Bitcoin Forum
December 12, 2017, 11:59:43 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: 1 2 [All]
  Print  
Author Topic: AVG claims bitcoin is malware  (Read 5544 times)
nvmind
Newbie
*
Offline Offline

Activity: 14


View Profile
June 28, 2011, 01:02:48 AM
 #1

Why is AVG antivirus claiming bitcoin is malware and deleting from my pc?
1513123183
Hero Member
*
Offline Offline

Posts: 1513123183

View Profile Personal Message (Offline)

Ignore
1513123183
Reply with quote  #2

1513123183
Report to moderator
1513123183
Hero Member
*
Offline Offline

Posts: 1513123183

View Profile Personal Message (Offline)

Ignore
1513123183
Reply with quote  #2

1513123183
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513123183
Hero Member
*
Offline Offline

Posts: 1513123183

View Profile Personal Message (Offline)

Ignore
1513123183
Reply with quote  #2

1513123183
Report to moderator
1513123183
Hero Member
*
Offline Offline

Posts: 1513123183

View Profile Personal Message (Offline)

Ignore
1513123183
Reply with quote  #2

1513123183
Report to moderator
1513123183
Hero Member
*
Offline Offline

Posts: 1513123183

View Profile Personal Message (Offline)

Ignore
1513123183
Reply with quote  #2

1513123183
Report to moderator
JoelKatz
Legendary
*
Offline Offline

Activity: 1582


Democracy is vulnerable to a 51% attack.


View Profile WWW
June 28, 2011, 01:03:52 AM
 #2

The installer? The client? Which version? And what code is it giving you?

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
nvmind
Newbie
*
Offline Offline

Activity: 14


View Profile
June 28, 2011, 01:52:52 AM
 #3

The installer? The client? Which version? And what code is it giving you?
The client.
It seems to be an evolving problem. I first had it happen with 0.032.21 win 32 as soon as I installed it.
Since I did not pay much attetnion to where I got it from I deleted it.
I then checked that installs were from sourceforge and installed 0.3.22 and had it happen again then I tried 0.3.23rc1  which I had been using upto today. Then I suddenly had it removed by AVG again.
I have now tried 0.3.23 win 32 and as yet have had no problem but I suspect I will.

http://dktec.biz/files/bitcoinAVG.jpg
http://dktec.biz/files/bitcoinAVG2.jpg
lateminer
Newbie
*
Offline Offline

Activity: 22


View Profile
June 28, 2011, 05:24:00 AM
 #4

AVG also detects your cracks and keygens for your pirated software, whats new?
Oldminer
Legendary
*
Offline Offline

Activity: 1022



View Profile
June 28, 2011, 05:32:02 AM
 #5

Use Avira

If you like my post please feel free to give me some positive rep https://bitcointalk.org/index.php?action=trust;u=18639
Tip me BTC: 1FBmoYijXVizfYk25CpiN8Eds9J6YiRDaX
striker11111111
Newbie
*
Offline Offline

Activity: 12


View Profile
June 28, 2011, 06:19:29 AM
 #6

just AVG being aggressive. Protection and convenience are 2 ends of the same teeter totter when it comes to computer safety. You give up one to get the other, inverse correlation.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1372


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 28, 2011, 06:22:01 AM
 #7

THis probably happens because botnets are probably distributing bitcoin in order to mine on zombie computers... and as a few people find the intrusion and send the unwanted files they found on their machine to AV labs for analysis, it results in bitcoin executables being flagged as malware.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1372


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 28, 2011, 06:22:38 AM
 #8

AVG also detects your cracks and keygens for your pirated software, whats new?

That's because cracks and keygens are trojans, more often than not.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
lateminer
Newbie
*
Offline Offline

Activity: 22


View Profile
June 28, 2011, 06:56:26 AM
 #9

Had to find out the hard way?  Grin
x0Jakeyboy0x
Full Member
***
Offline Offline

Activity: 214



View Profile
June 28, 2011, 07:42:14 AM
 #10

I too noticed some funny activities.

It asked permission to connect to 193.107.204.81 upon which my googling led to...

Quote
---------------------------------------------------------
      IP Address         = 193.107.204.81
      Threat Level       = High
      Threat Category    = Malware Controller
      Threat Description = Malware scan and infect source
      Hostname           = irc.lfnet.org
      Service Provider   = BLOCK FOR PI ASSIGNMENTS
      Domain Name        = IPAPER.COM
      ASN Number         = 50763
      ASN Name           = MCKAYCOM MCKAYCOM LTD
      Network Speed      = DSL
      Country CC         = UK
      Country            = UNITED KINGDOM
      Region             = -
      City               = -
      Longitude          = -4.47300004959106
      Latitude           = 54.1500015258789
      Zipcode            = -
      TimeZone           = +00:00
      BestAnswer         = 1
 --------------- thank you for asking --------------------

Though maybe it doesn't like the idea of IRC. Hmm.

