Notepad++ infected with a virus Trojan.rHeur.Agent.dg ?

Sergey Muzychenko · Aug 17, 2019, 7:07 AM

GridinSoft Anti-Malware

Starting the file scan:

Quick Scan started
Scanning process…
----- c:\program files (x86)\notepad++\uninstall.exe ---- General Threat
Trojan.Win32.Agent.dg!s5
ProdVer: 7.71
FileVer: 7.7.1.0
Name: Notepad\u002B\u002B
Company: Don HO don.h@free.fr
Signature verification: False
NAC: FBF23A70065C147B42097EDF09795B99:29
MD5: 1FF8A862CD7F44D6E0531B40C7D7289B:264162
RIC: 1B4066815F3407736426E45C8B2F5B82:133786
RFH: 3072:ZZGjXpoGoByXPQs2UTXQ8yb7aFcPiSIvF68fJx:ZZGbpYByPT7lyvIcqSIvF68fn
SUBS: Win32 GUI
PE: x86
EP: 81ECD40200005356576A205F33DB6801800000895C2414C744241030A24000895C241CFF15AC804000FF15A880400025FFFFFFBF663D0600A34CA24200741153E8
EPSEC: 0
EPRVA: 000034A5
IBASE: 00400000
SEC:
.text:60000020:BFE2B726D49CBD922B87BAD5EEA65E61:26112
.rdata:40000040:D45DCBA8CA646543F7E339E20089687E:5120
.data:C0000040:8575FC5E872CA789611C386779287649:1536
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:7F8FBD44E7165874FED8C030BC3A0930:156160

----- HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++|UninstallString ---- Hijack Suspicious
Trojan.rHeur.Agent.dg

Ekopalypse · Aug 17, 2019, 10:37 AM

@Sergey-Muzychenko

if you downloaded it from the official site then it is a false positive
and btw. never trust only one source of information. What is really in reality is
real in IT as well. Check the file against virustotal .

Sergey Muzychenko · Aug 17, 2019, 9:33 PM

@Ekopalypse said:

virustotal.

Thanks for the info, checked virustotal, everything is in order.