« previous next »
Pages: [1]   Go Down

Author Topic: Avast quarantined Bitcoin-QT.exe 0.13.0 binary  (Read 6302 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast quarantined Bitcoin-QT.exe 0.13.0 binary
« on: August 25, 2016, 03:33:14 AM »
I just upgraded to Bitcoin-QT 0.13.0 on Windows 7 64 bit.
Before anyone asks, yes I verified the download signature against the SHA256SUMS.asc file, whose signature correctly matched that of Wladimir J. van der Laan's PGP key (that I downloaded long ago, before the recent threat announcement).

When I tried to run it for the first time, Avast did a deep scan and quarantined the binary.
Is anyone else having this issue or found a solution?
Could a file that passed signature verification still have an infection?! Is this a false positive?

Avast 12.3.2280 (build 12.3.3154.0)
Definitions 160824-0
Logged

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: Avast quarantined Bitcoin-QT.exe 0.13.0 binary
« Reply #1 on: August 25, 2016, 05:58:09 AM »
Test the file at VT (https://www.virustotal.com) and post the link to the result here.
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast quarantined Bitcoin-QT.exe 0.13.0 binary
« Reply #2 on: August 25, 2016, 10:46:23 AM »
Quote
Could a file that passed signature verification still have an infection?!
Yes it sure can.
The verification only says that it is the file as you should have.
It doesn't say anything about what the file is (not) doing.
Logged

REDACTED

  • Guest
Re: Avast quarantined Bitcoin-QT.exe 0.13.0 binary
« Reply #3 on: August 25, 2016, 03:14:31 PM »
Quote from: Asyn on August 25, 2016, 05:58:09 AM
Test the file at VT (https://www.virustotal.com) and post the link to the result here.

https://www.virustotal.com/en/file/1174cf33f9d341032413225ce2ff933b6baea10e4a8ebfef1e79ca2034669004/analysis/

It looks good there, but Avast DeepScreen quarantines it.

Also, I've managed to successfully verify that the binary matches the published checksums and PGP signatures, so this now looks like a false positive (or else Bitcoin Core is compromised). ;-)
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Avast quarantined Bitcoin-QT.exe 0.13.0 binary
« Reply #4 on: August 25, 2016, 03:30:41 PM »
what malware name does avast give when quarantine it?

How to report FP > https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

« Last Edit: August 25, 2016, 03:32:59 PM by Pondus »
Logged

REDACTED

  • Guest
Re: Avast quarantined Bitcoin-QT.exe 0.13.0 binary
« Reply #5 on: August 25, 2016, 03:34:43 PM »
Quote from: Pondus on August 25, 2016, 03:30:41 PM
what malware name does avast give when quarantine it?

None. It's DeepScreen.
Logged

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2294
Re: Avast quarantined Bitcoin-QT.exe 0.13.0 binary
« Reply #6 on: August 25, 2016, 04:15:26 PM »
Hello,
post the screenshot of detection, please. Detection name can be also seen in avast's virus chest.

Milos
Logged

REDACTED

  • Guest
Re: Avast quarantined Bitcoin-QT.exe 0.13.0 binary
« Reply #7 on: August 25, 2016, 04:21:44 PM »
Quote from: Milos on August 25, 2016, 04:15:26 PM
Hello,
post the screenshot of detection, please. Detection name can be also seen in avast's virus chest.

Milos

It just says "blocked a threat" and "Moved to chest".
Logged

REDACTED

  • Guest
Re: Avast quarantined Bitcoin-QT.exe 0.13.0 binary
« Reply #8 on: August 25, 2016, 04:25:02 PM »
Quote from: ic747 on August 25, 2016, 04:21:44 PM
Quote from: Milos on August 25, 2016, 04:15:26 PM
Hello,
post the screenshot of detection, please. Detection name can be also seen in avast's virus chest.

Milos

It just says "blocked a threat" and "Moved to chest".

Wait, in the "properties" in the chest, I can see: Dyna:BitCoinMiner-CR [PUP]||mul
Logged

REDACTED

  • Guest
Re: Avast quarantined Bitcoin-QT.exe 0.13.0 binary
« Reply #9 on: May 29, 2017, 08:28:37 PM »
I have this exact same issue with Bitcoin Core 0.14.0 any ideas if this is a concern or a false positive? any help appreciated.

I have had the program installed for some time but only installed Avast today

I have uploaded to VirusTotal and it found no issues, 0/62 scans
« Last Edit: May 29, 2017, 08:35:09 PM by johnnynohat »
Logged

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2294
Re: Avast quarantined Bitcoin-QT.exe 0.13.0 binary
« Reply #10 on: May 30, 2017, 08:39:17 AM »
Hello,
post the VirusTotal link, please.

Milos
Logged
Pages: [1]   Go Up
« previous next »