Navigraph Hub detected as Malware by Malwarebytes

I realize this could be a false alarm, but why now and never before. From the MBAM log…


According to file manager, that file has existed since Sat 26th August 2023, so it didn’t just arrive.

I’d appreciate an official response from Navigraph as to whether this is an official Navigraph file, or an imposter. As you can see above the file is in a folder called Pending, but it doesn’t seem to be very pending as it is almost a year old. Maybe I can just delete it without affecting Navigraph function or updates in future…?

Anyone else?

I’ve used Navigraph and MBAM for years without any malware problem with Navigraph until now.

Hi @SledDriverSR71,

The pending directory is something the mechanism that updates Navigraph Hub creates for updates that are about to be installed. In an older version of the updater, there was a bug that sometimes did not clear that directory correctly, which might be the reason the file was there. You can safely remove the file without affecting the functionality of the installed application.

It is impossible to deduce whether the file is the original file downloaded from our servers, the original file that has later been infected with malware, or a totally different file from just the filename. The risk that the original file would be infected by malware is close to zero, as the updates are built on special-purpose Linux servers. If it is not a false alarm, it is more likely that the file was infected after downloading it. Are there any other files indicating the same malware on your hard drive?

In any case, I would recommend you delete the file from your hard drive without running it. You can also send me the actual file before deleting it in a DM, and I will check if we still have the original file to verify if it was tampered with.

Kind regards,


Thanks for your excellent reply/support.

I’ve attempted to send you the file directly with a PM on this site. But there is a 20MB size limit.

Where else can I send it?


Hi again @SledDriverSR71,

Thanks for the file! I can confirm that we made and signed this file. After some small investigation, it looks like what is falsely detected as malware is a DLL belonging to the NSIS Installer that we use, which is installed temporarily during the installation of Hub. Apparently, there is obscure malware that uses that filename as a cover, which gives false positives on the real thing as well in some cases. The comparison of the files is just by filename and not content. Hope this clears up the situation :slight_smile:

Kind regards,


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.