Bitcoin Forum
February 28, 2021, 08:04:14 AM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Anti AntiVirus Bitcoin Core  (Read 798 times)
nopara73
Member
**
Offline Offline

Activity: 69
Merit: 275


View Profile
January 08, 2020, 06:38:47 PM
Last edit: January 11, 2020, 01:16:20 PM by nopara73
Merited by suchmoon (7), gmaxwell (5), harding (5), ETFbitcoin (4), DooMAD (2), DdmrDdmr (2), LFC_Bitcoin (1), LeGaulois (1), figmentofmyass (1), o_e_l_e_o (1), Heisenberg_Hunter (1)
 #1

Hi guys!  

Recently we decided to ship Bitcoin Core with Wasabi Wallet. However this resulted in an unpleasant surprise, where numerous anti-virus companies started flagging Wasabi due to Bitcoin Core is being flagged too.  
We tried to contact these companies but generally they don't seem to care about it.  

So, the last thing we could do is call for the community to help us reporting the false positive results. You can check which anti viruses are flagging Bitcoin Core by uploading Bitcoin Core binaries https://bitcoincore.org/en/download/  to a website like VirusTotal https://www.virustotal.com/.

In order to make this process smoother, we collected contact information and wrote an email template: https://bit.ly/helpbitcoin

Let's anti anti-virus Bitcoin Core together  Smiley

Creator of Wasabi Wallet: An open-source, non-custodial, privacy focused Bitcoin wallet - https://wasabiwallet.io
1614499454
Hero Member
*
Offline Offline

Posts: 1614499454

View Profile Personal Message (Offline)

Ignore
1614499454
Reply with quote  #2

1614499454
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1614499454
Hero Member
*
Offline Offline

Posts: 1614499454

View Profile Personal Message (Offline)

Ignore
1614499454
Reply with quote  #2

1614499454
Report to moderator
1614499454
Hero Member
*
Offline Offline

Posts: 1614499454

View Profile Personal Message (Offline)

Ignore
1614499454
Reply with quote  #2

1614499454
Report to moderator
1614499454
Hero Member
*
Offline Offline

Posts: 1614499454

View Profile Personal Message (Offline)

Ignore
1614499454
Reply with quote  #2

1614499454
Report to moderator
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2674


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
January 08, 2020, 07:15:55 PM
 #2

Interesting idea, but i wonder if they would hear it from someone who don't user their product or want to stay anonymous (e.g. Tor/VPN user) Huh

shield132
Hero Member
*****
Online Online

Activity: 1764
Merit: 704



View Profile
January 08, 2020, 10:45:02 PM
 #3

The most curious thing that I found there is that John McAfee is the founder of antivirus company McAfee LLC and at the same time this person is actively in bitcoin with his silly statements and false promises (everyone knows one of them).
I can't check right now but did McAfee determined that as a virus? If yes, then I'm more curious to see response from them on your email regarding to false positive.

       ▀█████████████████████
            ▀▀██████
    ▄▄
▀████▄▄  ▀████
  ▄████▄
▀█████▄  ▀███
 ████▀▀
   ▄██████  ▀███
████▀
   ▄████▀████  ████
████  ▄█▄
▀█▀  ████  █████
████▄████▀
   ▄████  ████
 ██████▀
   ▄▄████  ▄███
  ▀█████▄
▀████▀  ▄███
    ▀▀████▄
▀▀  ▄████
            ▄▄██████
       ▄███████████
████████████████████████████████████
.
FUN TOKEN
.
██████████████     ██████████████████████
██████████
 ██████████
  ██████████
   ██████████
    ██████████
     ██████████
      ██████████
     ██████████
    ██████████
   ██████████
  ██████████
 ██████████
██████████
.
FreeBitco.in Adopts FUN Token for
Premium Membership Program
██████████
 ██████████
  ██████████
   ██████████
    ██████████
     ██████████
      ██████████
     ██████████
    ██████████
   ██████████
  ██████████
 ██████████
██████████
.
██████████
 ██████████
  ██████████
   ██████████
    ██████████
     ██████████
      ██████████
     ██████████
    ██████████
   ██████████
  ██████████
 ██████████
██████████

          ▄
      ▀▄  ▀  ▄▀
 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█████████████████████
██  ▄▄▀█  ██ █  ██ ██
██  ▄▄▀█  ██ ██▄ ▄███
██  ▀▀▄█▄ ▀▀▄███ ████
█████████████ ▄▄▄ ▀▀█
 ▀▀▀▀▀▀▀▀▀▀▀▀ ▐████▄▄
      ▄▀  ▄    █████▄
          ▀     ▀ ▀███
                    ▀
.
41M Users to Buy and Hold
FUN for Premium Benefits
.
.Learn More.
Soratrade
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
January 08, 2020, 11:07:48 PM
 #4

The most curious thing that I found there is that John McAfee is the founder of antivirus company McAfee LLC and at the same time this person is actively in bitcoin with his silly statements and false promises (everyone knows one of them).
I can't check right now but did McAfee determined that as a virus? If yes, then I'm more curious to see response from them on your email regarding to false positive.

