Bitcoin Forum
November 14, 2024, 11:35:02 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Why does bitcoin-qt.exe try to install a screen logger?  (Read 2339 times)
btcfriendly (OP)
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
November 20, 2013, 10:59:12 AM
 #1

I downloaded bitcoin-0.8.5-win32 from bitcoin.org.

Of course I scanned the installer for viruses - looks clean.

But then the first thing that happens when I launched bitcoin-qt.exe it is that my anti-virus (online-armour) warned me that bitcoin-qt.exe wants to install a screen logger!

So of course I google
intext:("bitcoin-qt.exe" "screen logger")

I expected there to be some explanation of this suspicious behavior, but I couldn't find any discussion of this.

Why, on earth, is an official bitcoin installer behaving like a virus and why doesn't anyone seem to notice?

If there were a legitimate reason for such behavior, I would expect some mention of this in readme.txt.

I really can't see why anyone would trust an installer that secretly tries to do something like this.
kwest
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
November 20, 2013, 11:05:53 AM
 #2

Hm.. are you sure that you didn't get hijacked somehow and downloaded a malicious client? Don't ask me how, but the bitcoin-qt doesn't have any harmful code in it.. and I've installed it on multiple computers with different anti-virus software (Kaspersky, Norton, Avast) and never gotten a message like this.

I would delete the file you downloaded and re-download the qt client from sourceforge: http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.5/

It could also be a false positive.
OnkelPaul
Legendary
*
Offline Offline

Activity: 1039
Merit: 1005



View Profile
November 20, 2013, 11:07:24 AM
 #3

Has it ever occurred to you that AV software can produce bogus messages, too?
If you search for "online-armor screen logger" you'll find a bunch of reports about false positives.
The problem is that this heuristic detects behavior that is exhibited by some virus and spying software, but which can also be present in innocent software.

Onkel Paul

Drabla
Member
**
Offline Offline

Activity: 104
Merit: 10

Pecunia non olet


View Profile
November 20, 2013, 11:13:20 AM
 #4

Most likely this is a false positiv

Some AV-Software handle everything that has the signature of a bitcoin miner with care/gives you a warning because of all the malicious software out there that uses the victims computer to mine coins.

Here you can see another false positiv of the file ou downloaded: https://www.virustotal.com/en/file/6f6b8fd68f56a8e700090267c53aa592b9c9e5c993f44c7be11ba9b87e1f92bb/analysis/

AV-Warnings are mostly hints for (unexperienced) users - If you know the programm and trust it (bitcoin-qt can be trusted) you can ignore the AV-Message
lindatess
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
November 20, 2013, 11:13:53 AM
 #5

I haven't taken a look at the latest client, but you could run it in sandboxie if you are worried.

Try redownloading the client and comparing the md5 signature.

PenAndPaper
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile
November 20, 2013, 11:23:22 AM
 #6

If you have downloaded the client from bitcoin.org then it's clean and it's a false alarm from your av. No need to worry.
Also if somehow you have downloaded a malicious file masked as bitcoin-qt i don't think that your desktop would have been the target  Tongue Tongue
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
November 20, 2013, 11:45:15 AM
 #7

You can ensure you have an unaltered Bitcoin by checking it's signature. However this is more burdensome than checking it's file hash, which is below, from my copy of the installer retrieved on Sep 13 2013

>md5sum bitcoin-0.8.5-win32-setup.exe
6cff750efbae30d14f97f663d18aacf8 *bitcoin-0.8.5-win32-setup.exe

>sha256sum bitcoin-0.8.5-win32-setup.exe
6f6b8fd68f56a8e700090267c53aa592b9c9e5c993f44c7be11ba9b87e1f92bb *bitcoin-0.8.5-win32-setup.exe

>fciv -both -add bitcoin-0.8.5-win32-setup.exe
//
// File Checksum Integrity Verifier version 2.05.
//
                MD5                             SHA-1
-------------------------------------------------------------------------
6cff750efbae30d14f97f663d18aacf8 c6ecb5c1447c57fc0be4c69c4f300fb9fb41adf0 bitcoin-0.8.5-win32-setup.exe


The last tool is from Microsoft: http://www.microsoft.com/en-us/download/confirmation.aspx?id=11533
md5sum or sha256sum for windows, I'll let you use Google to find your own copy.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!