# Antivirus false positive on ransomware and keylogger for MikTex & TexStudio?

Wrichik Basu said:
But then again, there is a chance of the antivirus putting the .dll and .exe files into quarantine (as I said, it is not listening to me even if i ask it to do otherwise). Nevertheless, I will try your method.
Assuming your Windows OS is not corrupted, Safe Mode won't start the AV product, so the AV product will have no chance of interfering with your installs.

Wrichik Basu
Gold Member
2020 Award
@sysprog Tried in Safe mode, but got this error:

This seems to be a well-known bug over the internet, with no fix unfortunately.

Same error came in Normal mode too (I bypassed the ransomware alert) when I tried later.

Try installing into a directory path that doesn't include spaces in any of the directory (folder) names.
@sysprog Tried in Safe mode, but got this error:

View attachment 243294

This seems to be a well-known bug over the internet, with no fix unfortunately.

Same error came in Normal mode too (I bypassed the ransomware alert) when I tried later.
I suggest that you try copying the installer file into a newly created directory/folder, such as C:\temp01, and when running the installer, specify another newly created directory/folder, such as C:\MikTeX, with no spaces in the directory/folder name, as the target directory/folder. Also ensure that the original installer filename is not changed, including by a (1) or (2) index being inserted into it due it being a subsequent download of the file. If you encounter the problem again, please move the alert box aside before making a screenshot and posting it, so that the content of the window behind it is visible.

Last edited:
I trust you've cloned the drive, and put the clone away in a drawer.

TexStudio comes up clean with just about every other antivirus scanner out there:
https://www.virustotal.com/en/file/...4a7255993b26e42684d949a456415e21fd4/analysis/
It's also hard to believe that you'd get so many roadblocks from a false postiive. I would download the installer from a different source, and try again. If that works, notify the original source ASAP.

James Demers said:
I trust you've cloned the drive, and put the clone away in a drawer.
Of course it's a good idea to make some kind of reliable backup.
TexStudio comes up clean with just about every other antivirus scanner out there:
https://www.virustotal.com/en/file/...4a7255993b26e42684d949a456415e21fd4/analysis/
The VirusTotal site that you linked to looks like a useful resource; however, a TexStudio install is not at issue at this juncture; the MikTeX product install is, and the MikTeX installer passes the tests there too. I think it's worth noting that QuickHeal, the AV product in question in this thread, is not on the list of AV engines there.
It's also hard to believe that you'd get so many roadblocks from a false postiive. I would download the installer from a different source, and try again. If that works, notify the original source ASAP.
That seems like a wrong remedy to me. I think that @Wrichik Basu has already adequately verified the authenticity of the installers of both programs, and has now encountered another problem that is probably not related directly to his AV product. I think that his current obstacle may be related to his prior MikTeX install attempts having produced some residual detritus that is interfering with his most recent attempt.

Last edited:
Wrichik Basu
Gold Member
2020 Award
I suggest that you try copying the installer file into a newly created directory/folder, such as C:\temp01, and when running the installer, specify another newly created directory/folder, such as C:\MikTeX, with no spaces in the directory/folder name, as the target directory/folder. Also ensure that the original installer filename is not changed, including by a (1) or (2) index being inserted into it due it being a subsequent download of the file. If you encounter the problem again, please move the alert box aside before making a screenshot and posting it, so that the content of the window behind it is visible.

I had previously not been able to replicate your problem; however, I had been using the 64-bit version. Using the 32-bit version, I was able to replicate the problem when running with (other than the install directory) the default options. When I switched from 'for all users' to 'this user only', the install ran successfully.

Gold Member
2020 Award
I had previously not been able to replicate your problem; however, I had been using the 64-bit version. Using the 32-bit version, I was able to replicate the problem when running with (other than the install directory) the default options. When I switched from 'for all users' to 'this user only', the install ran successfully.
Thanks, could finally install MikTex properly (I installed in safe mode).

MikTex wants to set the PATH variable to its own bin folder. The variable already has the jdk address. I know I can set multiple addresses with the delimiter ;, but MikTex is not taking this. It wants to be the sole address in the PATH variable.

Any idea how I can keep both addresses (jdk and miktex) in PATH?

sysprog
Dr-Flay
Gold Member
If you are having problems with installing for different types of user, make sure you right-click and run the installer as Admin.

When having problems with an AV and installers, simply excluding the installer or folder it is in will not help, as the unpacked files are not the installer, they are new files in a new location.
You have to disable the AV temporarily. If it is still complaining, you didn't actually disable it.

At the end of the install process and before enabling the AV again you can exclude the new program folder.
The problem is that you now lose all protection of the contents of that folder so in future it could be full of malware.

