Community
    • Login

    VirusTotal Detects a Malware in the Official npp.7.9.5.Installer.x64.exe

    Scheduled Pinned Locked Moved Security
    9 Posts 5 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Aleksandr BaghramyanA
      Aleksandr Baghramyan
      last edited by

      The installer downloaded from the official NPP website has 1 detection as Trojan.Rozena.Win32.119520 on VirusTotal by Zilya. Could you please kindly clarify the reason for this detection?

      1 Reply Last reply Reply Quote 1
      • Daniel FuchsD
        Daniel Fuchs
        last edited by Daniel Fuchs

        I can’t reproduce your observation by taking the link to VT:
        https://www.virustotal.com/gui/url/31b8b0d964ee218f1208e8c0130182677f07c750e77c856d28e4d4b04340c95a/detection

        However I do not see Zilya as a listed scanner. Never heard of it though.

        1 Reply Last reply Reply Quote 2
        • Aleksandr BaghramyanA
          Aleksandr Baghramyan
          last edited by

          I downloaded the installation file by following this link: https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v7.9.5/npp.7.9.5.Installer.x64.exe, and the link to the VirusTotal report is: https://www.virustotal.com/gui/file/4881548cd86491b453520e83c19292c93b9c6ce485a1f9eb9301e3913a9baced/detection.

          HayConic BrandH 1 Reply Last reply Reply Quote 2
          • HayConic BrandH
            HayConic Brand @Aleksandr Baghramyan
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • Aleksandr BaghramyanA
              Aleksandr Baghramyan
              last edited by

              You can look at this analysis as well: https://metadefender.opswat.com/results/file/0038e9c3d7b208b2f56a1b3b714cca86/hash/overview?lang=en.

              1 Reply Last reply Reply Quote 0
              • b00kgrrlB
                b00kgrrl
                last edited by

                Earlier today, I was prompted to update Notepad++, since I had just installed an older version. Shortly afterwards, I got an Windows Security warning that my computer security settings were now allowing malware. I then uninstalled Notepad++, which was unfortunate since it’s my favourite text editor.

                PeterJonesP 1 Reply Last reply Reply Quote 0
                • PeterJonesP
                  PeterJones @b00kgrrl
                  last edited by

                  @b00kgrrl , @Aleksandr-Baghramyan , and others,

                  I am quite certain that it’s a false positive.

                  This is a community of fellow users; posting in the Community Forum doesn’t necessarily alert the owner (@donho) or the other volunteer developers, so they probably don’t know about the issue yet.

                  Sometimes in the past, other regulars here have been able to work some magic to convince VirusTotal to stop giving the false positive for a particular installer – but I don’t know how, and none of them chimed in this time around.

                  If the virustotal report is preventing you from installing/running Notepad++ because of I.T. settings, then someone needs to create an official issue with the NPP developers, so that they can know of the issue, and look into how to correct virustotal so it stops giving the false positive.

                  PeterJonesP 1 Reply Last reply Reply Quote 0
                  • PeterJonesP
                    PeterJones @PeterJones
                    last edited by

                    @PeterJones said in VirusTotal Detects a Malware in the Official npp.7.9.5.Installer.x64.exe:

                    someone needs to create an official issue

                    I decided I would do it: https://github.com/notepad-plus-plus/notepad-plus-plus/issues/9825

                    PeterJonesP 1 Reply Last reply Reply Quote 0
                    • PeterJonesP
                      PeterJones @PeterJones
                      last edited by

                      I just told https://www.virustotal.com/gui/file/4881548cd86491b453520e83c19292c93b9c6ce485a1f9eb9301e3913a9baced/detection to re-scan, and this time it came up clean, but the Zillya scanner is no longer listed… so presumably sites that still use the zillya scanner will continue to get false positives.

                      @b00kgrrl , I don’t know if it’s possible to update your Windows Security / Windows Defender / whatever’s doing the scan, but maybe you could scan the installer again, and see if you can make it work without triggering Windows Security alert.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      The Community of users of the Notepad++ text editor.
                      Powered by NodeBB | Contributors