Avast detects a virus in blocks folder when downloading the blockchain

[kaicrypzen]

Hi,

Having read what is written on other similar threads, I assume that the issue I am facing is a false positive. I am posting it in case there is a chance it can be something else ...

So, when dowloading the blockchain for Bitcoin core 0.13.1, on Windows 10 64 bits, Avast alerts me that a virus has been found and that it will be deleting it. Here is what it logs/deletes:

Code:

C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Frodo (4k, 200 years) (0)
C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Leprosy (0)
C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Syslock (0)
C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Murphy (0)
C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] AntiCad-4096 (0)
C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] BV:Akuma-A (0)

I'll be configuring Avast to ignore the blocks directory in order to move on. If anyone have an(other) advice, please don't be shy .

Thank you.

[1715125342]

1715125342

[1715125342]

1715125342

[1715125342]

1715125342

[shorena]

Hi,

Having read what is written here and on other similar threads, I assume that the issue I am facing is also a false positive. I am posting it in case there is a chance it can be something else ...

So, when dowloading the blockchain for Bitcoin core 0.13.1, on Windows 10 64 bits, Avast alerts me that a virus has been found and that it will be deleting it. Here is what it logs/deletes:

Code:

C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Frodo (4k, 200 years) (0)
C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Leprosy (0)
C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Syslock (0)
C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] Murphy (0)
C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] AntiCad-4096 (0)
C:\Users\<me>\AppData\Roaming\Bitcoin\blocks\blk00129.dat [L] BV:Akuma-A (0)

I'll be configuring Avast to ignore the blocks directory in order to move on. If anyone have an(other) advice, please don't be shy .

Thank you.

Write them a mail, at the very least they should ask and not just delete the files.

[kaicrypzen]

Write them a mail, at the very least they should ask and not just delete the files.

I just checked, Avast is configured to repair, if it fails, it tries to move the infected file to quarantine, if it fails, it deletes it. I don't remember if this is the default setting or if it was mine . Anyway, I changed it to ask , I think it's better than to exclude files/dirs, you never know. Thx.

[Babayega31]

Write them a mail, at the very least they should ask and not just delete the files.

I just checked, Avast is configured to repair, if it fails, it tries to move the infected file to quarantine, if it fails, it deletes it. I don't remember if this is the default setting or if it was mine . Anyway, I changed it to ask , I think it's better than to exclude files/dirs, you never know. Thx.

You better change to another antivirus like eset nod32 its more accurate than avast, because avast sometimes very strict and could not identify actual virus database even if you updated it from the virus database. I can really prove it exactly because i had an experience with avast for 3 years of pc servicing, i fail from it due to viruses was stack at drive without even detected by avast and detected some false viruses which is a part of the installed games which cannot harm my computer. I think that the problem stated in the detected virus while downloading the blockchain was false detected by avast.

[kaicrypzen]

You better change to another antivirus like eset nod32 its more accurate than avast, because avast sometimes very strict and could not identify actual virus database even if you updated it from the virus database. I can really prove it exactly because i had an experience with avast for 3 years of pc servicing, i fail from it due to viruses was stack at drive without even detected by avast and detected some false viruses which is a part of the installed games which cannot harm my computer. I think that the problem stated in the detected virus while downloading the blockchain was false detected by avast.

Thx for the suggestion. Didn't know about this software, always used Avast, it's free, doesn't use a lot af resources and does the job (I think). I'll look into nod32.

[Decoded]

You better change to another antivirus like eset nod32 its more accurate than avast, because avast sometimes very strict and could not identify actual virus database even if you updated it from the virus database. I can really prove it exactly because i had an experience with avast for 3 years of pc servicing, i fail from it due to viruses was stack at drive without even detected by avast and detected some false viruses which is a part of the installed games which cannot harm my computer. I think that the problem stated in the detected virus while downloading the blockchain was false detected by avast.

Thx for the suggestion. Didn't know about this software, always used Avast, it's free, doesn't use a lot af resources and does the job (I think). I'll look into nod32.

I'll recommend Avira. I used to use AVG free for a while, but my computer got a virus (SearchProtect, IIRC), which was even obious to me, but didn't seem to want to be detected by AVG. I then uninstalled it and sent through a phase looking for a good AV. I went from AVG, avast, Norton malwarebytes and bitdefender, and finally Avira, which was the only one that detected it.

[kaicrypzen]

I'll recommend Avira. I used to use AVG free for a while, but my computer got a virus (SearchProtect, IIRC), which was even obious to me, but didn't seem to want to be detected by AVG. I then uninstalled it and sent through a phase looking for a good AV. I went from AVG, avast, Norton malwarebytes and bitdefender, and finally Avira, which was the only one that detected it.