John has nothing to do with his old company anymore, he does not even like them anymore.
BitcoinFX
Legendary
*
Offline Offline

Activity: 2408
Merit: 1552


https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF


View Profile WWW
January 08, 2020, 11:10:47 PM
 #5

Great ongoing initiative for the community to support! ...

...snip...

Sometimes, nothing ever changes but the shoes ...

Win32 CPU Cycles vs 'Live Protection' Engines ?
- https://bitcointalk.org/index.php?topic=35.0

...

"Important!
Bitcoin Core is detected by many of the major antivirus as malware.
Join us in reporting it as a false positive.
Thank you @wasabiwallet for taking care of this."

- https://twitter.com/mir_btc/status/1213096157167136773

"Happy Birthday #Bitcoin and happy #ProofOfKeys day!

BUT REMEMBER 👇

#BitcoinCore is detected since years by some antiviruses, despite it being one of the most (if not the most) highly scrutinized and maintained open source software in existence.

HELP 👉 http://bit.ly/helpbitcoin "


- https://twitter.com/RiccardoMasutti/status/1213068495400951809

- https://youtu.be/IP3XaAqDwZ0

 Smiley

"Bitcoin OG" Bored/Board of making others wealthy! | 1JXFXUBGs2ZtEDAQMdZ3tkCKo38nT2XSEp | Bitcoin is BTC | CSW is NOT Satoshi Nakamoto | I Mine BTC, LTC, ZEC, XMR and GAP | Support my BTC on Tor addnodes Project | Media enquiries : Wu Ming | Enjoy The Money Machine | "You cannot compete with Open Source" and "Cryptography != Banana"
bL4nkcode
Copper Member
Legendary
*
Offline Offline

Activity: 1834
Merit: 1170


$ 6 9 , 4 2 0 ✔


View Profile
January 08, 2020, 11:45:53 PM
 #6

Most desktop wallet are detected as malware on any or all anti virus except if you manually exclude it.

And yeah, nice initiative for the community.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 3346
Merit: 4937



View Profile
January 09, 2020, 12:47:00 AM
 #7

Let's anti anti-virus Bitcoin Core together  Smiley
In addition to doing this, I think it would be useful to attempt to circumvent the AV... since the listing is mostly lazyness they probably won't try to actively work against some simple countermeasures.

Some stuff before indicated that some were simply triggering on the string "wallet.dat" and others on some mining function function names. It would be pretty non-intrusive to mildly obfscuate them in the binary (e.g. renaming the function and just xoring wallet.dat with something or similar).

That in no way replaces reports-- it compliments them. If it's been heavily reported as okay, then they'll be less likely to work around some simple countermeasures.

Wind_FURY
Legendary
*
Offline Offline

Activity: 1750
Merit: 1092


www.Crypto.Games: Multiple coins, multiple games


View Profile
January 09, 2020, 06:25:08 AM
 #8

Let's anti anti-virus Bitcoin Core together  Smiley

In addition to doing this, I think it would be useful to attempt to circumvent the AV...


I believe it's also an opportunity for the community to encourage the use of OSS, specifically Linux. We're giving tech-corporations power over what tools we should and shouldn't run in our computers.

Quote

since the listing is mostly lazyness they probably won't try to actively work against some simple countermeasures.


But maybe it's also "something else". Tin foil hats on.

████  ███████  ███
██████████
███      ███████
███      ███████████
██████████████████
████████
███   ████  ███████████
███ ███████████████
█████████
█████████████████
███  ███████
██████████████
███        ████████
███████████▀▀███▀▀███████████
██████▀▀     ███     ▀▀██████
████▀   ▄▄█████████▄▄   ▀████
████▄▄▄███▀  ▀█▀  ▀███▄▄▄████
██▀▀▀██▀      ▀      ▀██▀▀▀██
█▀  ▄██               ██▄  ▀█
█   ████▄▄         ▄▄████   █
█▄  ▀██▀             ▀██▀  ▄█
██▄▄▄██▄             ▄██▄▄▄██
████▀▀▀███▄ ▄█ █▄ ▄███▀▀▀████
████▄   ▀▀███▄█████▀▀   ▄████
███████▄     ███     ▄███████
███████████▄▄███▄▄███████████
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
..PLAY NOW..
███  ███████  ████
██████████
███████      ███
███████████      ███
██████████████████
████████
███████████  ████   ███
███████████████ ███
█████████
█████████████████
███████  ███
██████████████
████████        ███
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2674


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
January 09, 2020, 09:35:18 AM
 #9

Let's anti anti-virus Bitcoin Core together  Smiley

In addition to doing this, I think it would be useful to attempt to circumvent the AV...


