winmerge icon indicating copy to clipboard operation
winmerge copied to clipboard
verified publisher icon WinMerge

ESET identified Trojan inside q.bat run by WinMerge-2.16.50.2-x64-Setup.exe during installation process

Open glenneroo opened this issue 3 months ago • 1 comments

I downloaded this from WinMerge.org which redirected me to SourceForge.

I tried to open q.bat from an earlier 2.16.x version with notepad but ESET deleted this file as well.

The q.bat was located in C:\Program Files\WinMerge\Commands\q\q.bat and created a process which was blocked in C:\Users\MyUser\AppData\Local\Temp\is-GQAAA.tmp\WinMerge-2.16.50.2-x64-Setup.tmp

I unfortunately can't check or post any virus reports because my system is currently being wiped and restored from backup image.

Should I be worried?

glenneroo avatar Oct 02 '25 09:10 glenneroo

According to VirusTotal, both the installer and q.bat are currently reported as clean by ESET, so it may have been a temporary false positive.

[WinMerge-2.16.50.2-x64-Setup.exe] https://www.virustotal.com/gui/file/49f7185f6253df66535356baf0e43a15f184efdafe9db7a25f6a579c63e86870

[q.bat] https://www.virustotal.com/gui/file/3526353bedc83bd3218f66f8b040c59dd4abc90445d63e1a560fcf27c13f2b50?nocache=1

sdottaka avatar Oct 02 '25 10:10 sdottaka