Found a "Trojan Gen 2" in the reddcoin site download of 1.4.1.0-win 32

Hi guys…

I’ve been using reddcoin for nearly a year and needed to update my wallet. I went to the reddcoin site and downloaded the windows version 1.4.1.0-win 32 but found that it contains a trojan gen 2 high risk virus. I’ve tried to download it a number of times (including from the reddit thread but no luck. I would have thought the official site would have be clean. Any solutions… really need an updated wallet… thanks

didi_ said:

Hi guys…

I’ve been using reddcoin for nearly a year and needed to update my wallet. I went to the reddcoin site and downloaded the windows version 1.4.1.0-win 32 but found that it contains a trojan gen 2 high risk virus. I’ve tried to download it a number of times (including from the reddit thread but no luck. I would have thought the official site would have be clean. Any solutions… really need an updated wallet… thanks

Hmmm im pretty sure its a just a false positive, maybe bmp02050 or Mathy might know for sure?

1 Like

I don’t think its a false positive… I downloaded the file and unzipped it three times and each time norton security identified clearly “trojan Gen 2” In the windows reddcoin wallet 1.4.1.0-win32. If you doubt it run a security check on the download yourselves (the more minds on it the better). If this is a Trojan in a wallet that’s pretty serious, especially for those not running security checks on the files. People could lose their wallet content to thieves. I am surprised no one has looked over this problem as yet… I would say that ultimately it is the responsibility of the individual to choose whether or not to trust this download at the moment. Do your own checks guys… I couldn’t sit here, know the files have been compromised and say nothing to you… I hope you understand…

didi_ I will be watching this thread for an update…some AV can misflag files in error…I hope thats all this is…

I really doubt the wallet download contains any viruses. A lot of wallets get detected like this because they also contain code for coin mining.

Check out the Peercoin core wallet:

https://www.virustotal.com/en/file/27bf05e1e36e2a8c82901b89fdfc227291b1bdace89e42685bf0b3d0fee7c738/analysis/

2 Likes

ok… thanks for the link “livefromheaven” (great username)

I carried out a scan of the “executable reddcoin-1.4.1.0-win32-setup.exe” zip file at the virustotal site, here is the link below…

https://www.virustotal.com/en/file/ee322fffe3959316f8f8f9fb0c3a85c989ff6098bb1bab54eeb9658fea3ae7f3/analysis/1434439865/

this is part of what was found…
AVware Trojan.Win32.Generic!BT
Avast Win32:Malware-gen
Avira TR/BitCoinMiner.11976763
Cyren W32/Trojan.OHMS-0998
ESET-NOD32 a variant of Win32/BitCoinMiner.BJ potentially unsafe
GData Archive.Trojan.Agent.I6QUWZ
McAfee Artemis!FCABE6906390
McAfee-GW-Edition Artemis!FCABE6906390
Symantec Trojan.Gen.2
TrendMicro TROJ_GE.97E18D09
TrendMicro-HouseCall TROJ_GE.97E18D09
VIPRE Trojan.Win32.Generic!BT

More checks may have been made but the process timed out. Again it is up to users to make an informed decision on this matter. another check similar to the one above was made by others . link below;

http://www.herdprotect.com/reddcoin-1.4.1.0-win32-setup.exe-6db0ff09fd22b3ce5d8d81cf603a96356d2022e7.aspx

Bye guys…

1 Like

didi_ lol what? I have to chime in here. I don’t even understand this topic. We are talking about an open source project here. The source is readily available on github, and all the wallet download links, download from github. Still don’t trust the exe? You can download the source code which you can read every line of if you really want to and build yourself and upload to virus total and compare. Look they even have tutorials to build from source:

windows: https://github.com/reddcoin-project/reddcoin/blob/master/doc/build-msw.md

unix: https://github.com/reddcoin-project/reddcoin/blob/master/doc/build-unix.md

osx: https://github.com/reddcoin-project/reddcoin/blob/master/doc/build-osx.md

4 Likes

didi_

I mean, i hope this is a coincidence as far as the name is concerned because i’ve never seen you before, anywhere.

Anyway.

The code is virus-free, and if you’re so paranoid then compile your own client like i, and others, have done.

