Bitcoin Forum

Hi everyone, today I downloaded the boot file and decided to check for virus content and this is what I found with total-virus!-Zillya- [Trojan.GenCBL.Win32.15050] 8)
does anyone have the same experience, why is there a call for this question!!!?

Exactly where did you get your exe from? This detail might be interesting.

False positives and false negatives are always possible.

To verify a Bitcoin Core download file the process is different and described in detail on the only site you should download it from:
https://bitcoincore.org (https://bitcoincore.org) and more specifically https://bitcoincore.org/en/download/ (https://bitcoincore.org/en/download/)

Current version of the v25 branch is btw https://bitcoincore.org/en/2023/10/19/release-25.1/

Most recent version is v26.0 and the release can be found here: https://bitcoincore.org/en/2023/12/06/release-26.0/

What Antivirus do you use? If it's a Windows Defender it might be a false-positive Windows Defender is not a good antivirus.
And if you downloaded this from Bitcoin.org that should be a falls positive.

It appears that you used a virus total to scan the file and the result after the scan is 1/70 it's only Zillya antivirus.

After I reanalyzed using the Virustotal and uploaded a new one with the same version the result was 0 out of 70 indicating that it is a false positive unless your PC is infected, you may be attempted to upload it to Virustotal and then the Bitcoin installer you uploaded is already infected due to your infected PC?

Here's my scan result in Virustotal

- https://www.virustotal.com/gui/file/69fa4b86e335238e7631bcb062dd17eb100708cc5a7388edce921a0ec6737bca/detection

If you download Bitcoin Core from official website, then you encounter issue where anti-virus raise false positive. Someone even made a website about this problem on https://github.com/bitcoin/bitcoin/issues/17779 (https://github.com/bitcoin/bitcoin/issues/17779). Wasabi Wallet also used to run campaign about this problem, https://bitcoinmagazine.com/culture/wasabi-wallet-launches-bitcoinissafe-campaign-to-counter-erroneous-antivirus-detections (https://bitcoinmagazine.com/culture/wasabi-wallet-launches-bitcoinissafe-campaign-to-counter-erroneous-antivirus-detections).

OP can also check the PGP signature to make sure that he didn't get any tampered version of the program. OP can use the guide on bitcoincore.org[1] - scroll down to 'Verify your Download' - so that he knows he got the official version.

---

[1]https://bitcoincore.org/en/download/ (https://bitcoincore.org/en/download/)

I don't know why, you're the one who've originally asked...

Virustotal works like this: It scans the file using separate Antivirus heuristics and shows each AV's result.
Showing 1 positive doesn't always mean that the file is malicious, it's just with that specific AV.
Among the results, "Undetected" means that the file is safe according to the AVs that reported it.

Given that, it's a single unpopular Antivirus' analysis.
Out of the 70~ish antivirus software listed there (with 10 amongst the popular showing "Undetected"), only "Zillya" reported a positive result.
IMO, that's enough to be considered false-positive.

But if you want to be totally sure that there's no Trojan in your software: "don't trust, verify"
Build Bitcoin Core yourself after auditing the code to check if there's something malicious there.
Link to Bitcoin Core's repo: github.com/bitcoin/bitcoin (http://github.com/bitcoin/bitcoin)

I saw that "0/70 result" but you didn't noticed that Zillya was skipped (not "Undetected") in that for some reason,
The current "reanalyzed" result shows the "1/71" OP originally saw.