Store Page
Steam Deck
All Discussions Artwork Videos News Guides Reviews

Steam Deck

Store Page
Steam Deck > General Discussions > Topic Details
j.ferri123 Aug 18, 2024 @ 2:34pm
Help with Removing Shady Software from the Steam Deck
Hello Steam Dexperts,
Would you please help me remove shady content that I installed on my Steam Deck before realizing it was not what I thought? Should I factory-reset my Steam Deck to remove this shady software, or is there a less-dramatic solution?
I recently got a Steam Deck OLED, and I love it! I wanted to play my legally purchased Epic Games Store copy of Hogwarts Legacy on the Steam Deck with the Heroic Games Launcher, but it wasn’t launching and running with any version of Proton or Steam Runtime.
I found a top-results YouTube video from Grown Up Gaming called “Can I install Hogwarts Legacy on Steam Deck?” It directed me to a Hogwarts Legacy Steam Deck fix by pdxrico on GitHub. Without stepping back and thinking it through, I downloaded the ‘fix.’ I let it use my sudo password and make a change to the Grub.
I then found out that ‘fix’ was shady and not intended for my legally purchased Epic Games Store copy of Hogwarts Legacy. I would like to remove this shady ‘fix’ from my Deck and undo its change to the Grub. Should I do a factory reset, or is that more than what’s needed? Could I change the sudo password and enter a command to revert the Grub to its previous state? I have fully uninstalled Hogwarts Legacy and deleted this ‘fix,’ but I don’t know if that removed the shady software entirely. Obviously, I should have stepped back and thought this through before installing this ‘fix.’ Lesson learned.
Thank you for any advice you can offer!
< >
Showing 1-8 of 8 comments
Haruspex Aug 18, 2024 @ 3:06pm 
The Linux command line doesn't have an undo button, so you would need to know exactly what that code did to undo it. This is why you don't run random code you find of the Internet when you don't know what it does.

Honestly, without knowing what it did, I would just do a factory reset reimage (Thanks PopinFRESH). Maybe what it did was harmless, or maybe it was a terrible exploit that gave your Steam Deck e-cancer. You can't really know for sure, so one way to be certain.
Last edited by Haruspex; Aug 18, 2024 @ 5:18pm
#1
j.ferri123 Aug 18, 2024 @ 3:18pm 
Originally posted by Haruspex:
The Linux command line doesn't have an undo button, so you would need to know exactly what that code did to undo it. This is why you don't run random code you find of the Internet when you don't know what it does.

Honestly, without knowing what it did, I would just do a factory reset. Maybe what it did was harmless, or maybe it was a terrible exploit that gave your Steam Deck e-cancer. You can't really know for sure, so one way to be certain.
Fair point. I’ll probably do a factory reset, then, to hopefully remove this thing.
#2
PopinFRESH Aug 18, 2024 @ 5:05pm 
Do most of the games you play on Steam Deck use Steam Cloud for their saves?

I'd personally do a re-image rather than a factory reset. If whatever it was had root privileges and was making changes to GRUB it would not be unheard of that if it contained malicious code that it would persist after a factory reset. Without knowing what the code specifically did there is no way to know if there is anything malicious or not. You can't really postfacto determine what occurred via logs, etc. as it was given root level access so it could do whatever and remove whatever was done from any logs.

A factory reset doesn't wipe the OS, it wipes the user account and resets specific settings. A re-image will completely wipe the system including the bootloader (GRUB).

This is the same reason, as an example, for linux servers that have been root compromised the only real solution is to backup the data and do a clean install of the operating system after nuking the existing filesystems. Otherwise you have no idea what backdoor(s) have been left in the compromised system.
#3
j.ferri123 Aug 18, 2024 @ 7:19pm 
Originally posted by PopinFRESH:
Do most of the games you play on Steam Deck use Steam Cloud for their saves?

I'd personally do a re-image rather than a factory reset. If whatever it was had root privileges and was making changes to GRUB it would not be unheard of that if it contained malicious code that it would persist after a factory reset. Without knowing what the code specifically did there is no way to know if there is anything malicious or not. You can't really postfacto determine what occurred via logs, etc. as it was given root level access so it could do whatever and remove whatever was done from any logs.

A factory reset doesn't wipe the OS, it wipes the user account and resets specific settings. A re-image will completely wipe the system including the bootloader (GRUB).