I believe it's also an opportunity for the community to encourage the use of OSS, specifically Linux. We're giving tech-corporations power over what tools we should and shouldn't run in our computers.

Good point. At this point, anti-virus & anti-malware are the virus/malware itself, especially free version.

They actively analyze and send many your files/internet traffic (including decrypt HTTPS traffic) to their server.

kingcolex
Legendary
*
Offline Offline

Activity: 2338
Merit: 1251



View Profile
January 09, 2020, 11:47:26 AM
 #10

The most curious thing that I found there is that John McAfee is the founder of antivirus company McAfee LLC and at the same time this person is actively in bitcoin with his silly statements and false promises (everyone knows one of them).
I can't check right now but did McAfee determined that as a virus? If yes, then I'm more curious to see response from them on your email regarding to false positive.

John has nothing to do with his old company anymore, he does not even like them anymore.
Exactly, he sold that off YEARS ago. He's also a complete and utter lunatic, so I doubt that the devs over at McAfee care what he says or what he does, at this point they want to distance themselves from him.
NotATether
Sr. Member
****
Offline Offline

Activity: 448
Merit: 1071


to Alpha Centurai


View Profile WWW
January 09, 2020, 03:19:46 PM
 #11

Remember that the reason AV companies flag bitcoin wallets is because they can't (or maybe don't want to) tell the different between an actual wallet and a desktop cryptominer. If it did quarantine the wallet program just whitelist it, the AV won't pester you anymore.

kzv
Legendary
*
Offline Offline

Activity: 1624
Merit: 1230

OpenTrade - Open Source Cryptocurrency Exchange


View Profile WWW
January 09, 2020, 06:00:23 PM
 #12

Remember that the reason AV companies flag bitcoin wallets is because they can't (or maybe don't want to) tell the different between an actual wallet and a desktop cryptominer. If it did quarantine the wallet program just whitelist it, the AV won't pester you anymore.

For this reason, a few years ago, antiviruses often flagged new versions Bitcoin Core or it forks
But as I know the miner functionality is cut from source code Bitcoin Core since v.0.13

Luke-Jr
Legendary
*
Offline Offline

Activity: 2506
Merit: 1026



View Profile
January 10, 2020, 01:19:54 AM
 #13

Remember that the reason AV companies flag bitcoin wallets is because they can't (or maybe don't want to) tell the different between an actual wallet and a desktop cryptominer. If it did quarantine the wallet program just whitelist it, the AV won't pester you anymore.
Mining software isn't malware either, though.

In fact, I would suggest someone put together a list of affected projects (BFGMiner has had this problem for years) for reporting as safe...

nopara73
Member
**
Offline Offline

Activity: 69
Merit: 275


View Profile
January 13, 2020, 07:29:19 PM
 #14

To provide some update here, the project has limited success. For example there is a tweet from coinforensics[0] with a positive response attached. Yet, I noticed a new detection emerged[1] within a 4 days time period, which is just strange.
To further pursue the issue one of our software developer, Lucas Ontivero will try to tackle the antiviruses with pull requests from February 15, as it will be apparent by that time how successful the reporting campaign was.

- 0 https://twitter.com/coinforensics/status/1216430197085495297)
- 1 https://imgur.com/a/rGCLkph

Creator of Wasabi Wallet: An open-source, non-custodial, privacy focused Bitcoin wallet - https://wasabiwallet.io
lontivero
Full Member
***
Offline Offline

Activity: 164
Merit: 119

Amazing times are coming


View Profile
January 21, 2020, 07:07:37 PM
Merited by vapourminer (2)
 #15

In order to check whether the AVs search for the string wallet.dat or not, I compiled bitcoin (latest master branch) and uploaded the bitcoind file to VirusTotal. After that I replaced the string by "monedero.txt" everywhere and verified the compiled file doesn't contain "wallet.dat" anywhere then I uploaded that new version to VirusTotal again with exact same result:

    "wallet.dat": https://www.virustotal.com/gui/file/874b5bf081724342a03e2f65823869e991273f9fa9fc6011498553a821dee846/detection

    "monedero.txt": https://www.virustotal.com/gui/file/a8f4fd57504580d7015f38fce7a32dcd2d1a36482a98a2998741ebfe7ba7a82c/detection

It has to be a combination of mining functions by sure what makes the AV believe that it is program designed to use the user's computer resources to mine cryptocurrencies.
nopara73
Member
**
Offline Offline

Activity: 69
Merit: 275


View Profile
January 22, 2020, 12:37:38 PM
 #16

There's also an unsatisfactory reason that's been recently received, which has no counter: "it's making multiple connections to multiple IPs" https://twitter.com/coinforensics/status/1219728491891101697

Creator of Wasabi Wallet: An open-source, non-custodial, privacy focused Bitcoin wallet - https://wasabiwallet.io
StonerStanley
Sr. Member
****
Offline Offline

Activity: 530
Merit: 267



View Profile
June 10, 2020, 07:15:41 AM
 #17

Just uninstall the Anti virus application that is in your computer that will solve it. I haven't been using an AV for many years because their redundant and has lots of issues such as adware, take to much memory in your ram, deletes file unknowingly and serve as a spyware to mine data.

