PKHeX Wacatac.H!ml virus

badblood08

badblood08

Active Member
OP
Newcomer
Level 2
Joined
Feb 5, 2022
Messages
37
Trophies
0
XP
178
Country
United States
I tried downloading the latest PKHeX from here: https://projectpokemon.org/home/files/file/1-pkhex/

Windows Security got this virus:
1670004007188.png

1670003920198.png


Is this a false positive virus? Should I disregard this. Please advise.

Thanks!
 
SylverReZ

SylverReZ

The planet is fine. The people are crazy.
Member
GBAtemp Patron
Level 29
Joined
Sep 13, 2022
Messages
7,225
Trophies
3
Location
The Wired
Website
m4x1mumrez87.neocities.org
XP
22,152
Country
United Kingdom
  • Like
Reactions: scionae, E1ite007, badblood08 and 2 others
binkinator

binkinator

Garfield’s Fitness Coach
Member
GBAtemp Patron
Level 16
Joined
Mar 29, 2021
Messages
6,511
Trophies
2
XP
6,155
Country
United States
  • Like
Reactions: badblood08 and SylverReZ
badblood08

badblood08

Active Member
OP
Newcomer
Level 2
Joined
Feb 5, 2022
Messages
37
Trophies
0
XP
178
Country
United States
M4x1mumReZ said:
Pop the file into VirusTotal or Hybrid-Analysis and it'll tell you whether if this is the case or not. Microsoft Defender generates tons of false positives, so you shouldn't worry about anything.
Click to expand...
Only 1 vendor found it as a virus
1670004273980.png

I'm not sure if this is an isolated case that can be disregarded
 
binkinator

binkinator

Garfield’s Fitness Coach
Member
GBAtemp Patron
Level 16
Joined
Mar 29, 2021
Messages
6,511
Trophies
2
XP
6,155
Country
United States
  • Like
Reactions: badblood08 and SylverReZ
halfashark

halfashark

Well-Known Member
Newcomer
Level 3
Joined
Nov 10, 2022
Messages
88
Trophies
0
XP
287
Country
Canada
no matter what i scan virustotal always has at least 1-2 vendors mark it as a false positive. i've uploaded empty archives, blank raw text documents and random images and photos and there's always at least one.

i would be more concerned if several caught it. additionally if you google the name of said malware you'll see that every single post and thread mentions it being an extremely common false positive. windows defender seems to mark benign python and c++ scripts as being infected with this quite frequently.

you're probably fine but if you're ever super paranoid maybe consider putting a linux distro on a flash drive and performing your mods on that. it wouldn't 100% protect you unless you also physically disconnected any other mountable media but it would certainly add a layer of protection and teach you some new skills.
 
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,332
Trophies
2
XP
18,216
Country
Sweden
halfashark said:
no matter what i scan virustotal always has at least 1-2 vendors mark it as a false positive. i've uploaded empty archives, blank raw text documents and random images and photos and there's always at least one.

i would be more concerned if several caught it. additionally if you google the name of said malware you'll see that every single post and thread mentions it being an extremely common false positive. windows defender seems to mark benign python and c++ scripts as being infected with this quite frequently.

you're probably fine but if you're ever super paranoid maybe consider putting a linux distro on a flash drive and performing your mods on that. it wouldn't 100% protect you unless you also physically disconnected any other mountable media but it would certainly add a layer of protection and teach you some new skills.
Click to expand...
PKhex doesn't work really well with Mono according to PKhex themselves.
 
halfashark

halfashark

Well-Known Member
Newcomer
Level 3
Joined
Nov 10, 2022
Messages
88
Trophies
0
XP
287
Country
Canada
linuxares said:
PKhex doesn't work really well with Mono according to PKhex themselves.
Click to expand...
Oh, wild. Windows only. How bizzare... guess it's due to their choice of language. (C#).

That's... actually really lame. Guess the 2nd best would just be a windows virtual machine with stuff like PAE/NX and shared clipboards/drag and drops disabled. That said it's most definitely a false positive but for those who are worried it's at least a way to accommodate for their concerns.

Still. Dang.
 
The Real Jdbye

The Real Jdbye

*is birb*
Member
Level 23
Joined
Mar 17, 2010
Messages
23,317
Trophies
4
Location
Space
XP
13,899
Country
Norway
badblood08 said:
Only 1 vendor found it as a virus
View attachment 341145
I'm not sure if this is an isolated case that can be disregarded
Click to expand...
Probably. Even the 1 detection is vague/heuristics and not a real detection.
It appears it's scanning the URL as a website though, rather than scanning the file. You'd get better results if you downloaded the file and manually uploaded it.
 
  • Like
Reactions: SylverReZ
Hayato213

Hayato213

Newcomer
Member
Level 28
Joined
Dec 26, 2015
Messages
20,004
Trophies
1
XP
21,069
Country
United States
W0rmy said:
No you don’t. You need common sense. Defender has been fine for ages and alerting him fine. As someone has said it’s alerting on that URL.

Common sense would be to find a more reputable download link.
Click to expand...

There is no problem downloading it from projectpokemon.org, I been downloading pkhex from there for years and no issues. Just that he got a false detection.
 
  • Like
Reactions: Apistogramma and SylverReZ
X

XVicarious

Member
Newcomer
Level 2
Joined
Aug 10, 2014
Messages
11
Trophies
0
XP
131
Country
United States
See here

I tried myself, but I didn't have the patience to make heads or tails of it. A lot of duplicate implementations seem to exist in the source itself. Maybe I'll try again later.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Last switch firmware blocking MIG SWITCH?

Crosscode Hacking thread

Hacking  Loader.kip for AMS 1.7.0 with FW 17.0.1 - sys-clk error ??

Migswitch backups without certificate files

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: Att is displaying prices like it's an ingredients list now lol