This is the same reason, as an example, for linux servers that have been root compromised the only real solution is to backup the data and do a clean install of the operating system after nuking the existing filesystems. Otherwise you have no idea what backdoor(s) have been left in the compromised system.
Wow. That’s good to know. I’ve unfortunately gone ahead with the factory reset, though. With the help of a SteamDeck subreddit and me spending time going through my Grub file, the redditors and I found that this shady ‘fix’ only seemed to enter this command in Grub: clearcpuid=514 for the game it was ‘fixing.’ I can certainly check the Grub again or perform a new command to try and wipe anything else. Can I do a full reimage on my own with the Deck? I do use cloud saves in all my games, and I haven’t made any crucial progress in games on the Deck yet.
Last edited by j.ferri123; Aug 18, 2024 @ 7:33pm
#4
tfk Aug 19, 2024 @ 1:39am 
I believe 514 is the User mode instruction prevention switch.

I found some more info here.

https://lwn.net/Articles/705877/
#5
j.ferri123 Aug 19, 2024 @ 6:35am 
Originally posted by tfk:
I believe 514 is the User mode instruction prevention switch.

I found some more info here.

https://lwn.net/Articles/705877/
Thank you for sharing that! That’s helpful information.
#6
PopinFRESH Aug 19, 2024 @ 8:09pm 
Originally posted by j.ferri123:
Originally posted by PopinFRESH:
Do most of the games you play on Steam Deck use Steam Cloud for their saves?

I'd personally do a re-image rather than a factory reset. If whatever it was had root privileges and was making changes to GRUB it would not be unheard of that if it contained malicious code that it would persist after a factory reset. Without knowing what the code specifically did there is no way to know if there is anything malicious or not. You can't really postfacto determine what occurred via logs, etc. as it was given root level access so it could do whatever and remove whatever was done from any logs.

A factory reset doesn't wipe the OS, it wipes the user account and resets specific settings. A re-image will completely wipe the system including the bootloader (GRUB).

This is the same reason, as an example, for linux servers that have been root compromised the only real solution is to backup the data and do a clean install of the operating system after nuking the existing filesystems. Otherwise you have no idea what backdoor(s) have been left in the compromised system.
Wow. That’s good to know. I’ve unfortunately gone ahead with the factory reset, though. With the help of a SteamDeck subreddit and me spending time going through my Grub file, the redditors and I found that this shady ‘fix’ only seemed to enter this command in Grub: clearcpuid=514 for the game it was ‘fixing.’ I can certainly check the Grub again or perform a new command to try and wipe anything else. Can I do a full reimage on my own with the Deck? I do use cloud saves in all my games, and I haven’t made any crucial progress in games on the Deck yet.

If thats the case and you've already done the factory reset, just re-do the same steps and select to re-image instead as you're already at relatively the same point but without wiping the OS filesystems. It doesn't take too much longer to redo it as a re-image; and its not something I'd chance my Steam library on; especially with 600+ games like yours.

Here is the Steam Deck Recovery Instructions for creating the USB flash drive (UFD) and booting from it to perform the re-image. If you use cloud saves for any game you'd be playing on Steam Deck then you'll be no worse off and it'll automatically re-sync your saves once you re-install any games after re-imaging.

If you decide to re-image it and need any help beyond that support doc feel free to ask and I'd be happy to help.
#7
j.ferri123 Aug 20, 2024 @ 6:16am 
Originally posted by PopinFRESH:
Originally posted by j.ferri123:
Wow. That’s good to know. I’ve unfortunately gone ahead with the factory reset, though. With the help of a SteamDeck subreddit and me spending time going through my Grub file, the redditors and I found that this shady ‘fix’ only seemed to enter this command in Grub: clearcpuid=514 for the game it was ‘fixing.’ I can certainly check the Grub again or perform a new command to try and wipe anything else. Can I do a full reimage on my own with the Deck? I do use cloud saves in all my games, and I haven’t made any crucial progress in games on the Deck yet.

If thats the case and you've already done the factory reset, just re-do the same steps and select to re-image instead as you're already at relatively the same point but without wiping the OS filesystems. It doesn't take too much longer to redo it as a re-image; and its not something I'd chance my Steam library on; especially with 600+ games like yours.

Here is the Steam Deck Recovery Instructions for creating the USB flash drive (UFD) and booting from it to perform the re-image. If you use cloud saves for any game you'd be playing on Steam Deck then you'll be no worse off and it'll automatically re-sync your saves once you re-install any games after re-imaging.

If you decide to re-image it and need any help beyond that support doc feel free to ask and I'd be happy to help.
Thank you for the help! I’ll definitely let you know if I have questions.
#8
< >
Showing 1-8 of 8 comments
Per page: 1530 50

Steam Deck > General Discussions > Topic Details
Date Posted: Aug 18, 2024 @ 2:34pm
Posts: 8

Discussions Rules and Guidelines