Visual Studio 2019 Installation malware false positives?

Gary T 1 Reputation point
2021-02-16T16:49:47.923+00:00

I downloaded and initiated installation of Visual Studio Code (from VSCodeUserSetup-x64-1.52.1.exe) as well as MSVS 2019 on Jan 26th from https://visualstudio.microsoft.com, in the form of "vs_Community.exe". Malwarebytes anti-virus apparently quarantined\deleted two files on the 26th which seem to be related to the installations. The log for that day says:

"Files Detected: 2
C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\ftquery.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [611f573242a30c2a1d22cf7851b2f907]
C:\ProgramData\Package Cache{540ADDB0-7A37-9B99-3568-FD1EA33D3B38}v10.1.18362.1\Installers\56a114848fda9a7e47bad4b3fc4be9a6.cab (Trojan.Downloader) -> Quarantined and deleted successfully. [3749c0c9c02555e1f649a4a3a45fed13]"

Then, on the 9th of February it quarantined\deleted a file related to Team Explorer, detected within a subfolder of Visual Studio 2019's program files. Log entry as follows:
"Files Detected: 1
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\pl\Microsoft.VisualStudio.ContextManagement.Package.resources.dll (RiskWare.BitCoinMiner) -> Quarantined and deleted successfully. [30be8d1cda0bf3431c1503316a9bf10f]".

I am quite curious what is going on here, particularly with regard to the 'BitCoinMiner'. I know that false positives are somewhat common with regard to running\debugging programs within the IDE. However, these files apparently came with the VS Code and\or MSVS 2019 installation. Are these all false positives? If not, how could this be? Should I uninstall both completely and try a fresh download and install? Any and all advice or information is appreciated, thanks.

Visual Studio Setup
Visual Studio Setup
Visual Studio: A family of Microsoft suites of integrated development tools for building applications for Windows, the web and mobile devices.Setup: The procedures involved in preparing a software program or application to operate within a computer or mobile device.
1,041 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Anna Xiu-MSFT 28,761 Reputation points Microsoft Vendor
    2021-02-17T14:54:37.497+00:00

    Hi @Gary T ,

    Welcome to Microsoft Q&A!

    Before the installation, we suggest you temporarily disable any anti-virus software.

    If you have successfully installed the Visual Studio, you can repair your VS to restore some corrupted packages by running VS Installer > More > Repair.
    If the false positives have some effect on you, you can try a clean installation of Visual Studio.
    https://learn.microsoft.com/en-us/visualstudio/install/remove-visual-studio?view=vs-2019

    Sincerely,
    Anna

    • If the answer is helpful, please click "Accept Answer" and upvote it.
      Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
    1 person found this answer helpful.

  2. d c 0 Reputation points
    2023-04-25T17:28:02.23+00:00

    Just got a Clamwin hit for Win.Trojan.Barys-9979069-0 in Visual Studio Community 2019 in vcpkg.dll. Not reassuring, nor is Anna's message particularly helpful. Anna, is it infected or not? Going to try to uninstall the whole thing.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.