Most likely - Possible malware in latest Bitcoin Core 64 bits bitcoin-qt.exe

[IH-Antonio]

Just downloaded the latest Bitcoin Core from bitcoin.org, scanned it at https://www.virustotal.com

And bingo  

SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338
SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2  bitcoin-0.13.1-win64.zip

Edit: The SHA256 match the signatures specified in the Bitcoin.org website

Link to the scanner results:

https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/

AegisLab   Uds.Dangerousobject.Multi!c   20161127
Kaspersky   Trojan.MSIL.CoinStealer.km   20161127
Rising   Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud)   20161127

Edit2: Seems like the Rising antivirus doesnt mark it anymore as a malware. Edit 2.1: Added again as malware

Edit3: I see that the 32 bits binary is totally clean in virustotal. This only happen with the 64 bits binary of bitcoin-qt.exe

Edit4: Confirmed. Kaspersky deletes the file on sight, and more antivirus marked the file as infected. Doesnt seems to be a false positive.

[1714721324]

1714721324

[1714721324]

1714721324

[1714721324]

1714721324

[1714721324]

1714721324

[1714721324]

1714721324

[dsattler]

This is serious. Chances are that this is a false positive (I hope so).
Please report back to bitcoin.org!

[monsanto]

Just downloaded the latest Bitcoin Core from bitcoin.org, scanned it at https://www.virustotal.com

And bingo  

SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338
SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2  bitcoin-0.13.1-win64.zip

Link to the scanner results:

https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/

AegisLab   Uds.Dangerousobject.Multi!c   20161127
Kaspersky   Trojan.MSIL.CoinStealer.km   20161127
Rising   Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud)   20161127

https://securelist.com/blog/virus-watch/58553/analysis-of-malware-from-the-mtgox-leak-archive/

The malware creates and executes the TibanneSocket.exe binary and searches for the files bitcoin.confand wallet.dat v the latter is a critical data file for a Bitcoin crypto-currency user: if it is kept unencrypted and is stolen, cybercriminals will gain access to all Bitcoins the user has in his possession for that specific account.

[~Bitcoin~]

I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety

Furthermore, we recommend verifying your download using signatures from multiple developers using the gitian signatures repository.

And also report this to bitcoin.org team.

[shorena]

I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety

verifying your download using signatures from multiple developers using the gitian signatures repository

And also report this to bitcoin.org team.

Why? I only see 3 options here.

#1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess?
#2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.
#3 bitcoin devs did not slip malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone.

[IH-Antonio]

I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety

verifying your download using signatures from multiple developers using the gitian signatures repository

And also report this to bitcoin.org team.

Why? I only see 3 options here.

#1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess?
#2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.
#3 bitcoin devs did not slio malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone.

The SHA256 signatures match the signatures specified by bitcoin.org. I will contact ASAP Bitcoin.org and some antivirus vendors...

[BiTZeD]

For me, its sounds like a false positive, but if you downloaded it from shady sources, be careful.

[LFC_Bitcoin]

This is terrible, I don't supppse you'll ever know the full truth here though. I'm hesitant to upgrade my Core Client to 0.13.1 now.

[Kprawn]

Sites like https://www.virustotal.com makes use of Heuristics and code that might look or behave like a virus, will be flagged. Do you really

think code that are not proprietary, would hide viruses or Malware? It is under constant scrutiny from competitors to find "weakpoints" to

discredit it, so why would people insert Malware on purpose?    Make sure you are downloading it from "trusted" sites.

[ashiqdey]

Malware creator always keeps eye on prey that where they could ignite their malware on system. And bitcoin software is one such source through which they could spead their bad codes. We should be really carefull even with bitcoin softwares also.

[achow101]

There is no problem here. If the hashes match and you properly verify the download by following: https://bitcointalk.org/index.php?topic=1588906.0 then there will be absolutely no problems.

The AV warnings are all false positives. They usually flag Bitcoin Core as a coin stealer (because it looks for a wallet.dat since it creates the file) or a bitcoin miner (because it contains a miner in the software if you want to mine on regtest or testnet).

[pereira4]

If the hashes match with bitcoin.org then there's nothing to worry about, just false positives. It happens all the time. I remember back in the day when I used to mine altcoins with my humble graphics card, the mining software started to show up as malware because the developers of antivirus and anti malware tools decided so... I don't understand why they would label bitcoin malware, unless someone with an agenda is paying them to do so?

It could always be that bitcoin.org got compromised and the hashes got changed but that would quickly be spotted and core developers would post about it here or tweet or whatever.

[Yakamoto]

I'm essentially parroting what everyone else has said in the thread so far; if there are matching hash keys and you got it from a respectable source, or your usual one, then it should be fine.

I'd be incredibly surprised if the core team slipped malware in, but you never know for sure.

[rapazev]

I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety

verifying your download using signatures from multiple developers using the gitian signatures repository

And also report this to bitcoin.org team.

Why? I only see 3 options here.

#1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess?
#2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.
#3 bitcoin devs did not slip malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone.

Maybe:
#4 bitcoin devs didnt slip the malware, but a security breach allowed a hack to do it. Contact them to solve the problem.

[NorrisK]

It is most likely a false positive.

Any serious malware dev will write something that is not going to be detected by a website like virustotal if they want to make a big splash. Best to notify the devs that this happens so they can fix it. There is probably a small part of code that triggers this.

Until an official response, I wouldn't touch it though.

[socks435]

Where did you download your bitcoin core.. honestly i tried to scan and here the 2 result from their exeinstall and zip file
Exe result https://www.virustotal.com/en/url/8fea1cc9947c2a98ca0877240732c7dbcb3d1f01d6ee35d313b7b0ad6089ea5b/analysis/1480269102/
Zip file result: https://www.virustotal.com/en/url/ac4e447006b7fc4085d760427d40fcf66b5b4090ed2c51144ab9bbafab27ccdb/analysis/

This one is exe and i download it from bitcoin.org but upon scanning it in virus total there is one detected
here https://www.virustotal.com/en/file/a7d1d25bbc46b4f0fe333f7d3742c22defdba8db9ffd6056770e104085d24709/analysis/

I think it is just false scan from some anti virus just like other said.. i tried to scan it in my kaspersky but there is no virus detected..

[calkob]

This happens all the time, although be safe and not sorry, i had an antivirus constantly find malware in the appdata folder of bitcoin block chain.  usually a false positive.

[NeuroticFish]

I have 0.13.1 installed from Friday. You scared me! But I scanned now bitcoin-qt.exe (since I didn't keep the installer) with virustotal and I've found it clean (wtf?!).
I will try to boot that computer from a stick tomorrow and scan it, but I doubt that I'll find anything.
Maybe you should do the same. Better safe than sorry, always.

[0xfff]

May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw 

[calkob]

May I ask why you are running a full bitcoin node on your home computer? Doesn't it take forever to sync or are you running your computer 24/7? Thanks for supporting the network btw  

I also run a full node at home    It's fine for me cause i run my computer 24/7 anyway and i dont have any limits from my broadband provider,  everyone who can, should run a full node.