About virus!

[is7]

Help!
I use bitcoin-qt 0.9.1.
And last sunday,after I downloaded the data as usual,I used "avast!" and "Clamwin" to scan my system,and i found virus in  chainstate and blocks．

Avast! scan report:
1. blk00129.dat  was reported as virus:Diskspoiler
2. the other 8 ".sst" files were reported as virus,such as:Oropax,Murphy,Syslock,Diskspoiler,Attention,Yankee Doodle,PrtScr1024,Raubkopie
(sorry,I`m in China,I can`t find a website to save the pictures that can be showed on bitcointalk)

Clamwin`s scan report:
C:\Bitcoin\chainstate\063497.sst: Peace.1 FOUNC
C:\Bitcoin\chainstate\063504.sst: Italian.1 FOUNC
C:\Bitcoin\chainstate\063505.sst: Chren-4016 FOUNC
C:\Bitcoin\chainstate\063514.sst: Boot.Gen.10past3 FOUNC
C:\Bitcoin\chainstate\063545.sst: Gen.805 FOUNC
C:\Bitcoin\chainstate\063581.sst: StoneC.1 FOUNC
C:\Bitcoin\chainstate\063590.sst: Gergana.9 FOUNC
C:\Bitcoin\chainstate\063641.sst: Vienna-645.A FOUNC

----------------------------------------------------------------------------------------------------------------------

Could anyone help me,and explain what`s up?
Thank you!

[shorena]

The proxy is blocking the images. Can you post a link?

There is a lot of data in the blockchain, so some of these might trigger the signature of a virus.

Another question: Do you use two anti virus? or did you scan from an external dvd and used first avast and then clamwin?
Because two antivirus systems might interfere with eachother.

[escrow.ms]

Use http://imgur.com for image uploads.

Ps: It's a false positive.
https://bitcointalk.org/index.php?topic=554738.0

[is7]

The proxy is blocking the images. Can you post a link?

There is a lot of data in the blockchain, so some of these might trigger the signature of a virus.

Another question: Do you use two anti virus? or did you scan from an external dvd and used first avast and then clamwin?
Because two antivirus systems might interfere with eachother.

first of all,thank you for Re
I`m in China,I can`t find a website to save the pictures that can be showed on bitcointalk.
I used first avast and then clamwin.

this is scan report:

Avast! scan report:
1. blk00129.dat  was reported as virus:Diskspoiler
2. the other 8 ".sst" files were reported as virus,such as:Oropax,Murphy,Syslock,Diskspoiler,Attention,Yankee Doodle,PrtScr1024,Raubkopie

Clamwin`s scan report:
C:\Bitcoin\chainstate\063497.sst: Peace.1 FOUNC
C:\Bitcoin\chainstate\063504.sst: Italian.1 FOUNC
C:\Bitcoin\chainstate\063505.sst: Chren-4016 FOUNC
C:\Bitcoin\chainstate\063514.sst: Boot.Gen.10past3 FOUNC
C:\Bitcoin\chainstate\063545.sst: Gen.805 FOUNC
C:\Bitcoin\chainstate\063581.sst: StoneC.1 FOUNC
C:\Bitcoin\chainstate\063590.sst: Gergana.9 FOUNC
C:\Bitcoin\chainstate\063641.sst: Vienna-645.A FOUNC

[is7]

Use http://imgur.com for image uploads.

Ps: It's a false positive.
https://bitcointalk.org/index.php?topic=554738.0

3q! let me try again

[shorena]

Use http://imgur.com for image uploads.

Ps: It's a false positive.
https://bitcointalk.org/index.php?topic=554738.0

3q! let me try again

What escrow.ms posted is that you dont have a virus. Its a fake report.

-snip-
The result: The blockchain will contain occurences of 23 bytes that will match a Anti-Virus definition.
If the def matches a small virus and also the antivirus uses heuristics, then the antivirus will react violently on the blockchain.

He have already done a list of 442 adresses that each is a found entry in a antivirus def database for a specific AV vendor.
-snip-

tl;dr no virus, you are fine (probably)

[is7]

Thank you,shorena!

[Silvercube146]

From experience Clamwin and avast had higher false positives than some of the other free options. Microsoft security essentials had lower false positives but its also not as good as avast at detecting actual viruses.

There are a few antivirus comparison sites you can can check out to see how they handle false positives. if you go to av-comparatives.orghttp://www.av-comparatives.org scroll down to reports and select charts and statistics http://chart.av-comparatives.org/chart1.php. From the test drop down take a look at the different types to see how different antivirus's compare. Once you select false alarm test you'll see which antivirus's are more prone to them in their tests.

av-test.org http://www.av-test.org/en/home/ also does its own tests but they bundle false positives with scan times,etc under usability. You would need to sort by usability, then click to each one see its specs.

The goal would be to find an antivirus that does well at everything. Detecting virus's but also is not prone to high amounts of false positives (many antiviruses will have false positives from time to time)

[paythrough_team]

Virus is very terrible, you can go to the official download bitcoin wallet.

[joshraban76]

Don't worry, I've googled these for you now.

As escrow.ms said, it's a false positive, like what happen with games trainers.

You are fine, don't panic

[rarkenin]

Technically, if the offending data in the blockchain is properly sanitized before being processed (including correct buffer allocation), and never executed directly, it should be fine, right?

[shorena]

Technically, if the offending data in the blockchain is properly sanitized before being processed (including correct buffer allocation), and never executed directly, it should be fine, right?

There is no virus anyways. The data just matches with the signature of a virus. But yes the blockchain data does not get executed thus even if there would be a full fledged virus it would not be no problem.

Virus is very terrible, you can go to the official download bitcoin wallet.

The source is the "official" blockchain data.

[ranochigo]

I believe the anti virus actually searches some signatures of the virus. The blocks mined might contain the signature of that virus since the encryption used is sha256. Just a wild guess though, please correct me if I am wrong.

[rarkenin]

I believe the anti virus actually searches some signatures of the virus. The blocks mined might contain the signature of that virus since the encryption used is sha256. Just a wild guess though, please correct me if I am wrong.

First, SHA512 isn't a form of encryption. A hash by itself isn't really a virus. However, certain parts of the blockchain do contain patterns that might appear to be parts of viruses, although as most antivirus programs do not understand the structure of the blockchain, they're likely not aware of what the "meaning" of such signatures is in certain contexts and flag it down nonetheless.

[vm1990]

Turn it off hide it in a cubbord and hide under the blankets until it goes away

Or plan b if its from official bitcoin.org then your fine and just shout at avast. If its not official software grab any back up keys you need and setup an official version

[bridgeknocker]

Next time better update first.

[ranochigo]

Next time better update first.

He is already at the latest version. There is a signature that matches a certain virus's signature. It is only false positive.