Qt x86 release binaries are flagged as malware (false positive)

I am using the official opensource Qt releases that can be downloaded from the official website ( Download Qt | Develop Desktop and Embedded Systems | Qt ) via the online downloader.

What happens is that CIS will flag most EXEs and DLLs from the mingw32 x86 release as MalCrypt.Indus!@105441913 malware. It happens since long time ago. The latest Qt release not affected by this issue is Qt 5.3.1, and they are releasing Qt 5.5.0 right now. It only flags malwares in the x86 release, the x64 (which, BTW, is built from the same sources) is fine. In the past, with Qt 5.4.x, CIS used to flag a lot more files than it does with Qt 5.5.0.
CIS will also flag as malware binaries from the MSVC13 x86 release, which however comes from this alternative website: tver-soft.org - This website is for sale! - tver soft Resources and Information.
Different malware name: TrojWare.Win32.Kryptik.BHBD@303346353, same story: latest known unaffected is Qt 5.3.1 and the x64 release is just fine. (BTW the mingw x86 release from this other website also triggers the same effects as the official release).

I will attach the files being flagged as malware to this post. Let me know if this is some random false positive or if I should contact the Qt maintainers as well.

System info:
OS: Windows 8.1 Professional 64-bit, ITA
CPU: AMD Phenom II x6 1100T
CIS version: 8.2.0.4591
Virus db version: 22778

[attachment deleted by admin]

Hello T3STY,

Thank you for reporting this. We’ll verify it and get back to you soon.

Best regards,
FlorinG

Hi T3STY,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <22783> of Comodo Internet Security Version<8.2.0.4591> and confirm it.

Best regards
Qiuhui.■■■■

I confirm, it has been fixed. Thank you very much!

I have the same problem with Qt Creator 3.4.2 (opensource) on a fresh installation of Windows 7.

OS: Windows 7 Home Premium X64
CIS Version: 8.2.0.4591
Virus DB Version: 22901

Qt Creator 3.4.2 (opensource) Based on Qt 5.5.0 (MSVC 2013, 32 bit)

Built on Jun 29 2015 01:56:58

From revision b57ac109a2

Copyright 2008-2015 The Qt Company Ltd. All rights reserved.

The program is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

1081×858 105 KB

I have attached the files being flagged as malware.

[attachment deleted by admin]

Hi Radu-Tudor,

Thank you for reporting this.
We’ll check them and get back to you soon.

Regards,
Sathish

Hi Radu-Tudor,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <22907> of Comodo Internet Security Version<8.2.0.4591> and confirm it.

Best regards
Qiuhui.■■■■

My QT5.4 binaries are also being flagged as TrojWare.Win32.Kryptik.BDBD@303345353. How do we get this corrected?

Hello Shane Feek,

Please share the detected samples so we can check them. You can use our submit page or any file sharing website and give us the link.

Best regards,
FlorinG

I have submitted my Qt 5.4 file. It appears that other Qt files are also being flagged. qml1plugindump.exe and qmlplugindump.exe are also flagged as MalCrypt.Indus!@105441913. I tried to restore those files from the quarantine so I could submit them as well, but as soon as they are restored they are immediately re-quarantined.

Hello Shane Feek,

When you restore them also make sure that you click on “Yes” when asked if you want to add the files to your Antivirus excluded files.

Best regards,
FlorinG

If I do this from the actual workstation, that method works. If I do it from the Management console on the server, there is not option to say yes and the file gets restore to the workstation and disappears seconds later.

Just use the method that works to get the files and share them with us so we can fix the False Positives.