Community
    • Login

    Notepad++ v7.5.2 is detected as Trojan

    Scheduled Pinned Locked Moved Help wanted · · · – – – · · ·
    7 Posts 5 Posters 8.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • David TeeD
      David Tee
      last edited by

      Notepad++ v7.5.2 x86 is detected as Trojan from Malwarebytes Premium v3.2.2 using Windows 10 Fall Creators Update x64.

      Scan results

      Registry Key: 1
      Trojan.FakeNPP, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Notepad++, No Action By User, [3199], [65982],1.0.3363

      File: 2
      Trojan.FakeNPP, C:\PROGRAM FILES (X86)\NOTEPAD++\UNINSTALL.EXE, No Action By User, [3199], [65982],1.0.3363
      Trojan.FakeNPP, C:\USERS\DAVID\DOWNLOADS\NOTEPAD++ V7.5.2.RAR, No Action By User, [3199], [65982],1.0.3363

      1 Reply Last reply Reply Quote 1
      • Tim P TippleT
        Tim P Tipple
        last edited by

        The results at virustotal.com say 1/67 i.e. detected as Trojan.FakeNPP by Malwarebytes but not detected by 66 other engines.

        SHA-256 4d8970e13c7d93eede4f460ce9dd49979ff5230d63583cc06a569060e33ff275

        Sounds like a false positive by Malwarebytes at this stage.

        1 Reply Last reply Reply Quote 1
        • David TeeD
          David Tee
          last edited by

          If it false result by Malwarebytes then why doesn’t it detect any from notepad++ v7.5.1. I’ve downgraded until the author fixes the trojan problem.

          Meta ChuhM Claudia FrankC 2 Replies Last reply Reply Quote 0
          • Meta ChuhM
            Meta Chuh moderator @David Tee
            last edited by

            @David-Tee
            even 7.5.1 triggers a false positive

            upload your current notepad++ xml.xml file to www.virustotal.com (Notepad++\plugins\APIs\xml.xml)
            Webroot will find W32.Rogue.Gen, even though it is just a clean, pure text, xml file

            for the fun of it, you could edit a copy of your xml.xml file and reupload it to virustotal, to find out which text part triggers this false alarm

            1 Reply Last reply Reply Quote 1
            • Claudia FrankC
              Claudia Frank @David Tee
              last edited by

              @David-Tee

              may I ask you from where you’ve downloaded notepad++?
              The reason why I’m asking is that, afaik, you only get a .zip, .7z or .exe
              from the official download page but no .rar.

              Cheers
              Claudia

              David TeeD 1 Reply Last reply Reply Quote 3
              • Yves BeaudoinY
                Yves Beaudoin
                last edited by

                Hi,

                I had the same issue as David, and there were more detection at Virustotal, but not enough to worry.
                My download was a .exe file

                So, it might be a false alarm, but… I deleted it and rolled back to the previous version, and then I ran a high level scan with Kaspersky

                Have a Nice Day Yves.

                1 Reply Last reply Reply Quote 0
                • David TeeD
                  David Tee @Claudia Frank
                  last edited by

                  @Claudia-Frank I downloaded from it official site as .exe file and with every programs I use I always zip it with winrar and keep them as backup. I can’t install v7.5.2 at all. I also had submitted a report about this to Malwarebytes as well.

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post
                  The Community of users of the Notepad++ text editor.
                  Powered by NodeBB | Contributors