News:

--

Main Menu

2.7.3 VC++ triggers virus warning

Started by TCmullet, March 24, 2019, 08:14:34 PM

Previous topic - Next topic

TCmullet

I just downloaded 2.7.3 Vc++ 64 bit intending to replace usage of 2.7.1-64bit.  While the window to install was up (and showing various "7z" steps), I got a warning from SuperAntiSpyware that my Windows 10 system startup had been changed and that I ought to run a scan now.  As I haven't run a scan in a long time (I don't normally have virus problems), I am running one now.

If the 2.7.3 installer has changed my startup, why would it do that?  What could possibly need changing?  I smell a virus!

eumagga0x2a

Have you verified the checksum of the installer you have downloaded matches the official one?

sha256sum Avidemux_2.7.3VC++64bits.exe
eb2e264b261d023d3b6891877dd8b5f9b6e32300ab363c2e04a60b5085ba4051  Avidemux_2.7.3VC++64bits.exe

md5sum Avidemux_2.7.3VC++64bits.exe
de8f8dc9ce4ba21b4d756b725ab7b0a2  Avidemux_2.7.3VC++64bits.exe


I basically don't trust virus scanners, but the official installer should be clean: https://www.virustotal.com/gui/file/eb2e264b261d023d3b6891877dd8b5f9b6e32300ab363c2e04a60b5085ba4051/detection. So if the checksum matches, I would suspect a usual false positive.

TCmullet

I've never done that, though am aware of MD5 and SHA.  I found a utility and yes, the sha256 hash does verify.  Thanks.  I am aware of "false positives" in antivirus, but I would not have thought that "system startup files have changed" could be falsely positive.  Now we know.  Again, thank you, and I will proceed to operate with virus-confidence.  (And I've already used the new version for a file that was not editing right on 2.7.1, and it seems to have corrected my problem.)

eumagga0x2a

Quote from: TCmullet on March 24, 2019, 08:57:04 PM
I would not have thought that "system startup files have changed" could be falsely positive.

I don't think QtIFW (the new Qt-based installer) does what the security software claims to detect.