The core wallets of Dash-Bitcoin-Litecoin and the Electrum wallet are reported by microsoft windows antivirus as Trojans/Viruses!

[vazaki3]

The core wallet of Dash is reported by windows defender to have Trojan:/Woreflint.Z!cl PUA:Win32 (Coinminer)

This is very bad .

What the core team is doing for that?

Shall DCG be forced to fix Dashcore wallet so that it will not appear as Trojan PUA:Win32 (Coinminer) in windows defender?


When I say "forced" I mean vote the numbers , then cut a persentage from the DCG compensation, in case DCG does not fix the bug within a voted time frame.

 

[strophy]

Hi demo!

Before we discuss "forcing" anyone to do anything let's verify your claim. You have not shared sufficient details to do this, so let's vote on forcing disclosure of your methods first Can you please share the following:

1. Version of Windows and Windows Defender
2. Version of Dash being flagged by Windows Defender
3. The specific file it is flagging

The current version of Dash does not trigger any warnings, and the current and upcoming versions of Dash do not trigger any warnings in 83 different antivirus tools on Virus Total. See Dash 0.16.1.1 results and Dash 0.17.0.0-rc3 results. Is it possible you have another app installed that is showing positive? I note this trojan frequently shows up as a false positive for game emulators, particularly Diabo 2 (great game btw)

 

[vazaki3]

Hi demo!

Before we discuss "forcing" anyone to do anything let's verify your claim. You have not shared sufficient details to do this, so let's vote on forcing disclosure of your methods first Can you please share the following:

1. Version of Windows and Windows Defender
2. Version of Dash being flagged by Windows Defender
3. The specific file it is flagging

The current version of Dash does not trigger any warnings, and the current and upcoming versions of Dash do not trigger any warnings in 83 different antivirus tools on Virus Total. See Dash 0.16.1.1 results and Dash 0.17.0.0-rc3 results. Is it possible you have another app installed that is showing positive? I note this trojan frequently shows up as a false positive for game emulators, particularly Diabo 2 (great game btw)

I am talking about win10 and the latest version of windows defender.

 

[strophy]

Please answer questions 2 and 3 as well. I cannot reproduce this with Dash 0.16.1.1 or 0.17.0.0. I suspect you have a virus from another source.

 

[vazaki3]

Please answer questions 2 and 3 as well. I cannot reproduce this with Dash 0.16.1.1 or 0.17.0.0. I suspect you have a virus from another source.

I am taking about the latest core wallet that appers in dash.org.

The core wallet of Dash is reported by windows defender to have Trojan:/Woreflint.Z!cl

Just download the zipped version of dash core wallet, and without installing it, just scan the zip file by using windows built in antivirus (windows defender), in a fully updated win10 system.

 

[strophy]

Still cannot reproduce. Scanned both zip file and installer on fully updated Windows 10, see below for result:

 

[vazaki3]

Still cannot reproduce. Scanned both zip file and installer on fully updated Windows 10, see below for result:

View attachment 10537

Interesting.
I will post a snapshoot too.

 

[vazaki3]

Still cannot reproduce. Scanned both zip file and installer on fully updated Windows 10, see below for result:

View attachment 10537

 

[vazaki3]

Now it reports another virus.

 

[strophy]

I agree, this is not the same trojan you initially claimed. The Windows installer for Dash does not contain mining code specifically to avoid triggering malware scanners, but the zip file distribution does contain this code. This positive match is therefore expected - Dash binaries contain mining code, because Dash is a Proof of Work cryptocurrency and mining is a necessary function of the network. Please contact Microsoft if you disagree that mining software should be flagged as malware.

 

[vazaki3]

And another snapshot, without litecoin code being around, just in case.

 

[vazaki3]

I agree, this is not the same trojan you initially claimed. The Windows installer for Dash does not contain mining code specifically to avoid triggering malware scanners, but the zip file distribution does contain this code. This positive match is therefore expected - Dash binaries contain mining code, because Dash is a Proof of Work cryptocurrency and mining is a necessary function of the network. Please contact Microsoft if you disagree that mining software should be flagged as malware.

I did received a
Trojan:/Woreflint.Z!cl
warning too. I will try to reproduce the warning.

I think Dash should fix the bug in order to comply to Microsoft reports.
Similar alerts appear also for electrum wallet, litecoin or bitcoin core wallets.

