[Tox Support] qTox for Windows 64-bit - Trojan detected in it

nurupo nurupo at tox.chat
Thu Jan 14 23:35:40 UTC 2021


Tox is a peer-to-peer software, it forms an overlay network (DHT) with 
other Tox clients, so it shouldn't come as a surprise that your Tox 
client, qTox, constantly communicates with other Tox clients around the 
world, Russia included. In fact, if you open network monitor, you would 
see qTox communicating with tens, if not hundreds, of different IPs.

My guess is that qTox triggered some sort of behavioral heuristic of the 
antivirus, perhaps the antivirus thought that communicating over UDP 
with so many different IPs is suspicious, or one of the IPs is on the 
antivirus's blacklist.

You could try uploading qTox to VirusTotal, which scans files with many 
different antiviruses and presents you with the results.


On 2021-01-14 11:14, Peter Arvo wrote:
> Hi,
> After installing qTox using it a bit, it was left running in the
> background for several hours in which time my anti-virus/anti-malware
> detected what it identified as a Trojan from qTox trying to
> communicate to If I do a search on that IP address it
> says it belongs to ERA LLC. and they are located in the Netherlands (
> https://www.lookip.net/ip/ ).  It also looks like it is
> associated with Russia, see the WHOIS information
> https://www.lookip.net/whois/ .
> This is where I downloaded the qTox software from:
> https://github.com/qTox/qTox/releases/download/v1.17.3/setup-qtox-x86_64-release.exe
> Thoughts?
> Thanks,
>  Peter
> _______________________________________________
> Support mailing list
> Support at lists.tox.chat
> https://lists.tox.chat/listinfo/support

More information about the Support mailing list