Ive been getting 5 warnings of this malware and they are somehow linked to my Steam (as you can see from the attached picture). Malwarebytes Anti-Malware and avast! scans found nothing. Any help to get this removed will be appreciated!
One friend of mine said that this malware isnt really dangerous, however the descriptions in internet stated otherwise. So a side question would be should I really take actions or just for example reinstall Steam since even Malwarebytes couldnt find anything?
In all honesty I believe these aren’t going to resolve this as it may be a false positive on the steam file.
So I would suggest you do this first:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to Open the chest and right click on the file and select ‘Extract’ it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
Try a forum search for this file name as I believe there are a couple of topics about steam possible false positives (I can’t remember if it was for this file).
DavidR, thanks a thousand times for posting that! Now I can be fairly sure it is a false positive (as far as I understood) and can be ignored for now. However if someone finds something useful from my logs, please post them
I would never suggest that it is ignored, but that it is investigated, which is why I gave the instructions to confirm by examination at virus total, if it proves to be an FP then the sample should be sent to avast as an FP so that the signatures can be updated. Before doing that ensure that you have the latest virus definitions and scan the file again.
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn’t hurt.
@@@@
In the meantime (if you accept the risk), add the full path to the file to the exclusions lists (see Note below): File System Shield, Expert Settings, Exclusions, Add and avast Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the * to \file_name.exe where file_name.exe is the file you want to exclude.
Yesterday, the same problem with Steam cropped up here. The files posted plus a couple more and also the main .exe for the game Rage. I had to exclude the entire Steam folder from being scanned to play the game. I first scanned the folder with Malwarebytes and it found no problems so I’m sure they are all FP’s. Everything was fine before yesterday’s (7/26) round of definitions.
