Community
    • Login

    Trojan.Rozena.Win32.164323_npp.8.4.6.Installer.x64.exe

    Scheduled Pinned Locked Moved Security
    6 Posts 3 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Adriana Maria Pardo MaldonadoA
      Adriana Maria Pardo Maldonado
      last edited by

      Hello,

      Does anyone know if this is a false positive?

      2022-11-02 16_37_45-Window.png

      https://www.virustotal.com/gui/file/7e33c60a78c48d0f899d9d8c3980deecf5c7ae8bbff742c77d5bc35794728594/detection.

      thanks.

      Adriana Maria Pardo MaldonadoA 1 Reply Last reply Reply Quote 0
      • Adriana Maria Pardo MaldonadoA
        Adriana Maria Pardo Maldonado @Adriana Maria Pardo Maldonado
        last edited by

        2022-11-02 16_41_15-Window.png 2022-11-02 16_42_15-Window.png

        PeterJonesP 1 Reply Last reply Reply Quote 0
        • PeterJonesP
          PeterJones @Adriana Maria Pardo Maldonado
          last edited by PeterJones

          @Adriana-Maria-Pardo-Maldonado ,

          Where did you download the installer?

          If you downloaded your Notepad++ installer from an official source (official website: https://notepad-plus-plus.org/downloads/v8.4.6/ or anywhere else on notepad-plus-plus.org; official github repo https://github.com/notepad-plus-plus/notepad-plus-plus/releases/tag/v8.4.6 ) then it was a false positive.

          If it was from anywhere else, it might be suspect.

          We occasionally hear of false-positives on the installers – but normally it comes in a batch just after a version is relesaed; v8.4.6 has been out for a month now. But maybe virus total updated their internal checks and introduced a new false-positive.

          Adriana Maria Pardo MaldonadoA 1 Reply Last reply Reply Quote 2
          • Adriana Maria Pardo MaldonadoA
            Adriana Maria Pardo Maldonado @PeterJones
            last edited by

            @PeterJones Hi Peter,
            Thanks for the answer, I downloaded the file from this URL:
            https://notepad-plus-plus.org/downloads/

            1 Reply Last reply Reply Quote 0
            • Eric ReissE
              Eric Reiss
              last edited by

              This is still the case when using Virustotal to scan version 8.5.3

              PeterJonesP 1 Reply Last reply Reply Quote 0
              • PeterJonesP
                PeterJones @Eric Reiss
                last edited by

                @Eric-Reiss ,

                The algorithms used at VirusTotal are unfairly biased toward automatically flagging any installer built with NSIS (because some viruses masquerade as NSIS installers). Notepad++ is not going to stop using the NSIS installer, so that means that VirusTotal will likely continue to false-flag it.

                Per these results, there isn’t currently a false-flag on the official v8.5.3 64bit installer: https://www.virustotal.com/gui/url/5ed5d73a10561c63301ed2f56dd62402b0748880c93a03b147ed09de0864a783

                So if you download it from the URL that the report scanned (https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.5.3/npp.8.5.3.Installer.x64.exe – which is the official download URL for v8.5.3), then it’s safe.

                1 Reply Last reply Reply Quote 2
                • First post
                  Last post
                The Community of users of the Notepad++ text editor.
                Powered by NodeBB | Contributors