Windows 10 defender atom.exe malware


My Windows defender just quarantined atom.exe having a trojan

Update.exe recognized as malware: HEUR/QVM03.0.Malware.Gen

FYI it’s not just you. Happened to me as well.

My Windows 10 defender said exactly the same thing: Lerspeng.B.

Hopefully a false positive.


Same here, and it seems to have screwed up trying to uninstall it as well.

2015-08-06 10:45:51> ApplyReleasesImpl: Writing files to app directory: C:\Users\Paul\AppData\Local\atom\app-1.0.4
2015-08-06 10:46:17> IEnableLogger: Failed to invoke post-install: System.IO.IOException: Operation did not complete successfully because the file contains a virus or potentially unwanted software.


Me too. Stops atom working.


Another here:

I’m trying to update, not that it really matters.

More information that probably doesn’t matter:

Upgraded to Windows 10 from Windows 7 Professional.
Windows 10 Pro (build 10240)
64bit, x64 CPU

Windows Defender:
Antimalware Client Version: 4.8.10240.16384
Engine Version: 1.1.11903.0
Antivirus definition: 1.203.1304.0
Antispyware definition: 1.203.1304.0
Network Inspection System Engine Version: 2.1.11804.0
Network Inspection System Definition Version:


Also the same here, interestingly I am still technically on Windows 8.1, but noticed this got quarantined right in the middle of the download for the Windows 10 update. I assume as part of that download it is bringing in the new definitions perhaps which triggered this.

As a side note, I have Atom 1.3 running at home on Windows 10 with no issues, so either it came from an update to Windows 10 security definitions, or as a result of today’s update to Atom 1.4.


I’ve been on Windows 10 and working with Atom happily for a few days now and I just saw this a few minutes ago. My error appears to be different however: Windows Defender says it’s found Backdoor:Win32/Kelihos.F instead of Lerspeng.B.


Windows Defender is categorizing mine the same way as @jwl’s: Backdoor:Win32/Kelihos.F


This is from Microsoft’s Malware Protection site.

‘It spreads via a spam email attachment. It can also be downloaded by other malware, such as TrojanDownloader:Win32/Upatre and TrojanDownloader:Win32/Kuluoz.’

There also appear to be several different names that this can be referred to.



I also have the same lipseng.b trojan from windows defender. Windows 10. Was using atom last night with no problems, and just started to use it this morning and defender closed it down on me.


This has been fixed in Atom v1.0.5: Fixed an issue on Windows where atom.exe and the auto-updater were not code-signed causing them to be flagged as malware by certain antivirus applications


Please test it out if you could.

I optimistically put that in the release notes after adding some missing code signing to the Update.exe and atom.exe shipped with the installer.

Would love to know if people still have this issue on 1.0.5.


Norton just flagged Atom as SONAR.PUA!gen5 and wants to quarantine it.

Yesterday I had issue with Atom update making my shortcuts go to an ‘update.exe’ file.

Is this some kind of attack on with Atom being the vector?


I had manually added an exclusion for the atom.exe file in Windows Defender.
Atom was open. I removed the quarantine exclusion.

Manually downloaded the installer for 1.0.5 and ran it.

It added an icon to my taskbar very briefly, then it disappeared. No window opened.
I switched back to Atom and checked the Help menu.
It showed version 1.0.4 (! what) and a prompt to restart to install an update.

Restarted, running 1.0.5, no Windows Defender complaints.

I guess the auto-updater was not being caught in the heuristics, or by quarantining the executable, the auto-updater was able to run.

In any case:

tl;dr: 1.0.5 solves the Windows Defender issues for me.


I had to completely remove atom before downloading and installing the new version.
I mean everything %system%/users//.atom, I used CCcleaner to remove it from the registry also.
Then I installed the new 1.0.5 package and it is working, but I have to add all the packages back in.

Thanks for the quick turn around on the fix.


1.0.5 works for me