Have you tried virustotal.com I just put my 20xx.exe in there and got a 1 out of 68 scanners detected the file as possibly harmful.

Backdoor:Win32/Bladabindi!ml? Backdoor:Win32/Bladabindi!ml is Microsoft Defender Antivirus definition for a malware that is a variant of Bladabindi family of Trojan. This particular version can allow a remote attacker to gain control of the infected computer through backdoor. The Trojan frequently communicates to a remote server to download other malware that it can drop and execute on victim’s machine.

Payload When executed, Backdoor:Win32/Bladabindi!ml will directly hit Windows registry. It will include an unwanted entry to it in order to disable warning messages that Windows prompts each time an illegal activity occurs on the system. The same actions will carry out by the Trojan that will reduce the security settings on the infected computer. With this action, user may be prone to any virus attack while browsing the web or receiving emails.

Unlike most Trojan, Backdoor:Win32/Bladabindi!ml does not create a registry entry to run itself on Windows start-up. Instead, this threat will inject harmful code into valid processes including explorer.exe, iexplore.exe, firefox.exe, chrome.exe, opera.exe, and safari.exe. Trojan will load if user runs any of these programs -- This is probably what happened with your 20XX.

Then, the Trojan tries to contact a command and control (C&C) server through HTTP request on the same port 80, the same way users can connect to the Internet. During analysis, it was discovered that most of C&C servers that provides remote command for this threat are originating from .TW domains.

Lastly, Backdoor:Win32/Bladabindi!ml attempts to gather cookie data from the infected computer. It is also interested in collecting Internet certificates and stores them under UserProfile folder.





I recommend doing a deep clean of your system immediately. Boot into safe mode with networking and get a stronger third party tool to scan the system. Windows Defender is okay for free first party, but there are better on the market, like Combo Cleaner, Malware Bytes, etc.

Much appreciated for the cleanup info, thank you.
But I'm more concerned about the update itself; I'm concerned there may have been an infection in the 20XX UPDATE, and want to ensure it doesn't accidentally spread to others out there.

Originally posted by Engineer Diesel:

Much appreciated for the cleanup info, thank you.
But I'm more concerned about the update itself; I'm concerned there may have been an infection in the 20XX UPDATE, and want to ensure it doesn't accidentally spread to others out there.

My 20XX shows up clean.

Like I said in my first post, it's likely the malware decided to nestle itself up inside your 20XX folder, as that is the behavior of this particular trojan; hiding itself in already installed programs and then releasing the payload when you run that program.

Hey! I think we chatted over twitter - just copy/pasting my answer here in case anyone comes across it later.

20XX has had a bit of a history with being flagged by AV for reasons I'm not super sure of - I think this is more of the same. Don't seem to detect anything amiss in the game exe.

Additionally - Steam checks uploaded binaries for bad stuff - pretty sure all's well here.

Originally posted by batterystaplegames:

Hey! I think we chatted over twitter - just copy/pasting my answer here in case anyone comes across it later.

20XX has had a bit of a history with being flagged by AV for reasons I'm not super sure of - I think this is more of the same. Don't seem to detect anything amiss in the game exe.

Additionally - Steam checks uploaded binaries for bad stuff - pretty sure all's well here.

Are you able to afford a digital signature for your executables? This would help you build a reputation and avoid random false positives.

Do your research; only the ignorant use anti-virus software these days. You'll be fine as long as you're not a toddler, a senior, or otherwise brand-new to the Internet and therefore likely to do something stupid. All AV is good for these days is false positives and bogging down your system.