Thx for the suggestion. I remember trying Avira for a limited period of time a while ago, I remember it needing more resources than Avast, but maybe it's not the case anymore. I also had Norton and AVG and these also needed more resources. If you say Avira can detect viruses that Avast won't, maybe it's worth the additional resources. Have you switched to Avira recently or was it a while ago?

[vapourminer]

running avast free here. no probs, i just exclude the blockchain, wallet and miner folders.

should probably add those folders to your AV exclusion list no matter what AV you use.

[DarkStar_]

IIRC some blocks in the bitcoin blockchain will show up as viruses because people decided to include the code of known viruses into the signature of some transactions, which is why it's detected by Avast. They can't get triggered though, so it's safe to ignore them.

[kaicrypzen]

IIRC some blocks in the bitcoin blockchain will show up as viruses because people decided to include the code of known viruses into the signature of some transactions

Just for fun ? (Or could it have any consequences?)

should probably add those folders to your AV exclusion list no matter what AV you use.

which is why it's detected by Avast. They can't get triggered though, so it's safe to ignore them.

Yep, I'll be ignoring them from now on.

Thx for the replies.

[sxafir]

Two years ago download all blockhain with no virus.Eset not 32 or Norton.

[UGMZ]

To be honest most AV these days is typical spyware.  You name one AV that dose not have popups, Scan your traffic, Send epic amounts of "private" data back to the company.. let alone countless false positives they throw up.

In todays world of the Internet criminals know how to bypass any AV. yes they do stop the skids with there silly rat's but the serious cybercrims out there know how to FUD (fully un detectable) there virus's.

Your better off without AV and stay away from sketchy websites (Porn, Warze, p2p, Streams) keep your system up to date with latest security patches and use a good firewall! even buy a hardware firewall!

[Decoded]

To be honest most AV these days is typical spyware.  You name one AV that dose not have popups, Scan your traffic, Send epic amounts of "private" data back to the company.. let alone countless false positives they throw up.

In todays world of the Internet criminals know how to bypass any AV. yes they do stop the skids with there silly rat's but the serious cybercrims out there know how to FUD (fully un detectable) there virus's.

Your better off without AV and stay away from sketchy websites (Porn, Warze, p2p, Streams) keep your system up to date with latest security patches and use a good firewall! even buy a hardware firewall!

It depends on your view of them, I guess. I go for trustable companies only.

1. Popups are good for alerting your for threats. Sometimes "free" versions advertise the paid versions through popups. That's why I use a program that's 100% free, or use the paid version.

2. They scan your traffic for any incoming or outgoing packets that could be malicious or sending your private information to a malicious host.

3. The data you're sending to them is usually samples of files the antivirus isn't sure about, or that the antivirus sees as a virus.

4. Your AV can't be perfect. New viruses are being developed all the time, and some newer AVs are using server-side AI.

[philipma1957]

Your download of the blockchain should be on a dedicated pc.

So you don't need a virus program.

[UGMZ]

[/quote]

It depends on your view of them, I guess. I go for trustable companies only.

1. Popups are good for alerting your for threats. Sometimes "free" versions advertise the paid versions through popups. That's why I use a program that's 100% free, or use the paid version.

2. They scan your traffic for any incoming or outgoing packets that could be malicious or sending your private information to a malicious host.

3. The data you're sending to them is usually samples of files the antivirus isn't sure about, or that the antivirus sees as a virus.

4. Your AV can't be perfect. New viruses are being developed all the time, and some newer AVs are using server-side AI.


[/quote]

In todays world how do you define a "trusted" company..  To be very honest I have tested the top 10 AV companies via wireshark and DPI you would be surprised that all the traffic you send and receive is being analyzed and in todays "surveillance" world thats a very bad thing.

Yes I agree that scanning packets for "malicious" material is a good thing, But do you really know what the AV's are doing with this information they gather? Do you know for sure they don't pat old uncle sam on the back and hand it all over... My guess is they do.. AV is on almost every system in some form or another what better way to "collect it all" piggybacking off the AV's networks.

I direct you to this post

http://uk.pcmag.com/opinion/10154/symantec-says-antivirus-is-dead-world-rolls-eyes


Thanks

UMHZ

[kaicrypzen]

Your better off without AV and stay away from sketchy websites (Porn, Warze, p2p, Streams) keep your system up to date with latest security patches and use a good firewall! even buy a hardware firewall!

I actually never considered having a Windows PC without an Antivirus, I would feel my PC is less secure, I'm not yet ready for that ... Any advice on an AV that is more privacy-friendly? On a hardware firewall? Thx.

Your download of the blockchain should be on a dedicated pc.

So you don't need a virus program.

Thx for the suggestion, thinking that my PC was quite secure, I didn't really consider that option ... Yet you have a point, a day-to-day PC might not be suited for storing bitcoins no matter how secure (I think) it is ...

