Electrum Bitcoin Wallet is Trojan?

[MitcoinBitcoin]

Just did a scan on Electrum wallet since I felt like my pc was acting odd and it ends up showing a Trojan on it. What should I do? Why would they add a Trojan to their file?


SHA256: c01ffe2205716284d88ba7981233b74830d3ecf7604ad57ca60e5930d397156e
File name: electrum-2.7.2.exe
Detection ratio: 1 / 56
Analysis date: 2016-10-08 07:53:18 UTC ( 0 minutes ago )


Antivirus Result Update
Invincea trojan.win32.multiinjector.c!rfn 20160928

[1714755141]

1714755141

[1714755141]

1714755141

[1714755141]

1714755141

[1714755141]

1714755141

[0209BitTradoo]

Thanks for the info.

[ranochigo]

I highly doubt so. The detection ratio between the antivirus is so low that I suspect it to be a false positive and there is nothing to worry about.

Just in case, did you download the exe from here: https://electrum.org/#download ? You can also verify[1] if the checksum matches: https://download.electrum.org/2.7.2/electrum-2.7.2.exe.asc. If it does then it would be fine.

Check your entire file system for virus, not only Electrum.

[1] https://www.torproject.org/docs/verifying-signatures.html.en

[MitcoinBitcoin]

I've had a couple friends do a virus check on their own Electrum wallet and it is showing as a Trojan for them as well... Not really happy by the outcome of this.... The file should 0/56 we are dealing with money here we cant be risking false positives and Electrum should do something about it now.


Another thing. The file is impossible to delete. I've tried shredding it, deleting it, deleting it through CMD. NOTHING! Its impossible. Every time i try to delete it it tells me FILE IS IN "USE" Even after restarting my PC.


It's also odd that Electrum does not show up on Programs List and its just a exe file.

[Cent21]

I downloaded it yesterday.

After your message i checked it with Virustotal and it showed 0/53, no infections.

Verify where you downloaded it from, as ranochigo suggested.

I will keep watching on this.

[OmegaStarScream]

If you downloaded the Portable version then It's normal that It only shows the .exe files , If you didn't , then you could right click the .exe and do "Open file location" .
According to Windows Defender/Microsoft , here is what the detected trojan is trying to do : https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:Win32/MultiInjector.C!rfn&ThreatID=-2147272772
I scanned the file as well , and It seems like I'm having the same results as you , however when I scan an earlier version (2.5.4) It's totally clean. So , either Electrum has been compromised (I doubt it) or ThomasV added something in the recent updates that triggered this false detection.

[zend7]

I've had a couple friends do a virus check on their own Electrum wallet and it is showing as a Trojan for them as well... Not really happy by the outcome of this.... The file should 0/56 we are dealing with money here we cant be risking false positives and Electrum should do something about it now.


Another thing. The file is impossible to delete. I've tried shredding it, deleting it, deleting it through CMD. NOTHING! Its impossible. Every time i try to delete it it tells me FILE IS IN "USE" Even after restarting my PC.


It's also odd that Electrum does not show up on Programs List and its just a exe file.

Electrum should show up in programs list. It shows very well in mine and I have downloaded it only from the official website. You do the same and I am thinking you may have download something else disguised as electrum.

Please do an immediate check with the best antivirus and internet security (for me is AVIRA).

[MitcoinBitcoin]

Download it from their official website https://electrum.org/#download The windows version.




I download the Standalone Executable or Windows Installer. Version 2.6 and 2.7 are showing as Trojans.

[virusasog]

Download it from their official website https://electrum.org/#download The windows version.




I download the Standalone Executable or Windows Installer. Version 2.6 and 2.7 are showing as Trojans.

Tell me that, This one will not pass any virus in my pc right. Confirm me is there any malware operation from the above mentioned version?

[Coding Enthusiast]

did you check the signature after you finished downloading Electrum?

[MitcoinBitcoin]

did you check the signature after you finished downloading Electrum?

No I did not.

[Cent21]

Previously i was scanning the installation file, and it showed no infection 0/53.

Now i scanned the exe file of installed version of electrum, and i got 1/56 infections... same result as you.
In scanning datails i see that detection is from "Invincea" antivirus, updated to 20160928 which is quite old.

I checked my task manager and electrum process shows correctly (windows xp os).

I Think is a false positive too.

[Coding Enthusiast]

did you check the signature after you finished downloading Electrum?

No I did not.

then get right on it and report back.

i don't know how reliable virustotal is about .exe files but here are the results (all 0/68):
https://www.virustotal.com/en/url/c096e0ca01756ce8f5cb2e93485054a94f14ad8ec34bae36f77a1e59280ba165/analysis/1475921551/
https://www.virustotal.com/en/url/209415e6ffcf095588fd702336f45d216a52ce8bc3ef7d1316c46cd675de5712/analysis/1475921700/
https://www.virustotal.com/en/url/1e8ccd93295e937efdb629ee2d8866308db7534eb0f6ed48e5f17b46a574f5aa/analysis/1475921727/

[MitcoinBitcoin]

did you check the signature after you finished downloading Electrum?