Looking at your picture of the quarantined files it seems to have issue with Qt files in other software, so has obviously borked them or certain features. Either that or you have had a lot of bad downloads.
Looking at Quick Heal ratings, I would say go and buy a magic 8-ball or some lucky heather from a passing gypsy, as it may do much better.
https://www.av-comparatives.org/vendors/quick-heal/Perhaps that is unfair as the AV-Test site does show it has improved this year, but it is up and down like a yo-yo.
https://www.av-test.org/en/antivirus/home-windows/manufacturer/quick-heal/I would suggest you put it to your father that continuing to use it till the end of the current payment is incredibly unwise and downright risky. Sometimes you need to cut your losses and run.
You can get top class protection for free with either Bitdefender, Avira or Kaspersky. They stay in the top 5 more than any others all year long, so you cannot lose out by comparison.
(General rule of thumb) all the best AV offer a free version as they know you are likely to pay for the full thing after using it.
Bad AV do not have free versions or offer a free trial period to force you to buy.

Whatever AV (or OS) you use you should have a VirusTotal or similar extension in your browser for a second opinion, so that all your downloads are scanned my multiple engines (bare in mind VT can be at most 1 month out of date).
You can use the official VT extension https://support.virustotal.com/hc/en-us/articles/115002700745-Browser-Extensions
These allow testing of files before you get them or automatically upon finishing download.

If you are not confident in the AV you have it is worth adding more protection the system so that malware can be stopped or do less harm.
https://www.novirusthanks.org/products/osarmor/ (Free)
The tools on that site are useful for all Windows users, with or without AV protection.

You can get top class protection for free with either Bitdefender, Avira or Kaspersky. They stay in the top 5 more than any others all year long, so you cannot lose out by comparison.

I would definitely not recommend Kaspersky. The software may be good, but the company behind it isn't, and has been proven that they cannot be trusted.

Avira - I've had a single bad experience with them. I've since moved to AVG Free for the last 9 years (Avira was prior for 5), and I haven't had a single issue or infection with it. I know it's anecdotal, so take that for whatever it is worth, but definitely avoid Kaspersky.

I would definitely not recommend Kaspersky. The software may be good, but the company behind it isn't, and has been proven that they cannot be trusted.

Avira - I've had a single bad experience with them. I've since moved to AVG Free for the last 9 years (Avira was prior for 5), and I haven't had a single issue or infection with it. I know it's anecdotal, so take that for whatever it is worth, but definitely avoid Kaspersky.
That seems like a shameless plug for an ill-mannered package that comes bundled with intrusive popup advertising for paid versions of itself and is not straightforward to remove. If you just use the normal uninstall procedure from Windows, it launches their uninstall wizard, and that process reports that the product was successfully uninstalled, but it's not really true.

Like a bad guest who leaves some of his stuff behind so he can drop by unexpectedly to visit his stuff later, AVG is not completely uninstalled at that point. To completely remove it you have to download their real uninstaller from the vendor's site.

If you don't already know about AVG Clear, which can be discovered from the AVG Resources tab in the AVG product before the uninstall runs, you have find it yourself, or the product will continue to lurk. (Ref: https://smallbusiness.chron.com/completely-uninstall-avg-anti-virus-45439.html)

They tacitly admit that their normal uninstall process is deliberately incomplete. Apparently they want the user to have to experience punishment for trying to uninstall the product before using their real uninstaller.

From https://www.avg.com/en-us/avg-remover
AVG Clear deletes all files associated with your AVG product, including registry items, installation files, and user files. Only use this if your AVG uninstall or repair has failed repeatedly.​

I think that's deeply hateworthy.

jedishrfu and Wrichik Basu
That seems like a shameless plug for an ill-mannered package that comes bundled with intrusive popup advertising for paid versions of itself and is not straightforward to remove. If you just use the normal uninstall procedure from Windows, it launches their uninstall wizard, and that process reports that the product was successfully uninstalled, but it's not really true.

Like a bad guest who leaves some of his stuff behind so he can drop by unexpectedly to visit his stuff later, AVG is not completely uninstalled at that point. To completely remove it you have to download their real uninstaller from the vendor's site.

Shameless plug? I think you're reading way too much into it. Sure, AVG might leave remnants behind, but why do you want to uninstall it? (FWIW, McAfee, Norton, and a few others do the same). I'd rather have remnants left behind rather than a virus protection software opening backdoors to other government officials. Especially if I have zero plans on removing it (again, why remove something that's actually helping you?)

That being said, Avira, AVG, Avast, etc. all promote their full versions through pop-ups. I was easily able to disable pop-ups on AVG and haven't seen them in years.

I went with my experience and knowledge. If that's a "shameless plug", then I suppose everything anyone says about anything in a positive manner is a "shameless plug". Apparently saying "this is just anecdotal, so take it for whatever it's worth" wasn't a good enough preamble for thwarting ridiculous responses like this.

But yes, if you want outside actors being able to coerce a company into letting them into your workstation, by all means, promote Kaspersky.

Shameless plug? I think you're reading way too much into it. Sure, AVG might leave remnants behind, but why do you want to uninstall it? (FWIW, McAfee, Norton, and a few others do the same). I'd rather have remnants left behind rather than a virus protection software opening backdoors to other government officials. Especially if I have zero plans on removing it (again, why remove something that's actually helping you?)

