(fixed - false positive) A potential virus on Filetrip

Discussion in 'Site Discussions & Suggestions' started by Shinigami Kiba, Aug 30, 2016.

  1. Shinigami Kiba
    OP

    Shinigami Kiba GBAtemp Advanced Fan

    Member
    606
    10
    Oct 28, 2007
    Macedonia, The Former Yugoslav Republic of
    UPDATE: Alright folks, whatever it was it was fortunatley a false positive

    ----------------
    I don't know if Filetrip is part of GBAtemp or not but I was updating emulators on my Wii when I tried to download snes9x GX 4.3.2 and was told by Windows Defender that the file contains a virus, so it promptly deleted it.
    https://filetrip.net/wiiu-downloads/homebrew/download-snes9x-gx-4-3-2-f31107.html

    I thought it might be a false positive and that Windows Defender was picking up something form inside the archive so foolishly i temporarly disabled realtime protection, downloaded the 7zip archive and tried to run it just to be told that it's corrupted by winrar.

    I don't know if there was something in there and if something executed or not, I enabled windows defender's realtime protection again, ran a scan, ran a scan with malwarebytes too and nothing turned up but you never know what damage might have been caused.

    I keep my computer clean and well maintained, I may not be a computer person or a tech savvy guy but I know enough to keep spyware and malware off my system so this caught me off guard.
     
    Last edited by Shinigami Kiba, Sep 2, 2016
  2. Seriel

    Seriel Worshipper of Skiddos

    Member
    2,742
    5,045
    Aug 18, 2015
    United Kingdom
    UK
  3. raulpica

    raulpica With your drill, thrust to the sky!

    Supervisor
    11,036
    7,349
    Oct 23, 2007
    Italy
    PowerLevel: 9001
    @Shinigami Kiba
    Are you sure you didn't click on one of those fake popups that lead you to OTHER downloads? (which are malware)

    Sadly we don't have control on ads, so sometimes stuff like that slips in without us noticing.

    The real download button is on the right and has the "Download File" text on it.
     
    Seriel likes this.
  4. Seriel

    Seriel Worshipper of Skiddos

    Member
    2,742
    5,045
    Aug 18, 2015
    United Kingdom
    UK
    I have an adblocker so it might look different
    upload_2016-8-30_15-4-42.png
     
  5. _v3

    _v3 GBAtemp Advanced Fan

    Member
    539
    267
    Oct 12, 2013
    Croatia
    Filetrip is run by gbatemp, support the site and turn adblock off (atleast on these 2 domains).
     
  6. Shinigami Kiba
    OP

    Shinigami Kiba GBAtemp Advanced Fan

    Member
    606
    10
    Oct 28, 2007
    Macedonia, The Former Yugoslav Republic of
    Guys, I don't see any pop ups.
    After clicking the download button it takes me to the regular download page, that's where it downloads the bad 7zip.
    It's the only file that does this as far as im aware, I ever recorded a video of it.


    but get this, after recording the video of it I was able to download a clean non virus infested version so either someone fixed it or I don't know what happened.

    I tried like 10 times and it did the same as in the video

    My system is clean and well maintained

    edit: also my connection is 15Mbps and no files don't take this long to download normally, especially not small ones like that, so that's on the site's end, I can post video proof of this too if needed.
     
    Last edited by Shinigami Kiba, Aug 30, 2016
  7. leerz

    leerz GBAtemp Advanced Fan

    Member
    528
    133
    Jan 11, 2015
    Makati
    Probably ea false positive, scanners use patterns, zip/rar compression on rare occasions, the composition result of the files could be similar to that of a malware footprint . How the characters are jumbled up
     
  8. Shinigami Kiba
    OP

    Shinigami Kiba GBAtemp Advanced Fan

    Member
    606
    10
    Oct 28, 2007
    Macedonia, The Former Yugoslav Republic of
    That does make sense, it kept downloading a corrupt file and maybe windows defender thought something was off, but why did it keep downloading that one file as corrupt
     
  9. Costello

    Costello Headmaster

    Administrator
    12,440
    5,772
    Oct 24, 2002
    I have uploaded the file to VirusTotal and it seems it's 100% safe

    upload_2016-9-2_8-56-9.png

    none of the 68 antiviruses detect any problem.

    since your thread title might scare users I have taken the liberty of renaming it to indicate a false positive.

    also Filetrip has an antivirus running on the servers that periodically scans for malware and removes it.
    of course there is still the possibility that someone uploads malware that isn't detected by the antivirus, but it isn't the case here.
     
  10. Shinigami Kiba
    OP

    Shinigami Kiba GBAtemp Advanced Fan

    Member
    606
    10
    Oct 28, 2007
    Macedonia, The Former Yugoslav Republic of
    Thanks, I think whatever was causing this was definitely due to some weird corruption in the file that tricked windows defender to think something wasn't right.
    I checked and re-checked my system with several anti malware tools I trust and so far it's all clean

    Edited your post into the OP so people see it first thing they click on the topic
     
    Last edited by Shinigami Kiba, Sep 2, 2016