• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

false antivirus notifications DashCore wallet


New member
21.12.2017 01.57.27 FOUND OBJECT (file removed) C:\Program Files\DashCore\daemon\dashd.exe programm Microsoft Compatibility Telemetry

file C:\Program Files\DashCore\daemon\dashd.exe name: Backdoor.Win32.mIRC-based.bp

21.12.2017 01.57.27 object,file restricted C:\Program Files\DashCore\daemon\dashd.exe program: Microsoft Compatibility Telemetry file: C:\Program Files\DashCore\daemon\dashd.exe name : Backdoor.Win32.mIRC-based.bp

file C:\Program Files\DashCore\daemon\dashd.exe , Microsoft Compatibility Telemetry file C:\Program Files\DashCore\daemon\dashd.exe name Backdoor.Win32.mIRC-based.bp
Last edited:
I'm running the latest version of Windows Defender and I never got that. Where did you download Dash from?
Here is nothing about windows defender . I check it with Antivirus .
DL was from dash.org

Its time to hire security department check&update everything

Backdoor:Win32/mIRCbased - This threat can give a malicious hacker unauthorized access and control of your PC.
Categorically a false positive.

Earlier bitcoin versions used irc to locate peers. Dash is based on one of these earlier versions.

Your antivirus is just noticing the code can talk over irc, a feature replaced by dnsseeds.

Will edit above with code snippets once I find the relevant sections.
maybe update your original post to reflect your now-better understanding of the nature of the false positive?

I don't mind ignorance and panic, but please don't leave invalid assumptions lying around as fact.

You stand a good chance perpetuating the baseless panic and create confusion.

But, I don't see any code that could have triggered that warning. IRC was removed well before dash was even an idea.

commit c2efd981aa14e94cce4a0a888b6ee1f4e4347924
Author: Matt Corallo <[email protected]>
Date:   Sun Mar 24 19:38:19 2013 -0400

    (finally) Remove IRC Seed support now that lfnet is down.

Guess it's triggering on the letters IRC in comments that still linger all these years later.
Last edited:
Its time to hire security department check&update everything.

It's rude and presumptive to insinuate our security has been compromised over a single, easily explainable false positive.

I appreciate that English doesn't appear to be your first language, but since you're new here, maybe ask questions next time instead of posting outright lies and accusations.

If you look closely, you can see the checksums and downloads are signed by a core developer, a final verification before being released to the world.
Just had another user encounter this same false positive with Kaspersky. Seems to be something different in 12.2.2 that is triggering these AV products?