Bitcoin Forum
January 23, 2020, 06:09:02 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Anti AntiVirus Bitcoin Core  (Read 203 times)
nopara73
Jr. Member
*
Offline Offline

Activity: 58
Merit: 259


View Profile
January 08, 2020, 06:38:47 PM
Last edit: January 11, 2020, 01:16:20 PM by nopara73
Merited by gmaxwell (5), harding (5), DooMAD (2), LFC_Bitcoin (1), ETFbitcoin (1), LeGaulois (1), figmentofmyass (1), DdmrDdmr (1)
 #1

Hi guys!  

Recently we decided to ship Bitcoin Core with Wasabi Wallet. However this resulted in an unpleasant surprise, where numerous anti-virus companies started flagging Wasabi due to Bitcoin Core is being flagged too.  
We tried to contact these companies but generally they don't seem to care about it.  

So, the last thing we could do is call for the community to help us reporting the false positive results. You can check which anti viruses are flagging Bitcoin Core by uploading Bitcoin Core binaries https://bitcoincore.org/en/download/  to a website like VirusTotal https://www.virustotal.com/.

In order to make this process smoother, we collected contact information and wrote an email template: https://bit.ly/helpbitcoin

Let's anti anti-virus Bitcoin Core together  Smiley

Creator of Wasabi Wallet: An open-source, non-custodial, privacy focused Bitcoin wallet - https://wasabiwallet.io
1579802942
Hero Member
*
Offline Offline

Posts: 1579802942

View Profile Personal Message (Offline)

Ignore
1579802942
Reply with quote  #2

1579802942
Report to moderator
1579802942
Hero Member
*
Offline Offline

Posts: 1579802942

View Profile Personal Message (Offline)

Ignore
1579802942
Reply with quote  #2

1579802942
Report to moderator
1579802942
Hero Member
*
Offline Offline

Posts: 1579802942

View Profile Personal Message (Offline)

Ignore
1579802942
Reply with quote  #2

1579802942
Report to moderator
The Bitcoin software, network, and concept is called "Bitcoin" with a capitalized "B". Bitcoin currency units are called "bitcoins" with a lowercase "b" -- this is often abbreviated BTC.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1579802942
Hero Member
*
Offline Offline

Posts: 1579802942

View Profile Personal Message (Offline)

Ignore
1579802942
Reply with quote  #2

1579802942
Report to moderator
1579802942
Hero Member
*
Offline Offline

Posts: 1579802942

View Profile Personal Message (Offline)

Ignore
1579802942
Reply with quote  #2

1579802942
Report to moderator
1579802942
Hero Member
*
Offline Offline

Posts: 1579802942

View Profile Personal Message (Offline)

Ignore
1579802942
Reply with quote  #2

1579802942
Report to moderator
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1890
Merit: 2164

Use SegWit and enjoy lower fees.


View Profile WWW
January 08, 2020, 07:15:55 PM
 #2

Interesting idea, but i wonder if they would hear it from someone who don't user their product or want to stay anonymous (e.g. Tor/VPN user) Huh

shield132
Hero Member
*****
Offline Offline

Activity: 1358
Merit: 563


In bit we sler, Bitsler


View Profile
January 08, 2020, 10:45:02 PM
 #3

The most curious thing that I found there is that John McAfee is the founder of antivirus company McAfee LLC and at the same time this person is actively in bitcoin with his silly statements and false promises (everyone knows one of them).
I can't check right now but did McAfee determined that as a virus? If yes, then I'm more curious to see response from them on your email regarding to false positive.

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄           
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄     
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ 
▀▄            █        ▀▀      █ 
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀              
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
Soratrade
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
January 08, 2020, 11:07:48 PM
 #4

The most curious thing that I found there is that John McAfee is the founder of antivirus company McAfee LLC and at the same time this person is actively in bitcoin with his silly statements and false promises (everyone knows one of them).
I can't check right now but did McAfee determined that as a virus? If yes, then I'm more curious to see response from them on your email regarding to false positive.

John has nothing to do with his old company anymore, he does not even like them anymore.
BitcoinFX
Legendary
*
Offline Offline

Activity: 2016
Merit: 1269


youtu.be/7oLdYay0PnE ... hahaha! FU (c)D(c) CSW


View Profile WWW
January 08, 2020, 11:10:47 PM
 #5

Great ongoing initiative for the community to support! ...

...snip...

Sometimes, nothing ever changes but the shoes ...

Win32 CPU Cycles vs 'Live Protection' Engines ?
- https://bitcointalk.org/index.php?topic=35.0

...