1Jakey5Lum1P3XEh8b5UZvziNVn5eXc9dX
Gabi
Legendary
*
Offline Offline

Activity: 1092


If you want to walk on water, get out of the boat


View Profile
June 28, 2011, 07:47:28 AM
 #11

Bitcoin client connect to irc to connect to other nodes if i am right
BCwinning
Hero Member
*****
Offline Offline

Activity: 686


View Profile
June 28, 2011, 07:48:41 AM
 #12

I ran avg on a win7 box and it didn't flag bitcoin.
Where did you download your source from?

https://www.rixty.com?ref=1337507 sign up for rixty
privacy, it does the body good.
Official Bitcoin Foundation Secretariat
The New World Order thanks you for your support of Bitcoin and encourages your continuing support so that they may track your expenditures easier.
nvmind
Newbie
*
Offline Offline

Activity: 14


View Profile
June 28, 2011, 08:02:48 AM
 #13

I ran avg on a win7 box and it didn't flag bitcoin.
Where did you download your source from?
http://transact.dl.sourceforge.net/project/bitcoin/Bitcoin/bitcoin-0.3.23/test/bitcoin-0.3.23rc1-win32-setup.exe
BCwinning
Hero Member
*****
Offline Offline

Activity: 686


View Profile
June 28, 2011, 08:23:00 AM
 #14

my exe wasn't the rc1, shouldn't matter it's a trusted site.

https://www.rixty.com?ref=1337507 sign up for rixty
privacy, it does the body good.
Official Bitcoin Foundation Secretariat
The New World Order thanks you for your support of Bitcoin and encourages your continuing support so that they may track your expenditures easier.
hsf_context
Member
**
Offline Offline

Activity: 65



View Profile WWW
June 28, 2011, 09:29:02 AM
 #15

Using AVG and so far no problems with Bitcoins.

Digital artist for hire! Sketches anyone?
Want a custom Photoshop artwork? PM me! GIF banners available too!
JoelKatz
Legendary
*
Offline Offline

Activity: 1582


Democracy is vulnerable to a 51% attack.


View Profile WWW
June 28, 2011, 09:29:53 AM
 #16

This is heuristic detection based on the code doing a number of things AVG considers suspicious. For one thing, it's receiving a lot of network connections on a port unknown to AVG. The thing that puzzles me though is AVG says it's injecting code. There are a number of legitimate reasons it might do that, but I can't figure out from the source why it would be doing that.

Those not having problems may have heuristic detection off or may have the threshold set higher. Heuristic detection will have a lot of false positives.

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
syb3ria
Jr. Member
*
Offline Offline

Activity: 56


'buntusiast


View Profile
June 28, 2011, 09:52:18 AM
 #17

I don't know about AVG, but you may check the miner with http://www.virustotal.com/. Last time i checked, all the AV/malware scanners said it's clear Wink
schickel
Newbie
*
Offline Offline

Activity: 8


View Profile
July 18, 2011, 07:26:19 AM
 #18

I also had a flag from AVG.  This, though, was a flag for a PUP (Potentially Unwanted Program) raised on UfaSoft's bitcoin-miner.exe.  I'm assuming this was becuase of distribution by trojans dropping the miner on PCs to generate hashes for the distributer....

The00Dustin
Hero Member
*****
Offline Offline

Activity: 616


View Profile
July 18, 2011, 10:16:03 AM
 #19

I also had a flag from AVG.  This, though, was a flag for a PUP (Potentially Unwanted Program) raised on UfaSoft's bitcoin-miner.exe.  I'm assuming this was becuase of distribution by trojans dropping the miner on PCs to generate hashes for the distributer....
And because a corporation might not want its employees using their resources for mining...
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
July 18, 2011, 10:29:41 AM
 #20

I'm aware of someone who unexpectedly found bitc.exe *32 on their computer today and has submitted it to the major AV companies for analysis.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
ping32
Newbie
*
Offline Offline

Activity: 1


View Profile
July 18, 2011, 12:14:19 PM
 #21

AVG also detects your cracks and keygens for your pirated software, whats new?

That's because cracks and keygens are trojans, more often than not.

They do it on purpose. I read once the article from antivirus company where they mentioned they remove certain keygens, because they target the other software that company sells. Makes sense. And if they protect themselves that way, they could protect others too, if some other company will ask nicely.
bitcoinemily
Newbie
*
Offline Offline

Activity: 7


<em>ily


View Profile WWW
July 18, 2011, 12:29:22 PM
 #22

AVG protects you from everything that isn't consumer mainstream. Carry on citizen  Embarrassed

Buy me a pizza! 1KAJEs6NWAs7qwHscSMkgTSavk3TT7uhKn
bitnotifications
Newbie
*
Offline Offline

Activity: 9


View Profile WWW
July 18, 2011, 01:17:02 PM
 #23

The screenshot looks like the program decided based on heuristics. It detected P2P activity for example. This is probably not a manual black-listing action but an automatic heuristic.

