Virustotal alerts

JMLukas · March 24, 2025, 9:45pm

Hi, I’ve found malware alerts on Virustotal.

mkvtoolnix-64-bit-91.0-setup.exe: W32.AIDetectMalware (Bkav Pro)
mkvtoolnix-64-bit-91.0.7z: Trojan.Malware.300983.susgen (MaxSecure).

Can anyone confirm if these are false positives?

mbunkus · March 25, 2025, 8:33am

First of, where did you download the files? The only official sources for the Windows builds are https://mkvtoolnix.download/downloads.html & the Microsoft Store. All other sites offering Windows binaries are unofficial mirrors (if well meaning) or outright malicious distributors such as mkvtoolnix[.]org.

Next, I provide checksums for the files I upload. You can compare your files’ checksums with the ones I provide to verify that they’re the same.

Additionally those results are somewhat suspect, especially the generic names. They’re indicators that the scanners do behavior analysis and found something they think might be something — but not that they have definitive proof. As none of the other scanners report anything, I feel safe to say that this is a false positive.

Lastly my build process for the Windows binaries is run solely on Linux (yes, I build on Linux for Windows). No Windows installation is involved in the creation of those binaries at all. It’s highly unlikely a Windows virus infects those binaries before I upload them to my server (which is a Linux server as well).

JMLukas · March 25, 2025, 12:06pm

Hello,

I downloaded them from the official website: MKVToolNix Downloads – Matroska tools for Linux/Unix and Windows

I think it could be a false positive. This didn’t happen in previous versions.

Thanks

(mkvtoolnix-64-bit-91.0-setup.exe)

(mkvtoolnix-64-bit-91.0.7z)

mbunkus · March 25, 2025, 12:16pm

It happens every now and then. It’s not unusual. So far I haven’t had a real infection in the more than 20 years that I’ve been maintaining MKVToolNix.

VetroPippo · March 29, 2025, 3:27pm

Buonasera. Chiedo scusa ma ho lo stesso problema e sono un poco impaurito. Potresti sistemare la cosa? Grazie per tutto.

Good evening. I apologize but I have the same problem and I’m a little scared. Could you fix it? Thanks for everything.

mbunkus · March 29, 2025, 3:52pm

I cannot fix this as there is no virus in the files in the first place. That’s why it’s called a “false positive”.