Notepad++ v7.5.2 is detected as Trojan
Notepad++ v7.5.2 x86 is detected as Trojan from Malwarebytes Premium v3.2.2 using Windows 10 Fall Creators Update x64.
Registry Key: 1
Trojan.FakeNPP, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Notepad++, No Action By User, , ,1.0.3363
Trojan.FakeNPP, C:\PROGRAM FILES (X86)\NOTEPAD++\UNINSTALL.EXE, No Action By User, , ,1.0.3363
Trojan.FakeNPP, C:\USERS\DAVID\DOWNLOADS\NOTEPAD++ V7.5.2.RAR, No Action By User, , ,1.0.3363
Tim P Tipple last edited by
The results at virustotal.com say 1/67 i.e. detected as Trojan.FakeNPP by Malwarebytes but not detected by 66 other engines.
Sounds like a false positive by Malwarebytes at this stage.
If it false result by Malwarebytes then why doesn’t it detect any from notepad++ v7.5.1. I’ve downgraded until the author fixes the trojan problem.
Meta Chuh last edited by
even 7.5.1 triggers a false positive
upload your current notepad++ xml.xml file to www.virustotal.com (Notepad++\plugins\APIs\xml.xml)
Webroot will find W32.Rogue.Gen, even though it is just a clean, pure text, xml file
for the fun of it, you could edit a copy of your xml.xml file and reupload it to virustotal, to find out which text part triggers this false alarm
Claudia Frank last edited by
may I ask you from where you’ve downloaded notepad++?
The reason why I’m asking is that, afaik, you only get a .zip, .7z or .exe
from the official download page but no .rar.
Yves Beaudoin last edited by
I had the same issue as David, and there were more detection at Virustotal, but not enough to worry.
My download was a .exe file
So, it might be a false alarm, but… I deleted it and rolled back to the previous version, and then I ran a high level scan with Kaspersky
Have a Nice Day Yves.
@Claudia-Frank I downloaded from it official site as .exe file and with every programs I use I always zip it with winrar and keep them as backup. I can’t install v7.5.2 at all. I also had submitted a report about this to Malwarebytes as well.