Virus Total False Positive



  • Our security group alerted us to an installation of 7.6.6 of NotePad++ apparently due to the loss of the certificate combined with the false positive on Virus Total by the 32-bit installer (npp.7.6.6.Installer.exe) by Jiangmin. I am not familiar with this vendor.

    I do want to thank whomever is responsible for the posting on using Kleopatra to verify the GPG signatures as I am not a regular user of Kleopatra. Is it really necessary to go through all those steps? (I usually just verify the SHA256 hash, but I did the other steps after we got the alert.)



  • welcome to the notepad++ community, @E-R

    usually the virustotal scan has more value than a windows code signing certificate.
    a windows code signing certificate mainly omits the windows publisher warning, but anyone in possession of a windows code signing cert will still be able to code sign malware.

    we are aware of the current jiangmin false positive, as well as the dns8 flag for the main download site.
    this is not the first time, that clean software is detected as false positive by engines.
    the best practice, if your security group is alerted by a single positive, is to wait for an adequate period of time, without implementing the software in question.
    a valid positive will, in time, always result in more engines detecting an application as a thread.

    to answer your question, if it is really necessary to go through all the needed steps to verify the gpg signature: it is always a choice of logic and trust, combined with clearance.

    note that your security group and corporate security policy comes first under all circumstances.
    if it is required to verify the authenticity of applications completely, regardless if they are already implemented, or a future implementation is being evaluated, you will have to go through all steps.

    many thanks for your question and best regards



  • I just got one on version 7.77 Trojan.fakeNPP. it can happen. I got super hacked from a file on play fucking store?!! Been months and I still can’t get rid of them. But yeah. The latest one is infected. Checked it with Malwarebytes. Sucks… I love this app. And now I have to rusk going on the net to get another and try not to get my co.putet totally torn down I. The fucking process



  • welcome to the notepad++ community, @Jason-Watts

    please only download notepad++ from the official source: https://notepad-plus-plus.org/download/ .

    there is also no legit release, which you could download via play store, as notepad++ is a windows/wine application only, and not available for android devices.
    please also be aware of many other scam application that exist on insecure mobile platforms, on cellulars and tablets without a sandbox capable operating system.

    note: on your pc, you can scan your download sources beforehand, without downloading it, by submitting the download link to www.virustotal.com as it will there be scanned by appx. 70 different antivirus and anti-malware engines at once.

    example: https://notepad-plus-plus.org/repository/7.x/7.7/npp.7.7.Installer.exe
    will give you zero virus and malware detections.
    virus total scan result page: https://www.virustotal.com/gui/url/143f5732a19edc34ecc3ee8dfdeae4c33a5eb6e0ad48ca4ce08832ab43a09856/detection

    best regards and good luck cleaning your device.


Log in to reply