# (fixed - false positive) A potential virus on Filetrip



## Shinigami Kiba (Aug 30, 2016)

UPDATE: Alright folks, whatever it was it was fortunatley a false positive



Costello said:


> I have uploaded the file to VirusTotal and it seems it's 100% safe
> 
> View attachment 60987
> 
> ...



----------------
I don't know if Filetrip is part of GBAtemp or not but I was updating emulators on my Wii when I tried to download snes9x GX 4.3.2 and was told by Windows Defender that the file contains a virus, so it promptly deleted it.
https://filetrip.net/wiiu-downloads/homebrew/download-snes9x-gx-4-3-2-f31107.html

I thought it might be a false positive and that Windows Defender was picking up something form inside the archive so foolishly i temporarly disabled realtime protection, downloaded the 7zip archive and tried to run it just to be told that it's corrupted by winrar.

I don't know if there was something in there and if something executed or not, I enabled windows defender's realtime protection again, ran a scan, ran a scan with malwarebytes too and nothing turned up but you never know what damage might have been caused.

I keep my computer clean and well maintained, I may not be a computer person or a tech savvy guy but I know enough to keep spyware and malware off my system so this caught me off guard.


----------



## Seriel (Aug 30, 2016)

?


----------



## raulpica (Aug 30, 2016)

@Shinigami Kiba
Are you sure you didn't click on one of those fake popups that lead you to OTHER downloads? (which are malware)

Sadly we don't have control on ads, so sometimes stuff like that slips in without us noticing.

The real download button is on the right and has the "Download File" text on it.


----------



## Seriel (Aug 30, 2016)

I have an adblocker so it might look different


----------



## _v3 (Aug 30, 2016)

Jackus said:


> I have an adblocker so it might look different
> View attachment 60657


Filetrip is run by gbatemp, support the site and turn adblock off (atleast on these 2 domains).


----------



## Shinigami Kiba (Aug 30, 2016)

Guys, I don't see any pop ups.
After clicking the download button it takes me to the regular download page, that's where it downloads the bad 7zip.
It's the only file that does this as far as im aware, I ever recorded a video of it.


but get this, after recording the video of it I was able to download a clean non virus infested version so either someone fixed it or I don't know what happened.

I tried like 10 times and it did the same as in the video

My system is clean and well maintained

edit: also my connection is 15Mbps and no files don't take this long to download normally, especially not small ones like that, so that's on the site's end, I can post video proof of this too if needed.


----------



## leerz (Aug 30, 2016)

Probably ea false positive, scanners use patterns, zip/rar compression on rare occasions, the composition result of the files could be similar to that of a malware footprint . How the characters are jumbled up


----------



## Shinigami Kiba (Aug 30, 2016)

That does make sense, it kept downloading a corrupt file and maybe windows defender thought something was off, but why did it keep downloading that one file as corrupt


----------



## Costello (Sep 2, 2016)

I have uploaded the file to VirusTotal and it seems it's 100% safe





none of the 68 antiviruses detect any problem.

since your thread title might scare users I have taken the liberty of renaming it to indicate a false positive.

also Filetrip has an antivirus running on the servers that periodically scans for malware and removes it.
of course there is still the possibility that someone uploads malware that isn't detected by the antivirus, but it isn't the case here.


----------



## Shinigami Kiba (Sep 2, 2016)

Thanks, I think whatever was causing this was definitely due to some weird corruption in the file that tricked windows defender to think something wasn't right.
I checked and re-checked my system with several anti malware tools I trust and so far it's all clean

Edited your post into the OP so people see it first thing they click on the topic


----------

