[Tox Support] qTox for Windows 64-bit - Trojan detected in it
nurupo
nurupo at tox.chat
Thu Jan 14 23:35:40 UTC 2021
Hi,
Tox is a peer-to-peer software, it forms an overlay network (DHT) with
other Tox clients, so it shouldn't come as a surprise that your Tox
client, qTox, constantly communicates with other Tox clients around the
world, Russia included. In fact, if you open network monitor, you would
see qTox communicating with tens, if not hundreds, of different IPs.
My guess is that qTox triggered some sort of behavioral heuristic of the
antivirus, perhaps the antivirus thought that communicating over UDP
with so many different IPs is suspicious, or one of the IPs is on the
antivirus's blacklist.
You could try uploading qTox to VirusTotal, which scans files with many
different antiviruses and presents you with the results.
---
Regards,
nurupo
On 2021-01-14 11:14, Peter Arvo wrote:
> Hi,
>
> After installing qTox using it a bit, it was left running in the
> background for several hours in which time my anti-virus/anti-malware
> detected what it identified as a Trojan from qTox trying to
> communicate to 194.61.26.205. If I do a search on that IP address it
> says it belongs to ERA LLC. and they are located in the Netherlands (
> https://www.lookip.net/ip/194.61.26.205 ). It also looks like it is
> associated with Russia, see the WHOIS information
> https://www.lookip.net/whois/194.61.26.205 .
>
> This is where I downloaded the qTox software from:
> https://github.com/qTox/qTox/releases/download/v1.17.3/setup-qtox-x86_64-release.exe
>
>
> Thoughts?
>
> Thanks,
>
> Peter
> _______________________________________________
> Support mailing list
> Support at lists.tox.chat
> https://lists.tox.chat/listinfo/support
More information about the Support
mailing list