 

[vazaki3]

I did received a
Trojan:/Woreflint.Z!cl
warning too. I will try to reproduce the warning.

I think Dash should fix the bug in order to comply to Microsoft reports.
Similar alerts appear also for electrum wallet, litecoin or bitcoin core wallets.

Here you are. I a troyan report now!

 

[strophy]

Can you extract the zip file and scan again, then let me know which specific file is generating it? I still cannot reproduce this.

I already described how mining code is removed from installer binaries to avoid triggering malware scanners. If we remove it from the zip file as well, then Windows users can no longer mine Dash (on any network, including e.g. testnet or devnets). We will not change the Dash consensus algorithm away from PoW to avoid triggering a false positive experienced by a single user on a single platform using a non-recommended installation method.

 

[vazaki3]

Can you extract the zip file and scan again, then let me know which specific file is generating it? I still cannot reproduce this.

I already described how mining code is removed from installer binaries to avoid triggering malware scanners. If we remove it from the zip file as well, then Windows users can no longer mine Dash (on any network, including e.g. testnet or devnets). We will not change the Dash consensus algorithm away from PoW to avoid triggering a false positive experienced by a single user on a single platform using a non-recommended installation method.

And what about the windows installer? Is this non recommended too?

See attached image

.

 

[strophy]

Can you extract the zip file and scan again, then let me know which specific file is generating it? I still cannot reproduce this.

 

[vazaki3]

@strophy can you download

https://download.litecoin.org/litecoin-0.18.1/win/litecoin-0.18.1-win64-setup.exe

https://electrum-ltc.org/download/electrum-ltc-4.0.9.2-portable.exe

https://bitcoin.org/bin/bitcoin-core-0.21.0/bitcoin-0.21.0-win64-setup.exe

scan them with microsoft defender and post a screen shoot here?

 

[vazaki3]

@strophy It is obviously a false alarm, but this does not mean that the Dash core team should not fix it!

Cryptos should comply with microsoft antivirus, not microsoft antivirus with cryptos.

 

[strophy]

Tomorrow maybe. I have already rebooted out of Windows to do some other work. However, I note that all of these links generate positives on Virus Total.

Why should DCG fix false positives in Litecoin and Bitcoin? And why should crypto comply with Microsoft scanners, what authority do they have? Did we vote to do this?

 

[vazaki3]

@strophy if you cannot reproduce the alarm, this means that my IP is trapped by agents and they send me compromised software.

 

[vazaki3]

Tomorrow maybe. I have already rebooted out of Windows to do some other work. However, I note that all of these links generate positives on Virus Total.

Ok! thats good news for me!!! I am not the only one who receives positives!!!
Agents are not nearby!

 

[vazaki3]

Why should DCG fix false positives in Litecoin and Bitcoin? And why should crypto comply with Microsoft scanners, what authority do they have? Did we vote to do this?

Positives appear for Dash too.....Dash is a fork of bitcoin and litecoin.

Dash should comply to microsoft scanners, in order for new users not to be afraid to install dash software.

 

[strophy]

New users use the installer to install Dash. You have not shown any evidence that the installer triggers the scanner. Can you do this please?

Do you still suggest removing mining code from the zip distribution? Why?

 

[Geert]

Clean My Mac X did recently flag Dash QT as a "coin miner" so maybe it's been added to some kind of database.

 

[vazaki3]

New users use the installer to install Dash. You have not shown any evidence that the installer triggers the scanner. Can you do this please?

Do you still suggest removing mining code from the zip distribution? Why?

DCG should try to fix the problem (by adding junk code into the items that are flagged as virus).

Then the Dash media team should advertise Dash as the only coin that succesfully pass the Microsoft Antivirus.

 

[alicecarter95]

I have also found this issue in other forums as well. these false positives are really annoying. sometimes it makes me feel like these are conspiracies by bigger companies. or may be i am just paranoid. anyway, i really hope that this is fixed as soon as possible, because a lot of people are being mislead by this.

 

[qwizzie]

Here is a simple solution : stop relying on the free Windows Defender and buy and use a good anti-virus program.
Problem solved and your pc is better protected.

Anyone active in crypto should not rely solely on Windows Defender for protection.
They should go the extra mile and get some proper anti-virus & malware protection.

