winmerge icon indicating copy to clipboard operation
winmerge copied to clipboard
verified publisher icon WinMerge

winmerge-2.16.48.2-x64-exe.zip, jq.exe and tidy.exe recognized as trojan by some antivirus. Virustotal scan

Open Emilius256 opened this issue 6 months ago • 3 comments

Hello,

I just downloaded winmerge-2.16.48.2-x64-exe.zip and did a scan witt virustotal and it marked as trojan by 2 antivirus.

Image

It seems that jq.exe and tidy.exe are the only files recognized as Trojan

Image

The strange things is that if I scan an older versione of Winmerge with jq.exe and tidy.exe with the same version a don't give any alert. May I replace jq.exe and tidy.exe with a newer versione downloaded respectevly from the developer site or from an older winmerge zip file ?

Many Thanks

Emilius256 avatar Jun 21 '25 17:06 Emilius256

I compared the jq.exe and tidy.exe files from WinMerge version 2.16.48.2 with those from version 2.16.42.1 released in July 2024. Although the file timestamps are different, the SHA-256 hashes are identical. So, replacing them likely won’t avoid the antivirus detections.

The ZIP file of version 2.16.42.1 was scanned on VirusTotal about two months ago. After reanalyzing it now, it shows the same detection results as version 2.16.48.2.

I’ve contacted the two antivirus vendors to report these as potential false positives. Hopefully, the issue will be resolved in a future update.

Image

Image

Image

sdottaka avatar Jun 22 '25 00:06 sdottaka

Thank you for your reply.

Emilius256 avatar Jun 22 '25 16:06 Emilius256

Zillya has resolved the previous false positive, as shown in the link below: https://www.virustotal.com/gui/file/1c87bae8cf1af3612a905fd6ceb86a02ce25f8acc44a21b8356b26e9f8567ef2

sdottaka avatar Jun 29 '25 10:06 sdottaka