• Login
Community
  • Login

Notepad++ v7.5.2 is detected as Trojan

Scheduled Pinned Locked Moved Help wanted · · · – – – · · ·
7 Posts 5 Posters 8.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    David Tee
    last edited by Nov 28, 2017, 9:05 AM

    Notepad++ v7.5.2 x86 is detected as Trojan from Malwarebytes Premium v3.2.2 using Windows 10 Fall Creators Update x64.

    Scan results

    Registry Key: 1
    Trojan.FakeNPP, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Notepad++, No Action By User, [3199], [65982],1.0.3363

    File: 2
    Trojan.FakeNPP, C:\PROGRAM FILES (X86)\NOTEPAD++\UNINSTALL.EXE, No Action By User, [3199], [65982],1.0.3363
    Trojan.FakeNPP, C:\USERS\DAVID\DOWNLOADS\NOTEPAD++ V7.5.2.RAR, No Action By User, [3199], [65982],1.0.3363

    1 Reply Last reply Reply Quote 1
    • T
      Tim P Tipple
      last edited by Nov 28, 2017, 12:27 PM

      The results at virustotal.com say 1/67 i.e. detected as Trojan.FakeNPP by Malwarebytes but not detected by 66 other engines.

      SHA-256 4d8970e13c7d93eede4f460ce9dd49979ff5230d63583cc06a569060e33ff275

      Sounds like a false positive by Malwarebytes at this stage.

      1 Reply Last reply Reply Quote 1
      • D
        David Tee
        last edited by Nov 28, 2017, 12:56 PM

        If it false result by Malwarebytes then why doesn’t it detect any from notepad++ v7.5.1. I’ve downgraded until the author fixes the trojan problem.

        M C 2 Replies Last reply Nov 28, 2017, 1:20 PM Reply Quote 0
        • M
          Meta Chuh moderator @David Tee
          last edited by Nov 28, 2017, 1:20 PM

          @David-Tee
          even 7.5.1 triggers a false positive

          upload your current notepad++ xml.xml file to www.virustotal.com (Notepad++\plugins\APIs\xml.xml)
          Webroot will find W32.Rogue.Gen, even though it is just a clean, pure text, xml file

          for the fun of it, you could edit a copy of your xml.xml file and reupload it to virustotal, to find out which text part triggers this false alarm

          1 Reply Last reply Reply Quote 1
          • C
            Claudia Frank @David Tee
            last edited by Nov 28, 2017, 1:44 PM

            @David-Tee

            may I ask you from where you’ve downloaded notepad++?
            The reason why I’m asking is that, afaik, you only get a .zip, .7z or .exe
            from the official download page but no .rar.

            Cheers
            Claudia

            D 1 Reply Last reply Nov 28, 2017, 8:14 PM Reply Quote 3
            • Y
              Yves Beaudoin
              last edited by Nov 28, 2017, 4:13 PM

              Hi,

              I had the same issue as David, and there were more detection at Virustotal, but not enough to worry.
              My download was a .exe file

              So, it might be a false alarm, but… I deleted it and rolled back to the previous version, and then I ran a high level scan with Kaspersky

              Have a Nice Day Yves.

              1 Reply Last reply Reply Quote 0
              • D
                David Tee @Claudia Frank
                last edited by Nov 28, 2017, 8:14 PM

                @Claudia-Frank I downloaded from it official site as .exe file and with every programs I use I always zip it with winrar and keep them as backup. I can’t install v7.5.2 at all. I also had submitted a report about this to Malwarebytes as well.

                1 Reply Last reply Reply Quote 1
                6 out of 7
                • First post
                  6/7
                  Last post
                The Community of users of the Notepad++ text editor.
                Powered by NodeBB | Contributors