"Important!
Bitcoin Core is detected by many of the major antivirus as malware.
Join us in reporting it as a false positive.
Thank you @wasabiwallet for taking care of this."

- https://twitter.com/mir_btc/status/1213096157167136773

"Happy Birthday #Bitcoin and happy #ProofOfKeys day!

BUT REMEMBER 👇

#BitcoinCore is detected since years by some antiviruses, despite it being one of the most (if not the most) highly scrutinized and maintained open source software in existence.

HELP 👉 http://bit.ly/helpbitcoin "


- https://twitter.com/RiccardoMasutti/status/1213068495400951809

- https://youtu.be/IP3XaAqDwZ0

 Smiley

Guess I'm a Genuine "Bitcoin OG" <2010 | Bitcoin is BTC | CSW is NOT Satoshi | I Mine BTC, LTC, ZEC, XMR and GAP | Support my BTC on Tor addnodes Project ... satofxsc3xjadxsm.onion shindo45rxrk3737.onion naka7nzsu3binfim.onion motoixfjxnf4joga.onion | "Everybody's Got Something to Hide Except Me and My Monkey"
bL4nkcode
Copper Member
Hero Member
*****
Offline Offline

Activity: 1428
Merit: 861


Jack of all trades, Master of none.


View Profile
January 08, 2020, 11:45:53 PM
 #6

Most desktop wallet are detected as malware on any or all anti virus except if you manually exclude it.

And yeah, nice initiative for the community.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 2940
Merit: 3073



View Profile
January 09, 2020, 12:47:00 AM
 #7

Let's anti anti-virus Bitcoin Core together  Smiley
In addition to doing this, I think it would be useful to attempt to circumvent the AV... since the listing is mostly lazyness they probably won't try to actively work against some simple countermeasures.

Some stuff before indicated that some were simply triggering on the string "wallet.dat" and others on some mining function function names. It would be pretty non-intrusive to mildly obfscuate them in the binary (e.g. renaming the function and just xoring wallet.dat with something or similar).

That in no way replaces reports-- it compliments them. If it's been heavily reported as okay, then they'll be less likely to work around some simple countermeasures.

Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1344
Merit: 856


Crypto-Games.net: Multiple coins, multiple games


View Profile
January 09, 2020, 06:25:08 AM
 #8

Let's anti anti-virus Bitcoin Core together  Smiley

In addition to doing this, I think it would be useful to attempt to circumvent the AV...


I believe it's also an opportunity for the community to encourage the use of OSS, specifically Linux. We're giving tech-corporations power over what tools we should and shouldn't run in our computers.

Quote

since the listing is mostly lazyness they probably won't try to actively work against some simple countermeasures.


But maybe it's also "something else". Tin foil hats on.

▄▄█████████▄▄
▄█████████████████▄
▄████▀▀▀▀█████▀▀▀▀████▄
████▀██████▀█▀██████▀████
██████████████████████████
▐█████▄███████████████▄█████▌
▐███████▄▄█████████▄▄███████▌
▐██████▀█████████████▀██████▌
▐███████████████████████████▌
▀██████████████████████▀
▀████▄████▄▀▀▄████▄████▀
▀███████▀███▀███████▀
▀▀█████████████▀▀
  ▀▀▀▀▀▀▀▀▀
|
★.★.★   8 GAMES   ★   WAGERING CONTEST   ★   JACKPOTS   ★   FAUCET   ★.★.★
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▄█▀█▀█▄

 ▀███▀
  ▄▄▄
▄██▀▄█▄
██▀▄███
 ▀▄▄▄▀
  ▄▄▄
▄█ ▄▀█▄
██ █ ██
 ▀▄▄█▀
  ▄▄▄
▄▀▄▄▄▀▄
█▀▀▀▀▄█
 ▀███▀
  ▄▄▄
▄▀   ▀▄
█  █▄ █
 ▀▄██▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▀ █ ▀
▀▀▄▀▀
 ▀▄█▄
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
|
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1890
Merit: 2164

Use SegWit and enjoy lower fees.


View Profile WWW
January 09, 2020, 09:35:18 AM
 #9

Let's anti anti-virus Bitcoin Core together  Smiley

In addition to doing this, I think it would be useful to attempt to circumvent the AV...


I believe it's also an opportunity for the community to encourage the use of OSS, specifically Linux. We're giving tech-corporations power over what tools we should and shouldn't run in our computers.

Good point. At this point, anti-virus & anti-malware are the virus/malware itself, especially free version.

