[Ethereum] Is Trojan:Win32/Tilken.B!cl a real threat? Trojan horse on geth files


Windows Defender accused some geth and ethereum files to have a trojan horse called Tilken.B!cl

file: C:\Program Files\Geth\uninstall.exe
file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geth\Uninstall.lnk
startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geth\Uninstall.lnk

Is it a false positive or a real threat??

Apparently this alert happened to more people:
Is my computer infected? Trojan:Win32/Tilken.B!c…

Microsoft Malware Encyclopedia

Best Answer

For the most recent version of the client (1.7.3) for which Windows Defender raises the "Trojan:Win32/Tilken.B!cl" flag, VirusTotal reports 6 out of 67 detections: https://www.virustotal.com/#/file/aa95f8f9f4308827bfb5bd27e55762f78b5f370695c1954eef9462ec007864e0/detection. However, a very similar picture was before with such clients.

I've found that the previous version of the client (1.5.5) also raised such a flag, but in reality, it seems to be clear as confirmed by Microsoft: see related thread on GitHub. I've also submitted the analysis request for the v1.7.3 with potential "Trojan:Win32/Tilken.B!cl", will see the result.

UPDATE 2017-12-04

The submission to Windows Defender SI didn't confirm any malware in file contents, as shown on the screenshot below.

enter image description here