Bitcoin uninstall.exe Virus

[Corelianer]

Hi

I had a virus warning before because of the Blockchain statedata.
Today I got the warning when I went to my control-panel to uninstall an other software.



I don't know if it's a correct or false-alarm.

I use the most current client 0.9.2.0

[bluefirecorp]

What's the md5sum of uninstall.exe?


Edit: Upload it to virustotal.

[Corelianer]

MD5: E655FEB71448A6DCF0BFF48F4380B954
SHA-256:C46D9960AF09021CC58C1F5E59564E62F2CA9C94E4A1D70947C0D26E2A1E7DDB

[bluefirecorp]

MD5: E655FEB71448A6DCF0BFF48F4380B954
SHA-256:C46D9960AF09021CC58C1F5E59564E62F2CA9C94E4A1D70947C0D26E2A1E7DDB

Totally different file from mine. Here's my virustotal results:

https://www.virustotal.com/en/file/7541cba7cb701de1403aa75e6e1391bb689863e10aa5941fa0d1c893e8ab60ea/analysis/1404744581/

There's a very good chance a virus replaced a few executable files on your computer with the virus to reinstall itself.

[Corelianer]

Virustotal is unsure, so I clicked on the evil sign.

Here are my results: https://www.virustotal.com/de/file/c46d9960af09021cc58c1f5e59564e62f2ca9c94e4a1d70947c0d26e2a1e7ddb/analysis/1404744636/

[Corelianer]

Allright, so I will clean up my computer. But it's neasty that this is possible.

Other people should be very carefull.

[techlover]

Thanks for the head up, will be careful about it.
Where did you get the uninstall.exe?

[Corelianer]

I downloaded the installer again on a different computer and verified the MD5 Checksum. Because the Checksums match I assume it's a false-positive.

I reported the false-positive to Symantec, but they are not very helpfull. They thought I reported a virus and not a false-positive.

[is4k]

I just had the same pleasure... installing a full node on windows 7   

I am sure that newbies are running for their lives at this point


https://i.imgur.com/zeqP0Gk.png

[jc01480]

When I was installing the latest version of QT I got a Norton virus warning and it quarantined my uninstall.exe file.  Must be something in there that has a dangerously close signature to a real Trojan.ADH.

[grue]

I would say it's most likely safe OR you're already infected. The windows installer is digitally signed so it's very unlikely that you got a tampered installer. Also, anything in the program files directory requires administrator rights to modify, so if a virus managed to to modify the uninstaller, you're already screwed.

[zvs]

I've always thought that bitcoin was doomed to fail because of the carelessness/ignorance/whatever you want to call it of most people.  You can just use Facebook as an example of how easy it is to get your random joe to install all sorts of crap on their computers by clicking random links that promise free credits, pr0n, whatever.  Thanks Javascript!

Ah, and then we have wireless and public networks and what not.  I'm sure most people will keep their bitcoin wallets on their main computer, easily accessible (and many w/o even a backup).  If they use some online wallet service, then someone could just grab their password over unprotected network, keylogger, etc.  (as well as targeting this online wallet service itself, if it's not set up properly)

Most of the people in the industrialized world have internet access now, sure as hell isn't the 80's anymore...

speaking of which, I was sad when Operation Sundevil owned killer 

[grue]

I also seem to be having a similar problem. I got reformatted my drive and, while downloading the bootstrap.dat, I got this... but like I said, it was just recently formatted, so I doubt something infected me that quick. Just a false positive.... right? Right........ 
Oh and I'm a big nub, so how do I check my md5sum? 
http://imgur.com/RHhBLuF

http://implbits.com/hashtab.aspx

[Xch4ng3]

Reinstall the client from Github and see if you get the same message. I know most AVs pick up on miners and they're false positives but I see no reason why unistall.exe would get flagged.

[grue]

MD5: E655FEB71448A6DCF0BFF48F4380B954
SHA-256:C46D9960AF09021CC58C1F5E59564E62F2CA9C94E4A1D70947C0D26E2A1E7DDB

Totally different file from mine. Here's my virustotal results:

https://www.virustotal.com/en/file/7541cba7cb701de1403aa75e6e1391bb689863e10aa5941fa0d1c893e8ab60ea/analysis/1404744581/

There's a very good chance a virus replaced a few executable files on your computer with the virus to reinstall itself.

No, it's because each uninstaller is custom generated at install time with install info to aid in uninstallation. That's why the hashes don't match. Mine uninstall.exe from a clean machine with verified digital signatures is: E2B89C3164C1A38F82BD613623010FFDE6E48FE7

[williamj2543]

Get your coins off that computer right now. I recommend never storing any bitcoins on that computer again until you have confirmed and removed any risks.

[Corelianer]

Finally I got a response from Symantec.

In relation to submission [3559553].

Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.

The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

If you are a software vendor, why not take part in our whitelisting program?
To participate in this program, please complete the following form: https://submit.symantec.com/whitelist

[wzb422]

so horrible!!