VirusTotal Detects a Malware in the Official npp.7.9.5.Installer.x64.exe
The installer downloaded from the official NPP website has 1 detection as Trojan.Rozena.Win32.119520 on VirusTotal by Zilya. Could you please kindly clarify the reason for this detection?
Daniel Fuchs last edited by Daniel Fuchs
I can’t reproduce your observation by taking the link to VT:
However I do not see Zilya as a listed scanner. Never heard of it though.
I downloaded the installation file by following this link: https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v7.9.5/npp.7.9.5.Installer.x64.exe, and the link to the VirusTotal report is: https://www.virustotal.com/gui/file/4881548cd86491b453520e83c19292c93b9c6ce485a1f9eb9301e3913a9baced/detection.
HayConic Brand last edited by
This post is deleted!
You can look at this analysis as well: https://metadefender.opswat.com/results/file/0038e9c3d7b208b2f56a1b3b714cca86/hash/overview?lang=en.
b00kgrrl last edited by
Earlier today, I was prompted to update Notepad++, since I had just installed an older version. Shortly afterwards, I got an Windows Security warning that my computer security settings were now allowing malware. I then uninstalled Notepad++, which was unfortunate since it’s my favourite text editor.
@b00kgrrl , @Aleksandr-Baghramyan , and others,
I am quite certain that it’s a false positive.
This is a community of fellow users; posting in the Community Forum doesn’t necessarily alert the owner (@donho) or the other volunteer developers, so they probably don’t know about the issue yet.
Sometimes in the past, other regulars here have been able to work some magic to convince VirusTotal to stop giving the false positive for a particular installer – but I don’t know how, and none of them chimed in this time around.
If the virustotal report is preventing you from installing/running Notepad++ because of I.T. settings, then someone needs to create an official issue with the NPP developers, so that they can know of the issue, and look into how to correct virustotal so it stops giving the false positive.
@PeterJones said in VirusTotal Detects a Malware in the Official npp.7.9.5.Installer.x64.exe:
someone needs to create an official issue
I decided I would do it: https://github.com/notepad-plus-plus/notepad-plus-plus/issues/9825
I just told https://www.virustotal.com/gui/file/4881548cd86491b453520e83c19292c93b9c6ce485a1f9eb9301e3913a9baced/detection to re-scan, and this time it came up clean, but the Zillya scanner is no longer listed… so presumably sites that still use the zillya scanner will continue to get false positives.
@b00kgrrl , I don’t know if it’s possible to update your Windows Security / Windows Defender / whatever’s doing the scan, but maybe you could scan the installer again, and see if you can make it work without triggering Windows Security alert.