Community
    • Login

    Notepad v8.8.2 32-bit installer: virus or malware detected

    Scheduled Pinned Locked Moved Security
    4 Posts 4 Posters 8.9k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Brian DickensB Offline
      Brian Dickens
      last edited by

      When downloading the installer for the 32-bit version of Notepad, Firefox popped up a warning that it contains a virus or malware.

      I put the installer through Virustotal.com and got 27 detections out of 72 scanners: https://www.virustotal.com/gui/file/179613870a9ffc646b77918701481c8ffdae1c82e06cbc7ea7d42af3d1c9e5e2

      Is this a false positive or is something actually going on?

      xomxX 1 Reply Last reply Reply Quote 0
      • xomxX Offline
        xomx @Brian Dickens
        last edited by

        @Brian-Dickens

        https://community.notepad-plus-plus.org/post/102220

        As I said, without the N++ digital signature, stupid AVs go nuts.

        The number of false positives from AVs is so high because in the past, many attackers probably have also used the free, open source NSIS for their purposes.

        1 Reply Last reply Reply Quote 4
        • PeterJonesP PeterJones forked this topic on
        • PeterJonesP PeterJones referenced this topic on
        • PeterJonesP PeterJones referenced this topic on
        • TaviT Offline
          Tavi
          last edited by

          Could you please confirm if this issue is related to the notepad++ hijack news dated 2nd Feb 2026?

          PeterJonesP 1 Reply Last reply Reply Quote 0
          • PeterJonesP Offline
            PeterJones @Tavi
            last edited by PeterJones

            @Tavi ,

            As far as I can tell, they were unrelated. Scanners such as VirusTotal look at the executable itself, and last year were being triggered by the lack of signing and the self-signing of the executable.

            please confirm if this issue is related to the notepad++ hijack news dated 2nd Feb 2026?

            The issue you are referring to, as linked here and described in detail here specifically said,

            the compromise occured at the hosting provider level rather than through vulnerabilities in Notepad++ code itself.

            This was a website hack, and VirusTotal and other such AV scans do not detect website hacks, as far as I understand them.

            See the FAQ, which has the best “table of contents” for the website hack. ALL related followups/discussions must go in Topic: autoupdater and connection to temp.sh.

            1 Reply Last reply Reply Quote 1

            Hello! It looks like you're interested in this conversation, but you don't have an account yet.

            Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

            With your input, this post could be even better 💗

            Register Login
            • First post
              Last post
            The Community of users of the Notepad++ text editor.
            Powered by NodeBB | Contributors