It’s as clean as it can be so kindly:

  1. Go FUD elsewhere, or:
  2. Provide hard evidence such as the actual code lines responsible for your suspicions, not simply some everyday bitcoin miner/trojan false positives seen in pretty much every wallet out there.
4 Likes

That,s a pretty strong claim that most QT wallets would show “false positives” as you describe them.

I carried out a few wallet scans of a few various cryptocurrencies; Here are the links/results

Bitcoin core (came out clean)
bitcoin-0.10.2-win64-setup.exe

https://www.virustotal.com/en/file/c62272636c2136fdeb76f0ed8ba41d388dd9d0dbf80c814f29c7db1a99804481/analysis/1434454287/

Dodgecoin (came out clean)
dogecoin-1.8.2-win64-setup.exe

https://www.virustotal.com/en/file/993736255f4e0c16e934a72447ba569cb2dd38a056f2530bc83db3f55ec2452f/analysis/1434454785/

Infinitecoin (came out clean)
infinitecoin-1.8.8-win32.zip

https://www.virustotal.com/en/file/4a39747a32c326da928915b02843270e78ac155715a26ad56bbd70ebfc3591f5/analysis/1434441815/

Litecoin (the antivirus Id’d the bitcoin miner some of you mention)
litecoin-0.8.7.5-win32-setup.exe

https://www.virustotal.com/en/file/fbbaaa38349ae4e7804a20a9b95a444156b796f7e0db624beb490a5121d0f15e/analysis/1434454570/

Their are other scans that can be made of other qt wallets but none ring alarm bells as much as the reddcoin wallet. I have found another reddcoin wallet (identical wallet version from another reddcoin page) that does not contain the trojan gen 2 virus but it does not run.

I am surprised that no devs have stepped forward to address this issue. Its like the lights are on but no one about. Unfortunately my coins remain on the blockchain with no trusted means of accessing them. Its fine- i have the dat file- at a point in the future, when the wallet is safe i will access them and use them… but not at the moment. Unless a dev comes into the conversation i won’t be posting further…

didi_ ?? Dude, the wallet source is available to compile yourself if you don’t trust the download from the official website. I can attest I’ve been running this version for several months without issue.

In fact, just for giggles, I went a step further and did a folder diff between the source code for version 1.4 (which does not throw false positives) & version 1.41 (which does). There’s literally like 8 lines of code that changed, and they’re mostly just bumping a version number. I’m afraid the burden of proof is on you to point to any code you find malicious.

3 Likes

didi_ said:

That,s a pretty strong claim that most QT wallets would show “false positives” as you describe them.

I carried out a few wallet scans of a few various cryptocurrencies; Here are the links/results

Bitcoin core (came out clean)
bitcoin-0.10.2-win64-setup.exe

https://www.virustotal.com/en/file/c62272636c2136fdeb76f0ed8ba41d388dd9d0dbf80c814f29c7db1a99804481/analysis/1434454287/

Dodgecoin (came out clean)
dogecoin-1.8.2-win64-setup.exe

https://www.virustotal.com/en/file/993736255f4e0c16e934a72447ba569cb2dd38a056f2530bc83db3f55ec2452f/analysis/1434454785/

Infinitecoin (came out clean)
infinitecoin-1.8.8-win32.zip

https://www.virustotal.com/en/file/4a39747a32c326da928915b02843270e78ac155715a26ad56bbd70ebfc3591f5/analysis/1434441815/

Litecoin (the antivirus Id’d the bitcoin miner some of you mention)
litecoin-0.8.7.5-win32-setup.exe

https://www.virustotal.com/en/file/fbbaaa38349ae4e7804a20a9b95a444156b796f7e0db624beb490a5121d0f15e/analysis/1434454570/

Their are other scans that can be made of other qt wallets but none ring alarm bells as much as the reddcoin wallet. I have found another reddcoin wallet (identical wallet version from another reddcoin page) that does not contain the trojan gen 2 virus but it does not run.

I am surprised that no devs have stepped forward to address this issue. Its like the lights are on but no one about. Unfortunately my coins remain on the blockchain with no trusted means of accessing them. Its fine- i have the dat file- at a point in the future, when the wallet is safe i will access them and use them… but not at the moment. Unless a dev comes into the conversation i won’t be posting further…

The peercoin client throws out false positives irc.