No I did not.

then get right on it and report back.

i don't know how reliable virustotal is about .exe files but here are the results (all 0/68):
https://www.virustotal.com/en/url/c096e0ca01756ce8f5cb2e93485054a94f14ad8ec34bae36f77a1e59280ba165/analysis/1475921551/
https://www.virustotal.com/en/url/209415e6ffcf095588fd702336f45d216a52ce8bc3ef7d1316c46cd675de5712/analysis/1475921700/
https://www.virustotal.com/en/url/1e8ccd93295e937efdb629ee2d8866308db7534eb0f6ed48e5f17b46a574f5aa/analysis/1475921727/

It shows 0/68 because your scanning the URL. But when you scan the file itself you have installed it shows up as a Trojan.

[Kprawn]

I presume you are using Microsoft Winduhs? Boot into safe mode and then try and delete the files. I prefer to use a multi boot for the

different things I do. I like the Linux OS's like Ubuntu or even something like Tails. You have much less hassles with viruses and Malware

and you can clean boot, after every session. 

[ranochigo]

I've had a couple friends do a virus check on their own Electrum wallet and it is showing as a Trojan for them as well... Not really happy by the outcome of this.... The file should 0/56 we are dealing with money here we cant be risking false positives and Electrum should do something about it now.


Another thing. The file is impossible to delete. I've tried shredding it, deleting it, deleting it through CMD. NOTHING! Its impossible. Every time i try to delete it it tells me FILE IS IN "USE" Even after restarting my PC.


It's also odd that Electrum does not show up on Programs List and its just a exe file.

The antivirus companies have all the rights to label the software and Electrum can't really do anything about it. If the top popular antiviruses does not have anything to say about it, there isn't much to worry about.

The portable version will not be installed to the computer if that is what you mean. Go to Task manager>Processes, find the Electrum.exe and force stop it. You should be able to delete it then.

[Coding Enthusiast]

Download it from their official website https://electrum.org/#download The windows version.
I download the Standalone Executable or Windows Installer. Version 2.6 and 2.7 are showing as Trojans.

I checked with my AntiVirus (Eset Smart Security with latest virus signature database 14246) there is no Trojan or any other kind of alert.

Check these and report back:
1) Make sure you have downloaded from the right source
https://electrum.org/#download
Standalone Executable: https://download.electrum.org/2.7.2/electrum-2.7.2.exe
sig: https://download.electrum.org/2.7.2/electrum-2.7.2.exe.asc

Windows Installer: https://download.electrum.org/2.7.2/electrum-2.7.2-setup.exe
sig: https://download.electrum.org/2.7.2/electrum-2.7.2-setup.exe.asc

ThomasV sig: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6

2) Check the signatures after you finished downloading. There is helpful link in one of the above comments.

3) Make sure you did not have a Trojan already on your PC from before (like having it from a month ago but not knowing about it)

4) If and only if you did all of the above and you still had the same problem, make a proper report and wait for a developer to see this.

[MitcoinBitcoin]

The developer should look into this regardless. The fact is virustotal is labeling it as a Trojan. I don't care if its a false positive or not. We are dealing with money here and I won't risk my money due to a mistake from the developers of Electrum. Therefore, I wont be using your application.

[DannyHamilton]

The developer should look into this regardless. The fact is virustotal is labeling it as a Trojan.

You are mistaken.

If virustotal a virus scanning program is labeling it as a Trojan as a false positive, then the developer of virustotal the virus scanning program should look into this.

There is nothing Electrum can do.  Electrum created a good piece of software that is NOT a trojan, and virustotal the virus scanning program has chosen to lie to you about it.  Electrum can't make virustotal the virus scanning program stop lying.

If I lie to you and tell you that Windows is a trojan, does that mean that Microsoft should change their software?

I won't risk my money due to a mistake from the developers of Electrum.

You mean due to a mistake from the developers of virustotal a virus scanning program, don't you?  They are the ones that are lying

Therefore, I wont be using your application.

That's fine.  Nobody is going to force you to use good software that you don't want to use, and nobody is going to force you to stop using the software that lies to you either if you still want to use it.

[MitcoinBitcoin]

There is nothing Electrum can do.  Electrum created a good piece of software that is NOT a trojan, and virustotal has chosen to lie to you about it.  Electrum can't make virustotal stop lying.

Why isn't virus total lying about every other wallet I've tested? Do they have something against Electrum? Every single other wallet has been 0/56