฿฿฿ Bitcoin Prices in your taskbar: bitcoin-prices.com ($ and €, now, 24h ago, 7d ago and 1 month ago at the same time) ฿฿฿
geckogroove
Newbie
*
Offline Offline

Activity: 28


View Profile
July 18, 2011, 02:38:51 PM
 #24

avira detects guiminer for me but not bitcoin, its either a false positive or a warning not a detection
syb3ria
Jr. Member
*
Offline Offline

Activity: 56


'buntusiast


View Profile
July 18, 2011, 09:54:59 PM
 #25

Kaspersky Virus Removal Tool detects latest poclbm.exe as destructive tool. Have that in mind when running a scan.
damon1492
Jr. Member
*
Offline Offline

Activity: 33



View Profile
July 18, 2011, 10:17:36 PM
 #26

Why is AVG antivirus claiming bitcoin is malware and deleting from my pc?

Same for me just started detecting it as an malware WTF!!!
The00Dustin
Hero Member
*****
Offline Offline

Activity: 616


View Profile
July 18, 2011, 10:17:45 PM
 #27

Kaspersky Virus Removal Tool detects latest poclbm.exe as destructive tool. Have that in mind when running a scan.
In the meantime, couldn't you do us all a favor and report it as a false positive?
nmat
Hero Member
*****
Offline Offline

Activity: 602


View Profile
July 18, 2011, 10:23:47 PM
 #28

THis probably happens because botnets are probably distributing bitcoin in order to mine on zombie computers... and as a few people find the intrusion and send the unwanted files they found on their machine to AV labs for analysis, it results in bitcoin executables being flagged as malware.

This is scary and definitely doesn't help bitcoin a bit...
The00Dustin
Hero Member
*****
Offline Offline

Activity: 616


View Profile
July 18, 2011, 10:30:00 PM
 #29

I had ufasoft miner reported as a "trojan (generic)" (IOW heuristics probably) by sunbelt and reported it as a false positive.  It is now a potentially unwanted program with them, which is fine, so are lots of other useful tools (including syslog servers and tftp servers).  I realize free programs might not have instant or great support, but we need to submit these files and note that they are false positives so that signatures can be put in place to recognize them as what they are.  Regarding them being submitted for analysis, this shouldn't lead to them being marked as something they aren't, that isn't very thorough analysis, but if most detections are heuristic, then a signature that says it's potentially unwanted is certainly preferred to a guess at what baddie it is.
syb3ria
Jr. Member
*
Offline Offline

Activity: 56


'buntusiast


View Profile
July 20, 2011, 11:19:40 AM
 #30

Kaspersky Virus Removal Tool detects latest poclbm.exe as destructive tool. Have that in mind when running a scan.
In the meantime, couldn't you do us all a favor and report it as a false positive?
Couldn't find report option, it's just a cleaning tool.
The00Dustin
Hero Member
*****
Offline Offline

Activity: 616


View Profile
July 20, 2011, 01:40:40 PM
 #31

Kaspersky Virus Removal Tool detects latest poclbm.exe as destructive tool. Have that in mind when running a scan.
In the meantime, couldn't you do us all a favor and report it as a false positive?
Couldn't find report option, it's just a cleaning tool.
For the record, I SUCK at searching.  That said, ONE search with YAHOO:
http://search.yahoo.com/search;_ylt=AsGZb8flldWyGZiwxiMxilWbvZx4?p=kapersky+false+positive+report&toggle=1&cop=mss&ei=UTF-8&fr=yfp-t-374
The FIRST result lead me here:
http://forum.kaspersky.com/index.php?showtopic=13881
That KAPERSKY GLOBAL MODEATOR'S post lead me here:
http://support.kaspersky.com/virlab/helpdesk.html
That submission form that allows for attached files has a drop down that includes 'False alarm on a file' and 'False alarm on a web resource'.

No offense to you, but seriously, where where exactly did you look for a report option?  In the scanner itself?  (That would be the most logical and understandable explanation for not finding one, but I've never seen an option to report a false positive within an AV program)

Also for the record, emphasized words are to show just how simple this was to find (it was about 10 times easier than I expected, especially since Yahoo and Google are far from the same when it comes to search results).
JuanPabloCuervo
Member
**
Online Online

Activity: 116


View Profile
July 20, 2011, 04:23:34 PM
 #32

http://www.av-comparatives.org/

i only trust Avira, Malwarebytes.org & System Restore.

i had a virus that no other could eliminate, norton, kapersky, etc...

it was a virus a few years back, that eats the cpu doing nothing...
it killed some laptops with bad cooling, compaq 3000

i though it was a virus designed to kill pcs, but now i know what it really was doing...  Grin
Pages: 1 2 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!