, too?
If you search for "online-armor screen logger" you'll find a bunch of reports about false positives.
The problem is that this heuristic detects behavior that is exhibited by some virus and spying software, but which can also be present in innocent software.

Onkel Paul

Most likely this is a false positiv

Some AV-Software handle everything that has the signature of a bitcoin miner with care/gives you a warning because of all the malicious software out there that uses the victims computer to mine coins.

Here you can see another false positiv of the file ou downloaded: https://www.virustotal.com/en/file/6f6b8fd68f56a8e700090267c53aa592b9c9e5c993f44c7be11ba9b87e1f92bb/analysis/

AV-Warnings are mostly hints for (unexperienced) users - If you know the programm and trust it (bitcoin-qt can be trusted) you can ignore the AV-Message

I haven't taken a look at the latest client, but you could run it in sandboxie if you are worried.

Try redownloading the client and comparing the md5 signature.

If you have downloaded the client from bitcoin.org then it's clean and it's a false alarm from your av. No need to worry.
Also if somehow you have downloaded a malicious file masked as bitcoin-qt i don't think that your desktop would have been the target  :P :P

You can ensure you have an unaltered Bitcoin by checking it's signature. However this is more burdensome than checking it's file hash, which is below, from my copy of the installer retrieved on Sep 13 2013

>md5sum bitcoin-0.8.5-win32-setup.exe
6cff750efbae30d14f97f663d18aacf8 *bitcoin-0.8.5-win32-setup.exe

>sha256sum bitcoin-0.8.5-win32-setup.exe
6f6b8fd68f56a8e700090267c53aa592b9c9e5c993f44c7be11ba9b87e1f92bb *bitcoin-0.8.5-win32-setup.exe

>fciv -both -add bitcoin-0.8.5-win32-setup.exe
//
// File Checksum Integrity Verifier version 2.05.
//
                MD5                             SHA-1
-------------------------------------------------------------------------
6cff750efbae30d14f97f663d18aacf8 c6ecb5c1447c57fc0be4c69c4f300fb9fb41adf0 bitcoin-0.8.5-win32-setup.exe

The last tool is from Microsoft: http://www.microsoft.com/en-us/download/confirmation.aspx?id=11533
md5sum or sha256sum for windows, I'll let you use Google to find your own copy.