Inquiry about a false positive. (IMPORTANT)
Inquiry about a false positive. (IMPORTANT)

Hello everyone,

So, I was looking for a way to compress a folder online, and I saw a webpage called “”, more specifically “”, it looked fine, and it didn’t trigger Malwarebytes defender nor Ublock Origin in the slightest. I thought that it was an online process, so I clicked on the “Compress you file” button. It downloaded immediatly a file called “WinZipStubInstaller.exe ” [Hash: b706eb45419c20fa60de564b8713bfa68fa0d4f3b8aee287ac61242a535e16f2 ], (I never executed the file) so becuase of that, I immediatly uploaded the file to and I got this:

I then copied the download link, and scaned it, and instead of the same thing, I got this:

And as for the WinZip webpage I got the same, no threats detected:

After all this, I ran Windows MRT, then I ran Malwarebytes full scan, and nothing was detected. I scan the “WinZipStubInstaller.exe ” file individually with Malwarebytes, and nothing was detected. I now deleted Malwarebytes, and I am now doing a full scan with Kaspersky (as for now nothing has been detected yet). The thing is that I don’t know if without having run the file, I am aware that viruses and malware can still be installed. I also used the hash that gave me, and I uploaded in Kaspersky Intelligence Portal, and it says that there is not threat, but that there are suspicious activities in the file:

Finally I went to Hybrid Analysis, and search for the file hash, and I found that it has been detected as malicious:

The thing is that here it shows that didn’t detect it, but so far it has been the only one that has detcted it, so I started to get confused. I decided to look for the vendor that dected the virus, and it shows that zilya! is the only one to have found it, both in Hybrid Analyisis and

So when I looked for zilya, I found that even the webpage looked weird, and I decided to look even further, and then I looked for the “Jiangmin” that showed in, and I stumbled upon many forums and reddit pages saying that usually the files marked with “Jiangmin” as a threat are false positives.

So what do you think? Could I have been infected even if i never executed the file? Is this a false positive? If I am infected, what should I do next?

Thank you for you help, and so sorry for the lenght of the post, I wanted to be as thorough as possible so that you can have all the information to give me your opinion.

Edit: Kaspersky already finished, and it detected 0 threats (: .

submitted by /u/_jake2240_
[link] [comments]

Go to Source of this post
Author Of this post: /u/_jake2240_

By admin