2 Likes

didi_ I don’t even know why i’m wasting my time replying to you, and to me it’s pretty clear that the name is not a coincidence, (i could be wrong of course).

Who the crap are you?

Anyway i won’t bother to argue with you, even less spend my time scanning random wallets. Don’t like what you see? Then stop complaining like a baby and gtfo.

Or learn to compile.

Good luck, you’ll need it.

Didi out.

2 Likes

Guys, Bitcoin core QT code gets flagged by antivirus, it’s been this way for years now. There is no virus there, Didi, you’re good. Notice how it flags it as a Bitcoinminer Trojan. It’s just a false positive. Many softwares can trigger this through heuristics, but you should stop using Norton anyway, it’s a terrible company and terrible virus database. Try ESET NOD32 if you must use a WindowsOS.

1 Like

The issue on virus detection stems from the situation where antivirus vendors flag bitcoin miners as forming a bot net.
This WAS/IS an issue and the frequency was high during periods when CPU mining as capable.
Looking at most error messages for a moment, they flag these as a trojans/bitcoinminer/malware.

This is unfortunate but necessary (consider the world outside of cryptocurrency) as at a corporate level, you would not want to have someone running a huge mining bot net without detection

The detection also depends a lot on whether the anti virus vendor considers the mining component on a wallet as valid or not. And this detection can be re-triggered with new code changes within a wallet. This is not isolated to reddcoin, and it does impact a broad number of miners. Again, detection is dependant on how (wallet based) mining is implemented

You are right to raise this on the forum, and it is good to be vigilant and it should be open to discussion as the risk can also be there.

4 Likes

This is the first reply that addresses a users concerns.

Not every reddcoin user should feel compelled to build a wallet from scratch. Such statements by some members demonstrate the failures of the community. Other qt wallets come under the scrutiny of virus check and come out clean. I want reddcoin to be successful and for that it must run without virus flags.

If all qt wallets flagged in the same way reddcoin does then their would be no issue. (And everyday users would avoid them all !)

If we want to extend and expand the community into the “everyday life” of “everyday people” we must think how to make those people feel comfortable with the product. We need to think (as I know the devs do) from the position of the consumer, from the position of the user…

Some of the discussion in the threat reminds me so much of the Dos years (1990’s)… The pre windows era. (what a mess) Like it or not the end of command lines in favour of windows interfaces was a new dawn…

This threat is reflective of that problem. Please devs clean up the QT wallet…(whether or not it holds a trojan or not… make it not to flag problems) Otherwise reddcoin wallets will scare away new users… to other crypocurrencies and we will die on the vine.

Thanks for a loftier contribution gnasher…

1 Like

Did you know that the browser wallet is out? The solution to this problem has already been thought about and is in the timeline.

I need a cold storage solution. and a qt wallet on a desktop, that’s put into storage for most of the time is what i need. This is how I secure my wallets from theft. I don’t think a browser application can offer that degree of security. but it does offer flexibility and everyday use. The browser solution has its place in the wallet types.

1 Like

didi_ Gnasher Although this is a false positive, the concern over how it will affect the average user is certainly valid. Most people will not trust an application that’s throwing up red flags, especially when money is involved.

GrayPhoenix didi_
No argument from me on this. Any AV flag like this is a turn off (for any coin).

This could be addressed in several ways…

My opinion is that (eventually) not every person will run a full QT or cli node.
Just like Bitcoin (20GB block download), this becomes an end user nightmare. The management and storage requirements continue to escalate. and most people simply don’t need to. These would be used by power users and end-services (yes, there will be some who want to).
At the moment, it is required for staking and that reward is the incentive for securing the network (just like miners on Bitcoin). As you know, not all participants in Bitcoin are miners, and not all users operate a QT wallet hence my original thought on not all users will maintain a Reddcoin full wallet

In general, the electrum based wallets will be the next best option for the average user.

In regards to the AV flag.
It is a necessary evil, for the point i raised above.
Any code, in any software that can run as a (CPU) miner, intentional or not should be flagged.
In the bad 'ol days of CPU mining, it was very easy to inject a miner onto every CPU(GPU) platform to build a mining farm.
As a network administrator, i would not want someone trying to run a mining bot net with out being flagged.

1 Like

Gnasher So will the Electrum wallets not have this problem?