Corelianer (OP)
|
|
July 07, 2014, 02:41:12 PM Last edit: July 08, 2014, 06:36:49 AM by Corelianer |
|
Hi I had a virus warning before because of the Blockchain statedata. Today I got the warning when I went to my control-panel to uninstall an other software. I don't know if it's a correct or false-alarm. I use the most current client 0.9.2.0
|
|
|
|
bluefirecorp
Legendary
Offline
Activity: 882
Merit: 1000
|
|
July 07, 2014, 02:43:31 PM |
|
What's the md5sum of uninstall.exe?
Edit: Upload it to virustotal.
|
|
|
|
Corelianer (OP)
|
|
July 07, 2014, 02:49:53 PM |
|
MD5: E655FEB71448A6DCF0BFF48F4380B954 SHA-256:C46D9960AF09021CC58C1F5E59564E62F2CA9C94E4A1D70947C0D26E2A1E7DDB
|
|
|
|
|
|
Corelianer (OP)
|
|
July 07, 2014, 02:58:36 PM |
|
Allright, so I will clean up my computer. But it's neasty that this is possible.
Other people should be very carefull.
|
|
|
|
techlover
|
|
July 10, 2014, 03:53:37 AM |
|
Thanks for the head up, will be careful about it. Where did you get the uninstall.exe?
|
|
|
|
Corelianer (OP)
|
|
July 10, 2014, 07:56:32 AM |
|
I downloaded the installer again on a different computer and verified the MD5 Checksum. Because the Checksums match I assume it's a false-positive.
I reported the false-positive to Symantec, but they are not very helpfull. They thought I reported a virus and not a false-positive.
|
|
|
|
is4k
Newbie
Offline
Activity: 1
Merit: 0
|
|
July 12, 2014, 06:24:07 PM |
|
I just had the same pleasure... installing a full node on windows 7 I am sure that newbies are running for their lives at this point https://i.imgur.com/zeqP0Gk.png
|
|
|
|
jc01480
|
|
July 13, 2014, 07:03:15 AM |
|
When I was installing the latest version of QT I got a Norton virus warning and it quarantined my uninstall.exe file. Must be something in there that has a dangerously close signature to a real Trojan.ADH.
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1431
|
|
July 13, 2014, 03:10:46 PM |
|
I would say it's most likely safe OR you're already infected. The windows installer is digitally signed so it's very unlikely that you got a tampered installer. Also, anything in the program files directory requires administrator rights to modify, so if a virus managed to to modify the uninstaller, you're already screwed.
|
|
|
|
zvs
Legendary
Offline
Activity: 1680
Merit: 1000
https://web.archive.org/web/*/nogleg.com
|
|
July 14, 2014, 09:59:37 AM |
|
I've always thought that bitcoin was doomed to fail because of the carelessness/ignorance/whatever you want to call it of most people. You can just use Facebook as an example of how easy it is to get your random joe to install all sorts of crap on their computers by clicking random links that promise free credits, pr0n, whatever. Thanks Javascript! Ah, and then we have wireless and public networks and what not. I'm sure most people will keep their bitcoin wallets on their main computer, easily accessible (and many w/o even a backup). If they use some online wallet service, then someone could just grab their password over unprotected network, keylogger, etc. (as well as targeting this online wallet service itself, if it's not set up properly) Most of the people in the industrialized world have internet access now, sure as hell isn't the 80's anymore... speaking of which, I was sad when Operation Sundevil owned killer
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1431
|
|
July 19, 2014, 10:17:38 PM |
|
I also seem to be having a similar problem. I got reformatted my drive and, while downloading the bootstrap.dat, I got this... but like I said, it was just recently formatted, so I doubt something infected me that quick. Just a false positive.... right? Right........ Oh and I'm a big nub, so how do I check my md5sum? http://imgur.com/RHhBLuF http://implbits.com/hashtab.aspx
|
|
|
|
Xch4ng3
|
|
July 20, 2014, 11:39:40 AM |
|
Reinstall the client from Github and see if you get the same message. I know most AVs pick up on miners and they're false positives but I see no reason why unistall.exe would get flagged.
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1431
|
|
July 21, 2014, 03:44:49 AM |
|
No, it's because each uninstaller is custom generated at install time with install info to aid in uninstallation. That's why the hashes don't match. Mine uninstall.exe from a clean machine with verified digital signatures is: E2B89C3164C1A38F82BD613623010FFDE6E48FE7
|
|
|
|
williamj2543
|
|
July 21, 2014, 03:50:33 AM |
|
Get your coins off that computer right now. I recommend never storing any bitcoins on that computer again until you have confirmed and removed any risks.
|
██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
|
|
|
Corelianer (OP)
|
|
August 12, 2014, 12:00:59 PM |
|
Finally I got a response from Symantec. In relation to submission [3559553]. Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products. The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.htmlDecisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape. If you are a software vendor, why not take part in our whitelisting program? To participate in this program, please complete the following form: https://submit.symantec.com/whitelist
|
|
|
|
wzb422
Newbie
Offline
Activity: 57
Merit: 0
|
|
August 13, 2014, 02:24:25 AM |
|
so horrible!!
|
|
|
|
|