Citra Detected As Ransomeware After Update (880 > 881)


Not much to say, Malwarebytes detected Citra randomly as Malware.Ransom.Agent.Generic.I’m going to reinstall from Website, not update server to check if it’s a false positive.

System Information

  • Operating System:
  • CPU
  • GPU:
  • Citra Version (found in title bar)
  • Game
  • Screenshot of Issue (include the full Citra window including titlebar):

Diagnostic Log
Upload your log file as an attachment by dragging & dropping.

In order to save a copy of the log, follow this guide:


In order for us to provide better support, we need to see the log generated by Citra. This guide will walk you through how you can obtain the log file: How to Upload the Log File.


Which file does your antivirus detects as malicious?
i checked only the executables with VirusTotal and it looks fine, from nightly 881 (you can verify that using the sha hash)


there is no update server, nor 3rd party binary host. all downloads go through cloudflare, which caches builds from github releases, which is uploaded to directly by the build bots (appveyor and travis). it’d be very shocking indeed to see someone break this chain as they would’ve had to compromise one of the above servers to do it.


InstallationLog.txt (48.4 KB)