Vital detected as a trojan on windows

I received the same warning concerning Trojan:Win32/Spursint.F!cl. In English, the warning is “This program is dangerous and executes commands from an attacker.” I’ve chosen not to ignore the warning, just in case.

1 Like

Just FWIW, the sha256 of the .exe I got is fa0698c6c51ff98d404bda2d90397aba8a03488cbe55fb62f1f02db7c63150b8

1 Like

Same here, hope the Vital devs would fix it soon c:

I hope some bad guy didn’t actually hack the vital installer – lord knows in 2020, this is why we can’t have nice things. :unamused:

I’m sure Matt will get right on it.


I had a friend send his installer downloaded a while ago and it ran normally without Windows Defender popping any warnings, so likely someone infected the current download.

similar, it’s notable to me that we all found this thread within so many minutes of each other - i really wonder if it only barely just happened


The installer should be fine, I assume it’s just something on Windows Defender’s end because of the number of times that Vital has been installed. If you do have concerns about the installer, try scanning it with a different anti-malware software.

until we hear back from the devs i’m not going to assume that - attackers do in fact exploit update systems and exploit download websites if they can get access to inject malicious code, so it’s quite plausible to me that this is an attack in progress rather than accidental.

edit: although, it does look like this detection is the name given for a heuristic detection that can misfire on untrusted executables windows now, so while i’m still going to be careful, there is a pretty good chance it’s a misfire

@lahwran0 is right – exercise caution. It’s probably either a false alarm from Windows Defender or somebody may have compromised the official download. It sucks to think somebody would jump on this to use it to distribute their malware, and I hope that didn’t happen. But wait until you hear official word from Mr. Tytel.


Nice work digging up this info. As a software developer, this kind of stuff really burns me up. You’re at the mercy of the platform providers, and they never accept culpability for their mistakes. It just paints your software in a bad light. I’ll wait for the official “all clear” from Matt just to be sure (you can’t take any chances – once a Windows system is compromised, you’re screwed), but I bet it’s just a false alarm.

update, i asked on discord and existing users said the same hash that you got here. Guybrush & jgillmanjr both reported getting this hash and no virus warning

edit: it’s also the hash i got

it’s frustrating, but i actually am really happy to see this, because behavior based statistical community virus detection is the best way to actually make use of virus protection as a real immune system for the internet - and as with biological immune systems, virus scanners can have allergic reactions! but it’s important to be able to kill the spread of malware before a human can intervene. it’s pretty frustrating in situations like this where it’s unclear if there is a real issue though

its coming as a virus for me as well, it makes sense though for someone who wants their malware spread to hijack it onto something alot of people are going to be downloading since it just released today, guess well find out

1 Like

Tried 3 different browsers but they all prevented me from keeping the file. After reading this thread, kinda glad they did!


This is interesting. Mine downloaded without any warnings and i have Window’s Defender and EmsiSoft Anti-Malware running together. But i downloaded at around 5pm today.
This is probably not a very good idea. but if it were me i would first disconnect from the internet, then install it anyway and just remove the malware manually but i’m a crazy bastard… and i’m not recommending to do so… but like you could. I’d say Matt and the Bois will probably have it fixed soon enough anyway.
Also Windows Defender kinda sucks at removing some malware and tends to get frozen while removing them/ not remove them fully.

If I didn’t have so many projects in the works I’d probably do that, but I really can’t afford the time of restoring backups and what not right now! :joy:

I have also the issue of the trojan mentioned here is found. I doubt, that its a false positive, cos I said first “allow download” then “trust” and windows defender clearly identifies the exe as Spursint.F!cl trojan. it would be a big coincidence if its false positive cos windows clearly flags the exe as severe harmful and actively blocks the download by any means.

for now, I wont ignore this and wait, what happens.

I turned off defender and checked the file with VIRUSTOTAL(which runs the file past every anti virus software provider) No hits whatsoever. Most likely the download was flagged due to high demand for scanning this file. I just installed and ran the file to prove my point and guess what? Windows defender stayed silent.

The problems is Windows defender uses ridiculously stupid and inaccurate ‘Cloud’ protection which basically means a guess. This negatively impacts small developers over big corporations. The useless microsoft developers that peddle their anti viral crapware never have to face the sort of consequences that impact small developers that have their reputations and livelihoods harmed by their half arsed algorithms.


Still not sure what to do after this, waiting for official signal.

1 Like

I just downloaded the “Plus” file again a few seconds ago and ran it through Virus Total and it scored a 1/69 with only one obscure AV flagging it. Even Windows Defender didn’t flag it. I scanned the file with Bitdefender Total Security and it came out clean. I’d say False Positive but if you’d feel better wait to see what Matt says.

1 Like