Try Comodo Internet Security and turn off the antivirus. It's probably one of the best security software for windows.
LFC_Bitcoin
Legendary
*
Offline Offline

Activity: 2366
Merit: 4317


One of the world's leading Bitcoin-powered casinos


View Profile
June 10, 2020, 01:00:42 PM
 #18

I use my computer solely for Bitcoin Core, literally nothing else. I deactivated all anti-virus software on my computer so I obviously don’t have a problem. I can imagine it being frustrating if your AV software keeps flagging Bitcoin Core as potential malware.

Can I just advise everybody to please refrain from storing a significant amount of BTC on any device they use for everyday, regular browsing & downloading files.

I’ve seen too many horror stories here from idiots downloading movies & torrents to a computer storing a significant amount of coin, only for said movies & torrents to end up being bitcoin stealing malware.

Use your head & look after your coin.

coinforensics
Newbie
*
Offline Offline

Activity: 3
Merit: 17


View Profile WWW
August 04, 2020, 10:32:19 AM
Merited by ETFbitcoin (7), gmaxwell (5), o_e_l_e_o (2), Husna QA (2), nopara73 (1)
 #19

I have been monitoring Bitcoin Core versions in the past few months and reported the false positives to the AV providers..

To better track the status I created the "Bitcoin Client VirusTotal Tracker" on https://bitcoinissafe.com.
It checks the false positive detection rate of Bitcoin clients every few hours via the VirusTotal API.

I appreciate all feedback, improvements, changes, ..
Casdinyard
Hero Member
*****
Offline Offline

Activity: 1456
Merit: 594



View Profile
August 04, 2020, 10:41:55 AM
 #20

Recently we decided to ship Bitcoin Core with Wasabi Wallet. However this resulted in an unpleasant surprise, where numerous anti-virus companies started flagging Wasabi due to Bitcoin Core is being flagged too.  

AFAIK BitcoinCore was flagged due to the fact that some applications uses some computer's graphic cards for mining, such as the issue of LoL back then where someone detected a mining code running in background of League of Legends. Hence, anti-virus blocks any applications that has something to do with mining cryptocurrency even the BitcoinCore itself.

I'm not that tech savvy but I only see such possibility in this case. But what operating system are you using? If that would be Windows distros, then it is not that kind of unusual case as its pre-installed Windows Defender flags anything suspicious as virus, as long as it wasn't their product or an open-source product.

       ▀█████████████████████
            ▀▀██████
    ▄▄
▀████▄▄  ▀████
  ▄████▄
▀█████▄  ▀███
 ████▀▀
   ▄██████  ▀███
████▀
   ▄████▀████  ████
████  ▄█▄
▀█▀  ████  █████
████▄████▀
   ▄████  ████
 ██████▀
   ▄▄████  ▄███
  ▀█████▄
▀████▀  ▄███
    ▀▀████▄
▀▀  ▄████
            ▄▄██████
       ▄███████████
████████████████████████████████████
.
FUN TOKEN
.
██████████████     ██████████████████████
██████████
 ██████████
  ██████████
   ██████████
    ██████████
     ██████████
      ██████████
     ██████████
    ██████████
   ██████████
  ██████████
 ██████████
██████████
.
FreeBitco.in Adopts FUN Token for
Premium Membership Program
██████████
 ██████████
  ██████████
   ██████████
    ██████████
     ██████████
      ██████████
     ██████████
    ██████████
   ██████████
  ██████████
 ██████████
██████████
.
██████████
 ██████████
  ██████████
   ██████████
    ██████████
     ██████████
      ██████████
     ██████████
    ██████████
   ██████████
  ██████████
 ██████████
██████████

          ▄
      ▀▄  ▀  ▄▀
 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█████████████████████
██  ▄▄▀█  ██ █  ██ ██
██  ▄▄▀█  ██ ██▄ ▄███
██  ▀▀▄█▄ ▀▀▄███ ████
█████████████ ▄▄▄ ▀▀█
 ▀▀▀▀▀▀▀▀▀▀▀▀ ▐████▄▄
      ▄▀  ▄    █████▄
          ▀     ▀ ▀███
                    ▀
.
41M Users to Buy and Hold
FUN for Premium Benefits
.
.Learn More.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!