Notepad++ v7.5.2 is detected as Trojan



  • Notepad++ v7.5.2 x86 is detected as Trojan from Malwarebytes Premium v3.2.2 using Windows 10 Fall Creators Update x64.

    Scan results

    Registry Key: 1
    Trojan.FakeNPP, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Notepad++, No Action By User, [3199], [65982],1.0.3363

    File: 2
    Trojan.FakeNPP, C:\PROGRAM FILES (X86)\NOTEPAD++\UNINSTALL.EXE, No Action By User, [3199], [65982],1.0.3363
    Trojan.FakeNPP, C:\USERS\DAVID\DOWNLOADS\NOTEPAD++ V7.5.2.RAR, No Action By User, [3199], [65982],1.0.3363



  • The results at virustotal.com say 1/67 i.e. detected as Trojan.FakeNPP by Malwarebytes but not detected by 66 other engines.

    SHA-256 4d8970e13c7d93eede4f460ce9dd49979ff5230d63583cc06a569060e33ff275

    Sounds like a false positive by Malwarebytes at this stage.



  • If it false result by Malwarebytes then why doesn’t it detect any from notepad++ v7.5.1. I’ve downgraded until the author fixes the trojan problem.



  • @David-Tee
    even 7.5.1 triggers a false positive

    upload your current notepad++ xml.xml file to www.virustotal.com (Notepad++\plugins\APIs\xml.xml)
    Webroot will find W32.Rogue.Gen, even though it is just a clean, pure text, xml file

    for the fun of it, you could edit a copy of your xml.xml file and reupload it to virustotal, to find out which text part triggers this false alarm



  • @David-Tee

    may I ask you from where you’ve downloaded notepad++?
    The reason why I’m asking is that, afaik, you only get a .zip, .7z or .exe
    from the official download page but no .rar.

    Cheers
    Claudia



  • Hi,

    I had the same issue as David, and there were more detection at Virustotal, but not enough to worry.
    My download was a .exe file

    So, it might be a false alarm, but… I deleted it and rolled back to the previous version, and then I ran a high level scan with Kaspersky

    Have a Nice Day Yves.



  • @Claudia-Frank I downloaded from it official site as .exe file and with every programs I use I always zip it with winrar and keep them as backup. I can’t install v7.5.2 at all. I also had submitted a report about this to Malwarebytes as well.


Log in to reply