Trojan.Rozena.Win32.164323_npp.8.4.6.Installer.x64.exe
-
Hello,
Does anyone know if this is a false positive?
thanks.
-
-
@Adriana-Maria-Pardo-Maldonado ,
Where did you download the installer?
If you downloaded your Notepad++ installer from an official source (official website: https://notepad-plus-plus.org/downloads/v8.4.6/ or anywhere else on notepad-plus-plus.org; official github repo https://github.com/notepad-plus-plus/notepad-plus-plus/releases/tag/v8.4.6 ) then it was a false positive.
If it was from anywhere else, it might be suspect.
We occasionally hear of false-positives on the installers – but normally it comes in a batch just after a version is relesaed; v8.4.6 has been out for a month now. But maybe virus total updated their internal checks and introduced a new false-positive.
-
@PeterJones Hi Peter,
Thanks for the answer, I downloaded the file from this URL:
https://notepad-plus-plus.org/downloads/ -
This is still the case when using Virustotal to scan version 8.5.3
-
The algorithms used at VirusTotal are unfairly biased toward automatically flagging any installer built with NSIS (because some viruses masquerade as NSIS installers). Notepad++ is not going to stop using the NSIS installer, so that means that VirusTotal will likely continue to false-flag it.
Per these results, there isn’t currently a false-flag on the official v8.5.3 64bit installer: https://www.virustotal.com/gui/url/5ed5d73a10561c63301ed2f56dd62402b0748880c93a03b147ed09de0864a783
So if you download it from the URL that the report scanned (https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.5.3/npp.8.5.3.Installer.x64.exe – which is the official download URL for v8.5.3), then it’s safe.