[UGMZ]

I wouldn't trust many AV's to be honest.  Yes I agree scanning files is a must if you are a downloaded but having it constantly sniffing your webtrafic I would say is spying.  as you never know where your data will end up.

Privicy friendly av is a tough one. as many of them hide there activitys in there EPIC terms and conditions. I would recomend using a good online scanner for checking downloads and files before using them something like virus total would do.

Just to prove what I mean here is the terms of avast!

https://www.avast.com/privacy-policy

See this passage

V. Storage, Retention, and Deletion of Personal Information
Storage of information.

Information that we collect is stored on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf. Personally identifiable information on our servers is only accessible from our physical premises, or via an encrypted virtual private network (VPN). Access is limited to authorized personnel only, and company networks are password protected, and subject to additional policies and procedures for security.

Data collected by Avast BackUp is transmitted in encrypted format using SSL technology, and stored under minimum 256-bit key encryption. Information collected by Avast CreditAlert is transmitted using SSL technology, and very private information such as financial data is stored under rotating 256-bit key encryption. Data transmitted using Avast SecureLine VPN service is also encrypted. In all cases data is transmitted to and from our servers using https protocol. In some cases this information may be transmitted to or stored within the European Union (“EU”), and in other cases the information may be transmitted to or stored at a location outside the territory of EU member states, such as the United States or other non-EU locations.


If you read ALL there terms (3659 pages) it makes clear that there partners include the federal government

All AV's are the same and have the same sort of rules..

My advice.. Remove AV and stay away from the underground of the internet!

[thejaytiesto]

I wouldn't trust many AV's to be honest.  Yes I agree scanning files is a must if you are a downloaded but having it constantly sniffing your webtrafic I would say is spying.  as you never know where your data will end up.

Privicy friendly av is a tough one. as many of them hide there activitys in there EPIC terms and conditions. I would recomend using a good online scanner for checking downloads and files before using them something like virus total would do.

Just to prove what I mean here is the terms of avast!

https://www.avast.com/privacy-policy

See this passage

V. Storage, Retention, and Deletion of Personal Information
Storage of information.

Information that we collect is stored on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf. Personally identifiable information on our servers is only accessible from our physical premises, or via an encrypted virtual private network (VPN). Access is limited to authorized personnel only, and company networks are password protected, and subject to additional policies and procedures for security.

Data collected by Avast BackUp is transmitted in encrypted format using SSL technology, and stored under minimum 256-bit key encryption. Information collected by Avast CreditAlert is transmitted using SSL technology, and very private information such as financial data is stored under rotating 256-bit key encryption. Data transmitted using Avast SecureLine VPN service is also encrypted. In all cases data is transmitted to and from our servers using https protocol. In some cases this information may be transmitted to or stored within the European Union (“EU”), and in other cases the information may be transmitted to or stored at a location outside the territory of EU member states, such as the United States or other non-EU locations.


If you read ALL there terms (3659 pages) it makes clear that there partners include the federal government

All AV's are the same and have the same sort of rules..

My advice.. Remove AV and stay away from the underground of the internet!

I don't think it's a safe practice at all to remove the av's and firewalls etc. It may end up being worse, because you may get infected by some attacker and get stolen your credit card and banking information, personal information and crypto, you could get deployed ramsomware... endless attacks. That vs inevitably being exposed to government seems better. They store too much data anyway, nobody will care about you.

In any case if you want true privacy the only way is to use a Linux OS and Tor/VPN.

[kaicrypzen]

I would recomend using a good online scanner for checking downloads and files before using them something like virus total would do.

Will surely try to do that in the future.

My advice.. Remove AV and stay away from the underground of the internet!

I can't bring myself to run Windows without an AV , do you have a Windows on which you don't have an AV? On a Linux, there's no need for that, I'll probably switch to full Linux very soon.

I don't think it's a safe practice at all to remove the av's and firewalls etc. It may end up being worse, because you may get infected by some attacker and get stolen your credit card and banking information, personal information and crypto, you could get deployed ramsomware... endless attacks. That vs inevitably being exposed to government seems better. They store too much data anyway, nobody will care about you.

These attacks can be dealt with by adopting some best practices, like not using IE , not opening suspicious emails, checking websites security certificates etc. My AV rarely alerts me, actually it started alerting me the most when I started using crypto . Generally false positives ...

They store too much data anyway, nobody will care about you.

I think I agree on this part, yet, for me, it's quite troubling to know that my data is out there for some people to use ... (even if they might never use it).

In any case if you want true privacy the only way is to use a Linux OS and Tor/VPN.

Yep, that's the way to go.

[vapourminer]

On a Linux, there's no need for that, I'll probably switch to full Linux very soon.

[no av needed or virii (<-is that a word?) for linux]

*cough*bullshit*cough*