Community
    • Login

    Detection on latest version in Virustotal (usually "auto-update: triggered" one): is it safe?

    Scheduled Pinned Locked Moved Security
    2 Posts 2 Posters 6.5k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      saladah0330
      last edited by

      I’ve noticed that whenever a newer version of Notepad++ is released (usually with “auto update: Triggered”), it is detected by Virustotal’s Zillya. I know this detection is usually a false positive, but I was wondering if it is related to the recent mimeTools tampering by unofficial fake plugins.

      I noticed that the 8.6.7 version that I downloaded last week didn’t have “auto-update: triggered” attached to it, and the state was “undetected”.

      I would appreciate if you could provide more information on why this occurs.

      mkupperM 1 Reply Last reply Reply Quote 0
      • mkupperM Offline
        mkupper @saladah0330
        last edited by

        @saladah0330 - I uploaded Notepad++ v8.6.7 to https://www.virustotal.com/gui/home/upload and that web site says Zillya / Trojan.Rozena.Win32.219427

        If you search the Notepad++ forums for Zillya you will find it’s a longstanding issue. As AV vendors do not document the details of their detection process we don’t know why that particular scanner complains about Notepad++.

        Notepad++'s triggering for updates process is not related to this issue. The installer package that you download is exactly the same regardless on if a download was before or after is triggered for updates.

        It’s a puzzle that Zillya did not complain about the file you downloaded. If you still have the installer.exe file see if Zillya still does not complain.

        The size of your file should be one of:

        • 4,701,256 bytes for npp.8.6.7.Installer.exe
        • 4,854,296 bytes for npp.8.6.7.Installer.x64.exe

        Check your web browser’s download history and get the exact URL that you downloaded the installer from. It should be either

        • https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.6.7/npp.8.6.7.Installer.x64.exe
        • https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.6.7/npp.8.6.7.Installer.exe

        The download page at https://notepad-plus-plus.org/downloads/v8.6.7/ has GPG signatures that can be used to see if the exe you have in hand matches what Notepad++'s developer intended you have…

        1 Reply Last reply Reply Quote 4

        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

        With your input, this post could be even better 💗

        Register Login
        • First post
          Last post
        The Community of users of the Notepad++ text editor.
        Powered by NodeBB | Contributors