That being said, Avira, AVG, Avast, etc. all promote their full versions through pop-ups. I was easily able to disable pop-ups on AVG and haven't seen them in years.

I went with my experience and knowledge. If that's a "shameless plug", then I suppose everything anyone says about anything in a positive manner is a "shameless plug". Apparently saying "this is just anecdotal, so take it for whatever it's worth" wasn't a good enough preamble for thwarting ridiculous responses like this.

But yes, if you want outside actors being able to coerce a company into letting them into your workstation, by all means, promote Kaspersky.
I didn't promote Kaspersky, or endorse any product in my post. I deplored the misbehavior of AVG, and chided you for recommending such ill-mannered software. My saying that your recommendation of AVG "seems like a shameless plug of an ill-mannered package" was intended mainly to castigate AVG, and the word "shameless" was partly intended as play on your username. I didn't mean to be too reproachful of you.

Sure, AVG might leave remnants behind, but why do you want to uninstall it?
Why should any software company exhibit the effrontery to ask that, or the arrogance to leave things behinds and falsely report to the user that the product is de-installed? Your apparent nonchalance about that is not shared by me. I find it fully hateworthy (detestable).

You mentioned Avast, which is in my opinion just as bad as AVG in this regard.

From https://www.avast.com/en-us/uninstall-utility:
Uninstall our software using avastclear
Sometimes it's not possible to uninstall Avast the standard way - using the ADD/REMOVE PROGRAMS in control panel. In this case, you can use our uninstallation utility avastclear.

2. Start Windows in Safe Mode
3. Open (execute) the uninstall utility
4. If you installed Avast in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
5. Click REMOVE
The statement "Sometimes it's not possible to uninstall Avast the standard way" is meretricious; in fact it's never possible.

The fact that other programs, such as Avira, of similar functionality are similarly ill-mannered does not justify recommending any of them.

Well-behaved programs don't try to defy the user when he wants to deinstall them, and they don't "leave remnants behind" when they are de-installed.

If I have any suspicion that a program package I install might be reluctant to be de-installed, or "might leave remnants behind", I will usually install it "under the watchful eye of Revo Uninstaller", which logs all changes to the system made during the install process, so that all of them can be undone during any future uninstall.

Proper backup procedures are much better than relying on AV programs.

Dr-Flay
Gold Member
I used to promote AVG as a good option when they were a good company with consistent performance.
Since Avast bought AVG it uses the same definitions, so is as good/bad as each other at file recognition.
Avast/AVG/Piriform sell your activity to 3rd parties.
When the pro packages expire they stop updating as they do not offer a free mode, thus leaving you behind and insecure.

The perceived Kaspersky threat is based on Politics not the actual evidence of what went down.
Kaspersky did/does nothing different from any other good AV. When an unknown file is seen it will upload it for analysis.
VirusTotal (owned by Google) is used by hackers and Gov agencies to find secret files in the same way they would end up in any other AV repo, because "Problem in Front of Keyboard", and people send secret files all the time.
It hit the news because.
1) A CIA operative broke the rules and took secret work home.
2) That operative failed to understand that AV will send new files somewhere else.
3) The Russian secret services had infiltrated Kaspersky.
3) Israeli state hackers had infiltrated Kaspersky and were watching the Russians at work.
4) Rather than notify Kaspersky that the Russian spooks were in the system, they notified the US and let the hacking continue.
5) Instead of blaming the CIA operative for the data breach, Kaspersky was seen as a more useful target as the media and general populace will not understand the real implications of how it happened.

Since then all relevant interested parties can have access to the source code for Kaspersky and can compare their own build with the regular distro.
As yet no one has found anything wrong with the code.
As for being the lapdog of the Russian Gov. the actual evidence would seem to show that if info is freely handed over they don't need to waste so much time in hacking the company to gain access. Apparently we are to think they could just use the phone, or walk in and ask.

Back to evidence based security issues, the US agencies have a well proven track record of getting US companies to add backdoors, weak crypto, or just hand over info due to commercial pressure or a 1-size-fits-all warrant.
In the released treasure trove of CIA and NSA hacking tools and docs over the past few years we also see that they had made their own special builds of several AV distros, including AVG, Avast and Kaspersky.

If I am going to draw any conclusions about privacy or security in AV software I would say, stay away from US software because [insert criticism of Russia].

All this aside, what you want is the best in protection, and going by trusted 3rd party tests we see that Bitdefender, Avira and Kaspersky are the top performers when it comes to real-time protection, that also have free versions so you can make up you own mind.
I have to support many users with many different AV so I get to experience the reality of the differences.
To see how they all compared over last year I compared the results from AV-Comparatives.
https://dr-flay.vivaldi.net/2018-anti-virus-comparison/

Last edited:
jedishrfu and sysprog