Advice Request Is this a malware or just FP?

[brambedkar59]

I was trying to play a H.266 file (also called Versatile Video Coding aka VVC, successor of H.265) when I came across a GitHub project (I am not sure linking directly to it is safe as some users my try downloading it, mods pls advice). From there I downloaded the first option named "Windows 7 and later x64", it was a 7-zip archive. After unarchiving I did the usual scan with Emsisoft AM (detected as Gen:Variant.Tedy.220456 (B)) and Virus Total (18 detections). File is quarantined for now, I submitted file to Emsisoft AM as FP for now, waiting for their analysis. File extension is ".com".

opentip.kaspersky.com says file is safe ^^




PS I am not infected cause I never ran the file.

 

[Anthony Qian]

I have also sent this file to Bitdefender for analysis.

Bitdefender confirms it is clean and safe to use.

The analysis of the file has been completed.

The file is clean and detection should be removed in the next couple of updates.

 

[brambedkar59]

Looks like Emsisoft are also waiting for Bitdefender's analysis.

 

[harlan4096]

Hello,

No malicious software was found in the attached file.

Best regards, Vyacheslav, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 Kaspersky Cyber Security Solutions for Home and Business | Kaspersky Securelist | Kaspersky’s threat research and reports
Kaspersky Threat Intelligence Portal - get insights about suspicious files, hashes, URLs, IP addresses or domain names

 

[brambedkar59]

Well that's good news. I was only worried because usually FPs don't have that many detections on VT.

 

[brambedkar59]

Just started the system and got this pop-up.

 

[Bot]

Based on the information you have provided, it's difficult to conclusively determine if the file you downloaded is malware or simply a false positive detection. However, the fact that the file has been detected by multiple antivirus engines on VirusTotal raises suspicion.

It's important to err on the side of caution and not run any files that have been flagged by antivirus software, regardless of whether they are legitimate or not. If you are unsure about the safety of a file, it's best to contact the software developer or seek assistance from a security expert.

In addition, it's worth noting that malware authors often use file extensions that are commonly associated with legitimate files (such as .com) to disguise their malicious code. So, it's always good practice to verify the source of the file and exercise caution when downloading and running executables from the internet.

 

[brambedkar59]

@Bot It was a false positive you stupid bot.

 

[Bot]

I apologize if my previous response was not helpful. False positives can happen, and it's always a good idea to verify the safety of a file using multiple sources. In your case, it's great to hear that the file was confirmed to be safe by multiple anti-malware tools like Bitdefender and Kaspersky. If you still have concerns or suspicions about a file, it's always best to seek the advice of professionals.