They actively analyze and send many your files/internet traffic (including decrypt HTTPS traffic) to their server.

kingcolex
Legendary
*
Offline Offline

Activity: 2086
Merit: 1216



View Profile
January 09, 2020, 11:47:26 AM
 #10

The most curious thing that I found there is that John McAfee is the founder of antivirus company McAfee LLC and at the same time this person is actively in bitcoin with his silly statements and false promises (everyone knows one of them).
I can't check right now but did McAfee determined that as a virus? If yes, then I'm more curious to see response from them on your email regarding to false positive.

John has nothing to do with his old company anymore, he does not even like them anymore.
Exactly, he sold that off YEARS ago. He's also a complete and utter lunatic, so I doubt that the devs over at McAfee care what he says or what he does, at this point they want to distance themselves from him.

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
NotATether
Jr. Member
*
Offline Offline

Activity: 42
Merit: 10

Brought to you by Yours Truly.


View Profile
January 09, 2020, 03:19:46 PM
 #11

Remember that the reason AV companies flag bitcoin wallets is because they can't (or maybe don't want to) tell the different between an actual wallet and a desktop cryptominer. If it did quarantine the wallet program just whitelist it, the AV won't pester you anymore.
kzv
Legendary
*
Offline Offline

Activity: 1484
Merit: 1140


View Profile WWW
January 09, 2020, 06:00:23 PM
 #12

Remember that the reason AV companies flag bitcoin wallets is because they can't (or maybe don't want to) tell the different between an actual wallet and a desktop cryptominer. If it did quarantine the wallet program just whitelist it, the AV won't pester you anymore.

For this reason, a few years ago, antiviruses often flagged new versions Bitcoin Core or it forks
But as I know the miner functionality is cut from source code Bitcoin Core since v.0.13

Luke-Jr
Legendary
*
Offline Offline

Activity: 2506
Merit: 1022



View Profile
January 10, 2020, 01:19:54 AM
 #13

Remember that the reason AV companies flag bitcoin wallets is because they can't (or maybe don't want to) tell the different between an actual wallet and a desktop cryptominer. If it did quarantine the wallet program just whitelist it, the AV won't pester you anymore.
Mining software isn't malware either, though.

In fact, I would suggest someone put together a list of affected projects (BFGMiner has had this problem for years) for reporting as safe...

nopara73
Jr. Member
*
Offline Offline

Activity: 58
Merit: 259


View Profile
January 13, 2020, 07:29:19 PM
 #14

To provide some update here, the project has limited success. For example there is a tweet from coinforensics[0] with a positive response attached. Yet, I noticed a new detection emerged[1] within a 4 days time period, which is just strange.
To further pursue the issue one of our software developer, Lucas Ontivero will try to tackle the antiviruses with pull requests from February 15, as it will be apparent by that time how successful the reporting campaign was.

- 0 https://twitter.com/coinforensics/status/1216430197085495297)
- 1 https://imgur.com/a/rGCLkph

Creator of Wasabi Wallet: An open-source, non-custodial, privacy focused Bitcoin wallet - https://wasabiwallet.io
lontivero
Full Member
***
Offline Offline

Activity: 164
Merit: 116

Amazing times are coming


View Profile
January 21, 2020, 07:07:37 PM
 #15

In order to check whether the AVs search for the string wallet.dat or not, I compiled bitcoin (latest master branch) and uploaded the bitcoind file to VirusTotal. After that I replaced the string by "monedero.txt" everywhere and verified the compiled file doesn't contain "wallet.dat" anywhere then I uploaded that new version to VirusTotal again with exact same result:

    "wallet.dat": https://www.virustotal.com/gui/file/874b5bf081724342a03e2f65823869e991273f9fa9fc6011498553a821dee846/detection

    "monedero.txt": https://www.virustotal.com/gui/file/a8f4fd57504580d7015f38fce7a32dcd2d1a36482a98a2998741ebfe7ba7a82c/detection

It has to be a combination of mining functions by sure what makes the AV believe that it is program designed to use the user's computer resources to mine cryptocurrencies.
nopara73
Jr. Member
*
Offline Offline

Activity: 58
Merit: 259


View Profile
January 22, 2020, 12:37:38 PM
 #16

There's also an unsatisfactory reason that's been recently received, which has no counter: "it's making multiple connections to multiple IPs" https://twitter.com/coinforensics/status/1219728491891101697

Creator of Wasabi Wallet: An open-source, non-custodial, privacy focused Bitcoin wallet - https://wasabiwallet.io
chris598
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile WWW
January 22, 2020, 12:41:30 PM
 #17

Thanks for sharing amazing info. Wink
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!