Phpstorm 2016.1 detected as malware on Windows 10

Hey guys,

I am curious if any of you had Windows Defender flag your PhpStorm 2016.1 (the 32 bit version) as including a trojan (Win32/Tefau.A!cl)?

Today, when starting, just got this message from my windows 10 box and then PhpStorm was quarantined.

The 64 bit version starts ok and no warnings are triggered.

After uninstall, I went to install it again and the same alert popped-up:

Trojan:Win32/Tefau.A!cl

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately

Items:
file:C:\Program Files (x86)\JetBrains\PhpStorm 2016.1\bin\PhpStorm.exe
process:pid:7476,ProcessStart:131030501193315380
regkey:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PhpStorm 2016.1
uninstall:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PhpStorm 2016.1

 

regards,

13 comments

Hello,

This is really strange - we don't have any similar reports and Windows Defender on my machine (Client Version:  6.1.7600.16385, Engine Version: 1.1.12505.0, Antispyware definitions: 1.215.2245.0) is silent. I even did a custom scan of Program Files (x86)/JetBrains directory but still got nothing.

Did you download your PhpStorm 2016.1 from official source at <https://www.jetbrains.com/phpstorm/download/>?

Can there be a Trojan virus at your machine that would infect all other applications?

0

All is OK on my Win 10 + Win Defender machine also with:

Antimalware Client Version: 4.9.10586.0
Engine Version: 1.1.12505.0
Antivirus definition: 1.215.2548.0
Antispyware definition: 1.215.2548.0
Network Inspection System Engine Version: 2.1.11804.0
Network Inspection System Definition Version: 115.43.0.0
0

Hi guys, just the same issue here with Win 10 x64

The detection is about:

Trojan:Win32/Tefau.A!cl

0

I have just downloaded a fresh installer and tested its SHA256 checksum.

Starting the new installation I have the same problem.

 

0

Thank you! Did you perform a complete scan of the computer?

We double checked everything but still can't get the same result. This may indicate that the whole system is infected.

Do you have any other workstations or virtual machines where you can install PhpStorm and check this matter again?

0

Antonio, could you please post your Win Defender info like I did? I.e. Antimalware Client Version, Antivirus definition, etc..

0

Another user reported that updating Windows Defender actually helped him to get rid of the false alarm. 

0

@Vladimir!

I'm doing the full scan now, I will tell you if something will be found.
I have tried with my Win 10 x64 laptop last night, and all seems ok.

 

@Dmitry, here is the Win Defender Info:

Versione client antimalware: 4.9.10586.0
Versione motore: 1.1.12505.0
Definizione antivirus: 1.215.2606.0
Definizione antispyware: 1.215.2606.0
Versione motore Network Inspection System: 2.1.11804.0
Versione definizione Network Inspection System: 115.44.0.0

I just made a test install with this exact configuration and now no problems are detected.

Thank you guys.

 

0

Just installed this and now Unable to run on my Windows 10 64 Bit

Trojan Detected

Antimalware Client Version: 4.9.10586.0
Engine Version: 1.1.12603.0
Antivirus definition: 1.217.565.0
Antispyware definition: 1.217.565.0
Network Inspection System Engine Version: 2.1.11804.0
Network Inspection System Definition Version: 115.44.0.0

Ugg
0

A quite old thread, but currently I am expecting same problems when trying to update to 2018.1.3. 

0

That's a new one: https://youtrack.jetbrains.com/issue/IDEA-191657 - feel free to vote/comment to follow the updates.

0

Is this still a issue? I literally just downloaded pycharm yesterday and I would rather not have a trojan virus in my computer. Im going unistall it for the time being. 

0

Yes, it still is. 

IDE installation is not a trojan, that's a Windows Defender false alert.

0

Please sign in to leave a comment.