What's new

[RT-AC88U][386.12_4] "backup_jffs.tar Failed - Virus detected" Error saving JFFS partition: Trojan:Script/Wacatac.B!ml

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here

After most recent update to 386.12_4 firmware on my Asus RT-AC88U router I am unable to backup/save the JFFS partition via web GUI.

I receive an error "backup_jffs.tar Failed - Virus detected" instead.

Screenshot 2023-12-27 145356.png

Has anyone faced this before?

P.S. I did just sign up for the forums.....long time reader, first time joining......it is unfortunate this is my first post as I planned on doing an introduction in the appropriate forum instead...
Has anyone faced this before?
Yes, it's been seen before occasionally. It's a false positive, ignore it. If you want to be absolutely sure get your antivirus to tell you what it thinks the problem is and check it manually yourself.
What OS and Web Browser are you saving to?
What OS and Web Browser are you saving to?
Windows11 and Chrome....

Did the same process just an hour ago prior to the update without any issues.
As @ColinTaylor said, very likely was a false positive.
Here are the details from virus defender:

Looks to have identified: Trojan:Script/Wacatac.B!ml

Threat found - action needed.
2023-12-27 10:22


Detected: Trojan:Script/Wacatac.B!ml
Status: Active
Active threats have not been remediated and are running on your device.

Date: 2023-12-27 15:02

Date: 2023-12-27 15:02

Affected items:
webfile: D:\00_GDRIVE_xxxxxxxx\ZZ_BACKUPS\ASUS_RT-AC88U\ZARCH_RT-AC88U_20231227_1445\backup_jffs.tar||pid:1460,ProcessStart:133481583144912969
webfile: D:\00_GDRIVE_xxxxxxxx\ZZ_BACKUPS\ASUS_RT-AC88U\ZARCH_RT-AC88U_20231227_1445\backup_jffs.tar||pid:16872,ProcessStart:133481586532135438
webfile: D:\00_GDRIVE_xxxxxxxx\ZZ_BACKUPS\ASUS_RT-AC88U\ZARCH_RT-AC88U_20231227_1445\backup_jffs.tar||pid:1972,ProcessStart:133481586811924378
webfile: D:\00_GDRIVE_xxxxxxxx\ZZ_BACKUPS\ASUS_RT-AC88U\ZARCH_RT-AC88U_20231227_1445\backup_jffs.tar||pid:2404,ProcessStart:133481588142467151
webfile: D:\00_GDRIVE_xxxxxxxx\ZZ_BACKUPS\ASUS_RT-AC88U\ZARCH_RT-AC88U_20231227_1445\backup_jffs.tar||pid:27172,ProcessStart:133481593226080314

Learn more
This program is dangerous and executes commands from an attacker.

Screenshot 2023-12-27 153149.png
It's possible that it's not actually the contents of the file that's the problem, but that you have malware running on your PC that is intercepting the download and trying to manipulate it.

Can you download it on another PC and check it on https://www.virustotal.com/
I have the same issue on an unrelated firmware (Voxel's Netgear R7800 firmware), when trying to save a backup on an up-to-date Windows 11 PC using Chrome.
I think a security update is wrongly blocking .tar files from downloading.

It downloads fine on my Android phone.

I've run various virus checks on my PC and found nothing.
I'm treating it as a false positive.
I hit the same exact issue - then I momentarily disabled AV, downloaded the tar, uploaded it to Virustotal, and zero viruses were detected.

(For good measure I did a Windows Update check, got the very very latest virus defs, and had the same problem.)

I extracted the tar to a directory and scanned it and... nothing. Even the tar itself is fine according to Windows. Whatever is going on, it's strictly happening between Chrome and Windows Defender.

(I posted the same reply to the other thread)
Last edited:
A link to the 'other thread' would have been sufficient.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!