Ravencoin — Virus false-positive

Tron Black
2 min readDec 7, 2020

Just an update to let you know that we discovered a virus false-positive on the Ravencoin Windows installer.

It was first brought to our attention in our weekly dev meeting on Discord.

After some research, we found that only Windows Defender detected the wacatac virus. You can verify this for yourself by downloading from here (https://github.com/RavenProject/Ravencoin/releases/download/v4.3.2/raven-, and uploading the file to https://www.virustotal.com/gui for scanning by multiple AV programs.

Since there were no changes between 4.3.1 and 4.3.2 that would introduce a threat, we suspected that it was a false-positive. AV scanners use signature strings to detect viruses and can occasionally detect a sequence of characters that indicate a threat when there is none. In this case it appears to be a false positive. We’ve sent the offending exe to Microsoft for analysis.

We changed only the version number to, and built the binaries again, and the virus is no longer detected. You will find a couple of anti-virus programs will detect the built-in mining code, but that is to be expected.

This post is here for reference and can be sent to anyone that experienced Windows detecting and removing the Ravencoin Windows installer upon download. Once the binaries are released later today, Windows Defender will not flag the installer.

Thank you to all those who pointed this out so we could address it.

There were rumors about KAWPOW being the cause, and from what we found it looks like KAWPOW does trigger a few anti-virus programs to detect it as a miner — which, of course, could be used maliciously to earn somebody RVN by hijacking an unsuspecting user’s video card.

Thank you to Doug for testing the binary against more than one AV. Thank you Mark for running it against lots of AV scanners.



Tron Black

Freedom advocate, crypto developer, businessman, entrepreneur, and lead dev for Ravencoin — a top crypto-currency and asset issuance platform.