Anyways, this thread topic has changed from Windows Defender supposedly detecting a trojan virus to Windows Defender classifying legit software as a PUA (potentially unwanted application). In this specific case it classifies something in the Dash Dash Core wallet ZIP file as a PUA - CoinMiner (which is normal in this case).

I suspect the scanning for PUA's can be disabled from within Microsoft Defender, or the zip file itself can be whitelisted.
It is up to users how they want to deal with PUA's.

And no, a PUA is not a virus.

Here is a doc about it : https://docs.microsoft.com/en-us/wi...ly-unwanted-apps-microsoft-defender-antivirus

Excluding files

Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be added to an exclusion list.

With regards to the found 'trojan:win32/woreflint.a!cl' : most likely unrelated to the Dash Core Wallet ZIP file and an urgent reason to get a good anti-virus program and do a full system scan.

Doc about this virus : https://www.microsoft.com/en-us/wds...-description?Name=Trojan:Win32/Woreflint.A!cl

Instead of doing a quickscan you should just have Windows Defender scan the Dash Core wallet ZIP file, if it only finds the PUA CoinMiner, then that means you got the trojan through something else (maybe you downloaded a game or something and it was attached there).
If you are not getting a good anti virus program, at least do a full system scan with Windows Defender & download and use the free Malwarebytes for Windows edition. Make sure it scans for rootkits as well.

 

[vazaki3]

@qwizzie

The problem is not microsoft antivirus and whether we should use it or not. The problem is that whoever microsoft and cryptonoobie user enters the cryptospace nowdays and tries to install the Dash wallet is being warned by microsoft that this is a PUA CoinMiner virus!!! This is VERY important because, due to the recent bull market , thousands of new users are arriving in cryptospace, and most of them are microsoft users. The DCG should take care of this ASAP. DCG should add junk code into the Dash core wallet in order to escape from the false report of the microsoft antivirus.

Secondly, I have to admit that I was scanning at the same time both Dash, and Bitcoin, and Litecoin, and Electrum portable wallet, so maybe the false report about the troyan was not because of Dash, but because of one of the other 3 wallets. Which makes me think that, in case of course we consider that this is a conspiracy, it should be a consipary of new cryptocurrencies with the help of microsoft against old cryptocurrencies.

Try it by yourself. Do a microsoft defender scan in Bitcoin core wallet, and Litecoin core wallet, and in Electrum portable wallet and you will get the trojan warning.

 

[qwizzie]

@qwizzie

The problem is not microsoft antivirus and whether we should use it or not. The problem is that whoever microsoft and cryptonoobie user enters the cryptospace nowdays and tries to install the Dash wallet is being warned by microsoft that this is a PUA CoinMiner virus!!!

Incorrect. Microsoft does not warn that PUA CoinMiner is a virus. PUA's (Potentially Unwanted Applications) are not a virus !!
And Microsoft gives PUA CoinMiner even a 'Low' risk score according your own image :

PUA warnings is simply something that Windows users that deal with crypto wallets should get familiar with and should be looked at case by case.
Personally i would be more worried about the found trojan alerts on your system and focus on that more. Those are far more dangerous (which is why Microsoft classify them as 'Severe').

 

[vazaki3]

Incorrect. Microsoft does not warn that PUA CoinMiner is a virus. PUA's (Potentially Unwanted Applications) are not a virus !!
And Microsoft gives PUA CoinMiner even a 'Low' risk score according your own image :

ARE YOU LISTENING TO ME???? THE CRYPTO NOOBIES DO NOT KNOW WHAT A PUA IS!!! THEY JUST SEE THE WARNING, AND THEY REJECT THE DASH SOFTWARE!!!!!

PUA warnings is simply something that Windows users that deal with crypto wallets should get familiar with and should be looked at case by case.
Personally i would be more worried about the found trojan alerts on your system and focus on that more. Those are far more dangerous (which is why Microsoft classify them as 'Severe').

Are you listening, or just write whatever, in order to support the pathetic DCG?
I told you, this is NOT the report of my system. This is the report when I checked for viruses (by using microsoft antivirus) the dash core wallet, the bitcoin core wallet, the litecoin core wallet, and the electrum portable wallet.
Do it by yourself and confirm or reject my claims!!!