please can somebody explain this to me

[trickyriky]

there are zero windows installers for bitcoin core or classic, that do not come with virus or trojans, how can you expect us to install your software when we know it has security flaws? especially coinstealer

AegisLab Troj.Msil.Gen!c 20170104
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9939 20170104
Kaspersky Trojan.MSIL.CoinStealer.po 20170104

[MarcoFalke]

@trickyriky Just to be sure, this is the signed setup.exe from e.g. https://bitcoin.org/bin/bitcoin-core-0.13.2/?

[trickyriky]

sure is MarcoFalke, downloaded today and ran through virustotal, it was a very disappointing surprise, 64bit has 3 issues, 32 bit has 1 issue :(

[harding]

Here's the link to VirusTotal's analysis of https://bitcoin.org/bin/bitcoin-core-0.13.2/bitcoin-0.13.2-win64-setup.exe :

https://www.virustotal.com/en/file/8960defc12287dd9248b99bab02a0854c072e6a3850757036c585cbd628217bf/analysis/

[trickyriky]

same result i got, id love to know what the devs think they are playing at, this is bang out of order :/

[MarcoFalke]

@trickyriky This is a known issue with "anti virus" software. Basically the anti virus software is designed to detect malware even though the malware might change/evolve from day to day. Therefore, av software comes with heuristic detection, behavioral detection, etc and only gets shipped with sample fingerprints of malware.
One of those fingerprints might look like "Reads the file bitcoin/wallet.dat". This fingerprint covers a whole bunch of coin stealer applications but unfortunately every version of Bitcoin Core as well.

[harding]

@trickyriky it's very likely to be a false positive, although you should of course not install the software until you believe it to be safe.

In the past, some volunteers have filled out the annoying forms on various anti-virus sites to ask them to manually re-evaluate the software, and when they have they've discovered that Bitcoin Core was detected as a virus in error and then changed their evaluation to clean.

[MarcoFalke]

I think av vendors solve this by whitelisting authentic software from time to time. So there is probably nothing we can do other than asking the vendor to apply Bitcoin Core to their whitelist.

[achow101]

That's called a false positive. Many AV's flag Bitcoin Core and related software as a trojan because it looks for a wallet.dat file. This is what it is supposed to do as it is the creator of the wallet.dat file and uses it.

[trickyriky]

thanks for the input guys, im slightly worried by the virustotal results, so i think im going to hold off installing at least until coinstealer is no longer pinging in the results, thats a terrifying trojan name to a crypto player :/

[MarcoFalke]

Of course it is always recommended to verify the hashes of the binaries of each release. Do not trust av vendor's opinion if a Bitcoin Core release was backdoored or not.

[trickyriky]

so no good explanation from the devs, they just close it, sayonara bitcoin price :(