Bitcoin Forum

Bitcoin => Bitcoin Technical Support => Topic started by: LioNOne69 on March 23, 2024, 04:15:41 PM



Title: bitcoin-25.0-win64-setup.exe
Post by: LioNOne69 on March 23, 2024, 04:15:41 PM
Hi everyone, today I downloaded the boot file and decided to check for virus content and this is what I found with total-virus!-Zillya- [Trojan.GenCBL.Win32.15050] 8)
does anyone have the same experience, why is there a call for this question!!!?


Title: Re: bitcoin-25.0-win64-setup.exe
Post by: Cricktor on March 23, 2024, 04:45:35 PM
Exactly where did you get your exe from? This detail might be interesting.

False positives and false negatives are always possible.

To verify a Bitcoin Core download file the process is different and described in detail on the only site you should download it from:
https://bitcoincore.org (https://bitcoincore.org) and more specifically https://bitcoincore.org/en/download/ (https://bitcoincore.org/en/download/)

Current version of the v25 branch is btw https://bitcoincore.org/en/2023/10/19/release-25.1/

Most recent version is v26.0 and the release can be found here: https://bitcoincore.org/en/2023/12/06/release-26.0/


Title: Re: bitcoin-25.0-win64-setup.exe
Post by: BitMaxz on March 23, 2024, 08:25:19 PM
What Antivirus do you use? If it's a Windows Defender it might be a false-positive Windows Defender is not a good antivirus.
And if you downloaded this from Bitcoin.org that should be a falls positive.

It appears that you used a virus total to scan the file and the result after the scan is 1/70 it's only Zillya antivirus.

After I reanalyzed using the Virustotal and uploaded a new one with the same version the result was 0 out of 70 indicating that it is a false positive unless your PC is infected, you may be attempted to upload it to Virustotal and then the Bitcoin installer you uploaded is already infected due to your infected PC?

Here's my scan result in Virustotal

- https://www.virustotal.com/gui/file/69fa4b86e335238e7631bcb062dd17eb100708cc5a7388edce921a0ec6737bca/detection


Title: Re: bitcoin-25.0-win64-setup.exe
Post by: ABCbits on March 24, 2024, 08:58:04 AM
If you download Bitcoin Core from official website, then you encounter issue where anti-virus raise false positive. Someone even made a website about this problem on https://github.com/bitcoin/bitcoin/issues/17779 (https://github.com/bitcoin/bitcoin/issues/17779). Wasabi Wallet also used to run campaign about this problem, https://bitcoinmagazine.com/culture/wasabi-wallet-launches-bitcoinissafe-campaign-to-counter-erroneous-antivirus-detections (https://bitcoinmagazine.com/culture/wasabi-wallet-launches-bitcoinissafe-campaign-to-counter-erroneous-antivirus-detections).


Title: Re: bitcoin-25.0-win64-setup.exe
Post by: RickDeckard on March 26, 2024, 06:24:42 PM
If you download Bitcoin Core from official website, then you encounter issue where anti-virus raise false positive. Someone even made a website about this problem on https://github.com/bitcoin/bitcoin/issues/17779 (https://github.com/bitcoin/bitcoin/issues/17779). Wasabi Wallet also used to run campaign about this problem, https://bitcoinmagazine.com/culture/wasabi-wallet-launches-bitcoinissafe-campaign-to-counter-erroneous-antivirus-detections (https://bitcoinmagazine.com/culture/wasabi-wallet-launches-bitcoinissafe-campaign-to-counter-erroneous-antivirus-detections).
OP can also check the PGP signature to make sure that he didn't get any tampered version of the program. OP can use the guide on bitcoincore.org[1] - scroll down to 'Verify your Download' - so that he knows he got the official version.

[1]https://bitcoincore.org/en/download/ (https://bitcoincore.org/en/download/)


Title: Re: bitcoin-25.0-win64-setup.exe
Post by: nc50lc on March 27, 2024, 08:52:09 AM
-snip- why is there a call for this question!!!?
I don't know why, you're the one who've originally asked...

Virustotal works like this: It scans the file using separate Antivirus heuristics and shows each AV's result.
Showing 1 positive doesn't always mean that the file is malicious, it's just with that specific AV.
Among the results, "Undetected" means that the file is safe according to the AVs that reported it.

Given that, it's a single unpopular Antivirus' analysis.
Out of the 70~ish antivirus software listed there (with 10 amongst the popular showing "Undetected"), only "Zillya" reported a positive result.
IMO, that's enough to be considered false-positive.

But if you want to be totally sure that there's no Trojan in your software: "don't trust, verify"
Build Bitcoin Core yourself after auditing the code to check if there's something malicious there.
Link to Bitcoin Core's repo: github.com/bitcoin/bitcoin (http://github.com/bitcoin/bitcoin)

After I reanalyzed using the Virustotal and uploaded a new one with the same version the result was 0 out of 70 indicating that it is a false positive unless your PC is infected, you may be attempted to upload it to Virustotal and then the Bitcoin installer you uploaded is already infected due to your infected PC?
I saw that "0/70 result" but you didn't noticed that Zillya was skipped (not "Undetected") in that for some reason,
The current "reanalyzed" result shows the "1/71" OP originally saw.