Closed PCbIX closed 2 years ago
Install package was downloaded from this link https://www.fosshub.com/qBittorrent.html?dwl=qbittorrent_4.4.3.1_x64_setup.exe
Says who?! Avast, Norton, McAfee...?
Microsoft Defender doesn't say anything about that.
The SHA256 hash for the 64 bit installer from Fosshub matches what it's listed as on the qBittorrent website's download page (07f1777b4508c5629e26bb592050dfd4421169b76de79001d2f0350f92010f23).
I think it's fine. Chrome did warn me when the download finished on Fosshub, saying something along the general line of "not sure if this file is safe, not many people have downloaded it yet", but that's not necessarily unexpected or indicating anything's wrong.
Windows shows a "Windows protected your PC" pop-up and says Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk. App: | qbittorrent_4.4.3.1_x64_setup.exe |
---|---|
Publisher: | Unknown publisher |
So I think it is not a virus problem but a license problem.
Windows shows a "Windows protected your PC" pop-up and says Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk. App: qbittorrent_4.4.3.1_x64_setup.exe Publisher: Unknown publisher
So I think it is not a virus problem but a license problem.
SmartScreen pops up almost everytime when you install a program not coming from MS Store so that's nothing new.
Avast is showing a threat at startup as well.
MiTM:DnsHijack URLS: http://demonii.si/favicon.png http://demonii.si/favicon.ico
it is common nowadays that antivirus software marks torrent clients as any malware, qBittorrent is not an exception, see for example this https://torrentfreak.com/utorrent-continues-to-be-flagged-as-severe-threat-and-its-not-alone-210318/ this article even has a link to qBittorrent GitHub issues page discussing that. so, very likely this "intentional false positive".
So I think it is not a virus problem but a license problem.
this is not a license problem, that happens because installed is not signed with a very expensive certificate. this is like on macOS.
this is definitely not related to qBittorrent. very likely something marked as qBitorrent (or patched qBittorrent) was downloaded from any unknown site, official downloads don't have such URLS.
Avast is showing a threat at startup as well.
MiTM:DnsHijack URLS: http://demonii.si/favicon.png http://demonii.si/favicon.ico
I had this problem years ago. It is easy to fix. Go to Advanced Setting and disable (uncheck) Download tracker's favicon option and click apply. I think this option should be disabled by default for security reasons.
Go to Advanced Setting and disable (uncheck) Download tracker's favicon option and click apply.
in recent versions it is disabled by default (at least was on Linux). maybe behavior is different on other platforms or option was enabled in older version and affected user just has it enabled since that time...
I got a warning from windows defender when I first tried to install 4.4.3.1, but I couldn't replicate it when I tried again. I got no warning from doing 4.4.3 just three days before
Virustotal showed me this when I scanned 4.4.3.1
https://www.virustotal.com/gui/file/07f1777b4508c5629e26bb592050dfd4421169b76de79001d2f0350f92010f23
That SecureAge APEX warning did not show up when I scanned 4.4.3
@PCbIX
If you're not going to provide any screenshots, what security vendor software you are using or anything new on how to reproduce your issue and not even link to virustotal website then this issue should definitely be closed.
In future you better:
- Scan with virustotal.com
- Share link to virustotal results and name your own security software if you ever plan to blame qBit installers in Fosshub website to be a virus.
- Contact your antivirus software provider to relook if they have false positive, false scan results in virustotal and if you maybe really downloaded a virus or if you have completely misunderstood something.
- Afterwards contact fosshub about your findings if you still believe you have downloaded a virus.
Ok, I'll send MD5 of downloaded file and screenshots today later.
There is no virus. This is expected for any new .exe file which is not signed and therefore is not trusted by AV or Smartscreen. If you wait 1-2 days then the signature gets updated in AV database and it no longer triggers anything. Just like now it shows 0/65 in virustotal.
qBittorrent & operating system versions
qBittorrent v4.4.3.1
What is the problem?
New version qBittorrent v4.4.3.1 detected by antivirus as virus, be carefull
Steps to reproduce
No response
Additional context
No response
Log(s) & preferences file(s)
No response