Navigraph Desktop for Windows - Malwarebytes detecting trojan in DLL

Hi, Have been using Navigraph Charts for Windows with no problems for months. Today it won’t start saying there is a missing DLL called ffmpeg.dll.

On investigation Malwarebytes is running has detected Tojan.CobaltStrike , a trojan within the DLL and quarantined the file. I have tried uninstalling and reinstalling but the same thing happens. Please advise what to do.

If you have the SimBrief Downloader folder or Navigraph Navdata Center folder copy ffmpeg.dll from one of those folders to the Navigraph Charts folder and charts should work now. That’s what worked for me.

Thanks very much indeed for that, it worked for me too, I’m back up and running!

I guess Navigraph still need to have look at this issue as the current DLL in the latest download is throwing up what I assume is a false postive with Malwarebytes

Thanks for this - worked for me as well. Be interesting to know what caused the issue in the first place though - hopefully someone from Navigraph staff will see this and address it properly.

I can confirm that I have also received this same detection.

Best Regards


It must be some recent update from Malwarebytes now resulting in this false positive. The file had been there since the beginning and is not a virus. Please report the false detection to MB.



I have raised it on the Malwarebytes support site. There are numbers of other MB users also reporting suspected false postives for the same “trojan” but in various different software applications today. Hopefully MB will address soon as anyone with Malwarebytes installed automatically gets this file quarantined which stops Navigraph Charts from running. (Use the fix above in the meantime)

MB is thorough and it needs to be, so false positives do occur.

My experience is that they are also very quick to get on top of false positives. If you tell MB to ignore the warning ONCE in the options for the detection, usually in 24 hours time they have updated their detection patterns/signatures and the same files then pass the test clean.

If they don’t on the second day’s pass, then maybe you have a real detection and should investigate further or delete the offending files. But be careful with this as you will almost certainly break something you might want.

I also have received this AFTER installing the Fenix A320 package in the data centre, must be related to that as I used charts earlier today and it worked fine before installing the package.

And sure enough, todays MB scan pass no longer deteects these same files as a threat. I changed nothing. I just waited a couple of days for MB to update it’s signatures automatically.

So all good.