Windows Defender detects DOS/Stoned in chainstate files

[Delarock]

I saw a couple threads about a similar issue. Is there anything specific I should do?

Running Windows 8. I keep getting alerts from Windows defender. The virus definitions were last updated this afternoon.

[dnaleor]

I saw a couple threads about a similar issue. Is there anything specific I should do?

Running Windows 8. I keep getting alerts from Windows defender. The virus definitions were last updated this afternoon.

I got the same...

Should I just ignore it?
It closed my bitcoin core program.

Not willing to riskt it to restart until I got confirmation

chainstate\142266.sst is the "infected" file

[grue]

I saw a couple threads about a similar issue. Is there anything specific I should do?

Running Windows 8. I keep getting alerts from Windows defender. The virus definitions were last updated this afternoon.

protip: if you saw similar threads about the same issue, consider reading those threads for a solution.

[Delarock]

Different operating system, different virus, different anti-virus.

Not the same issue. Similar issue.

Not trying to pick nits, but there's a level of specificity that you just don't take for granted with computers. Since I'm not an expert, I'm asking the experts here.

Why do you think I didn't read those threads? I did two searches, for the virus name and for the error code. I gleaned what I could from them and I'm asking again to be sure.

[VinCeCream]

I think somebody introduced a virus code in the blockchain ..

But I'm not sure if it is possible ?

[shorena]

I think somebody introduced a virus code in the blockchain ..

But I'm not sure if it is possible ?

Its possible and it has been done. In fact it allready has been done a long time ago in the testnet.
See here https://bitcointalk.org/index.php?topic=554738.0
where on of the devs talks about it. This also links to a swedish board where this is discussed.

Also here:
https://bitcointalk.org/index.php?topic=470326.0

Also getting a positive for Virus:DOS/Stoned, but in Bitcoin\chainstate\285512.sst, from Microsoft Security Essentials.

Running Windows 7.

I believe I've also seen threads about this before, trying to dig up the relevant information...

There have been similar posts here:

https://bitcointalk.org/index.php?topic=558919.0
https://bitcointalk.org/index.php?topic=559365.0
https://bitcointalk.org/index.php?topic=560070.0
even from 2011:
https://bitcointalk.org/index.php?topic=43803.0
https://bitcointalk.org/index.php?topic=43752.0
https://bitcointalk.org/index.php?topic=43741.0
https://bitcointalk.org/index.php?topic=23465.0

Maybe this should be in some sort of sticky or this will pop up again and again.
well... it probably will anyway.

[Delarock]

So this is a false positive detection and the only work around is to exclude the \chainstate folder from virus scan?

Doesn't this seem like it creates a vulnerability?

[dnaleor]

so we are safe?

[shorena]

So this is a false positive detection and the only work around is to exclude the \chainstate folder from virus scan?

Doesn't this seem like it creates a vulnerability?

I doubt it would as the data there should not get executet. Also the data just matches the signature of a virus thats not the same as the actual virus.

[Delarock]

I doubt it would as the data there should not get executet. Also the data just matches the signature of a virus thats not the same as the actual virus.

I understand the second part, thanks for the clarification.

Maybe it's the paranoid part of me, but I can't help but feel that the type of action that we have to take to "fix" this is exactly the type of action that could be exploited down the line, especially because the folder that everyone has to ignore is in the same place. Even if the data cannot get executed, it still causes a security weakness.

It's like the boy who cried wolf.

[lubah]

same shit here:   I get this -



Apparently the fix is you have to exclude the C:/Users/yourusername/AppData/Roaming/Bitcoin directory from Windows Defender

I blew away the entire directory just to be safe and am working off a backup wallet -- only 153 weeks behind now :-(

toolie fucking kids gotta fuck around...

[lateblooming]

https://answers.microsoft.com/en-us/protect/forum/mse-protect_updating/microsoft-security-essentials-reporting-false/0240ed8e-5a27-4843-a939-0279c8110e1c?tm=1400189799602

[amacar]

I got this virus message today, blockchain was up to date, so it is not the same old message. Anyone else got it? Is it safe to make exception in antivirus?