Community

    • Login
    • Search
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    VirusTotal Detects a Malware in the Official npp.7.9.5.Installer.x64.exe

    Security
    5
    9
    952
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Aleksandr Baghramyan
      Aleksandr Baghramyan last edited by

      The installer downloaded from the official NPP website has 1 detection as Trojan.Rozena.Win32.119520 on VirusTotal by Zilya. Could you please kindly clarify the reason for this detection?

      1 Reply Last reply Reply Quote 4
      • Daniel Fuchs
        Daniel Fuchs last edited by Daniel Fuchs

        I can’t reproduce your observation by taking the link to VT:
        https://www.virustotal.com/gui/url/31b8b0d964ee218f1208e8c0130182677f07c750e77c856d28e4d4b04340c95a/detection

        However I do not see Zilya as a listed scanner. Never heard of it though.

        1 Reply Last reply Reply Quote 2
        • Aleksandr Baghramyan
          Aleksandr Baghramyan last edited by

          I downloaded the installation file by following this link: https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v7.9.5/npp.7.9.5.Installer.x64.exe, and the link to the VirusTotal report is: https://www.virustotal.com/gui/file/4881548cd86491b453520e83c19292c93b9c6ce485a1f9eb9301e3913a9baced/detection.

          HayConic Brand 1 Reply Last reply Reply Quote 5
          • HayConic Brand
            HayConic Brand @Aleksandr Baghramyan last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • Aleksandr Baghramyan
              Aleksandr Baghramyan last edited by

              You can look at this analysis as well: https://metadefender.opswat.com/results/file/0038e9c3d7b208b2f56a1b3b714cca86/hash/overview?lang=en.

              1 Reply Last reply Reply Quote 0
              • b00kgrrl
                b00kgrrl last edited by

                Earlier today, I was prompted to update Notepad++, since I had just installed an older version. Shortly afterwards, I got an Windows Security warning that my computer security settings were now allowing malware. I then uninstalled Notepad++, which was unfortunate since it’s my favourite text editor.

                PeterJones 1 Reply Last reply Reply Quote 0
                • PeterJones
                  PeterJones @b00kgrrl last edited by

                  @b00kgrrl , @Aleksandr-Baghramyan , and others,

                  I am quite certain that it’s a false positive.

                  This is a community of fellow users; posting in the Community Forum doesn’t necessarily alert the owner (@donho) or the other volunteer developers, so they probably don’t know about the issue yet.

                  Sometimes in the past, other regulars here have been able to work some magic to convince VirusTotal to stop giving the false positive for a particular installer – but I don’t know how, and none of them chimed in this time around.

                  If the virustotal report is preventing you from installing/running Notepad++ because of I.T. settings, then someone needs to create an official issue with the NPP developers, so that they can know of the issue, and look into how to correct virustotal so it stops giving the false positive.

                  PeterJones 1 Reply Last reply Reply Quote 0
                  • PeterJones
                    PeterJones @PeterJones last edited by

                    @PeterJones said in VirusTotal Detects a Malware in the Official npp.7.9.5.Installer.x64.exe:

                    someone needs to create an official issue

                    I decided I would do it: https://github.com/notepad-plus-plus/notepad-plus-plus/issues/9825

                    PeterJones 1 Reply Last reply Reply Quote 0
                    • PeterJones
                      PeterJones @PeterJones last edited by

                      I just told https://www.virustotal.com/gui/file/4881548cd86491b453520e83c19292c93b9c6ce485a1f9eb9301e3913a9baced/detection to re-scan, and this time it came up clean, but the Zillya scanner is no longer listed… so presumably sites that still use the zillya scanner will continue to get false positives.

                      @b00kgrrl , I don’t know if it’s possible to update your Windows Security / Windows Defender / whatever’s doing the scan, but maybe you could scan the installer again, and see if you can make it work without triggering Windows Security alert.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright © 2014 NodeBB Forums | Contributors