Originally posted by matke587:

Both my desktop and laptop each running different AVs (Bitdefender antivirus Plus and Kaspersky Total Security, the top two you can buy) both of which have detected the trojan. I updated steam on both of my systems yesterday and they had the exact same steam game files. And the fact both of them have detected it I am more inclined to believe them, than over someone sitting at a desk somewhere, who doesn't work for Valve claiming "it must be a false positive". I trust my AVs to do their job, otherwise whats the point in having them!

Edit: Uninstalled Steam on both systems including the game files, then reinstalled with just the game I am currently playing. And nether AVs have detected anything, so must have been in one of the other game updates.

You might be shocked.....but the av companies are using partly the same sources to make their definition files.

And there is a reason that sometimes they update them more than once a day.

Originally posted by Anonymous:

Originally posted by Satoru:

Basically stop using anything other than MS Defender so you stop getting these nonsense false positives. All consumer anti virus is basically trash. At least MS defender doesn’t throw you so many false positives and other nonsense

MS defender is only for people who do mild browsing, if you do something else you are going to need better protection.
Microsoft Defender can provide basic anti-virus protection, but it doesn't offer ransomware and malware/rootkits protection and it won't pick up stuff that normally is dangerous. It is always to do research before getting a antivirus software and get a reputable one that has been around long enough like F-secure, BitDefender, Norton.

And that might will shock you....but most AV can detected that stuff only after it is already on your pc.

And no idea when you last used the defender, but in my there is a ransomware protection build in.

And the best AV can't protect you if you go deliberately to sites which host malware.

Originally posted by ShadowShifterMarlith:

You really think a multi billion dollar company is going to upload a trojan?

Yes I Do.

That is how much I trust the company.

Trust has been broken, & they are not to be trusted anymore.

Hi GuRu's alt account.

We know you have your issues with Valve but can you provide proof that Valve is uploading trojans?

Originally posted by cSg|mc-Hotsauce:

Hi GuRu's alt account.

Accurate.

Originally posted by ShadowShifterMarlith:

You really think a multi billion dollar company is going to upload a trojan?

Yes I Do.

That is how much I trust the company.

Trust has been broken, & they are not to be trusted anymore.

I trust a company that removes outright dangerous lethal "advice" that would kill people if they followed it in the Hardware & OS section, and shows the user the door when they do so on numerous occasions. That's called removing a liability from their platform, by doing that I saw more trust in them. They're also not a trojan, as many terrible A/Vs will see almost anything as a trojan or virus. Low end A/Vs shouldn't be taken as seriously compared to A/Vs that know standard well-known high reputation apps aren't malware.

Originally posted by matke587:

As the headline says today my anti-virus flagged Steam as having a trojan. Now not sure if it was a false positive, but removed it all the same. I don't know what got deleted but I had to reinstall Steam when I found out it wouldn't open up even in admin mode.

Valve ( or whoever is responsible) might want to run a check on the latest steam patch, just to make sure nothing was uploaded with it.

Edit. The trojan was in the Steam folder, it was not there before steam update.

Out of pure curiosity, what was the malware's name if it was displayed, or the file it said was a trojan? It should be noted that most, if not all, anti-virus programs should display the virus's name along with the folder/file/execution it infected.

I ask because if you can provide those details (unless I missed them earlier in this topic) then I can do a swift check to see if the virus is real or not, as I want to note further more that false positive or not, its possible that Steam in of itself is fine but something was detected along the lines with another file (IE: A dropper or even adware play mad with the antivirus)

Originally posted by Shizune:

..... its possible that Steam in of itself is fine but something was detected along the lines with another file (IE: A dropper or even adware play mad with the antivirus)

It probably detected nothing which came onto the pc.

If it was just found trough Heuristik (as in...it only scans a file for certain things and if enough similarity is found with known stuff it detects a threat just in case and assumes that it might be that as it is the closest match) scan then a false positive is more likely as a direct match with something known.

Originally posted by Wolfpig:

Originally posted by Shizune:

..... its possible that Steam in of itself is fine but something was detected along the lines with another file (IE: A dropper or even adware play mad with the antivirus)

It probably detected nothing which came onto the pc.

If it was just found trough Heuristik (as in...it only scans a file for certain things and if enough similarity is found with known stuff it detects a threat just in case and assumes that it might be that as it is the closest match) scan then a false positive is more likely as a direct match with something known.

Which is why I'm a little curious is all, like I'm agreeing it most likely a false positive but its always better safe then sorry!

Has OP at all mentioned the specific AV program and detection name?

Originally posted by Crashed:

Has OP at all mentioned the specific AV program and detection name?

Probably not, but SAS says nothing, on latest definition update, and process explorer does not flag steam.exe or steamwebhelper.exe as malicious. https://imgur.com/a/VDdSPto

Soooo yea..

Originally posted by Crashed:

Has OP at all mentioned the specific AV program and detection name?

Here:

Originally posted by matke587:

Both my desktop and laptop each running different AVs (Bitdefender antivirus Plus and Kaspersky Total Security, the top two you can buy) both of which have detected the trojan. I updated steam on both of my systems yesterday and they had the exact same steam game files. And the fact both of them have detected it I am more inclined to believe them, than over someone sitting at a desk somewhere, who doesn't work for Valve claiming "it must be a false positive". I trust my AVs to do their job, otherwise whats the point in having them!

Edit: Uninstalled Steam on both systems including the game files, then reinstalled with just the game I am currently playing. And nether AVs have detected anything, so must have been in one of the other game updates.

Originally posted by happy:

Originally posted by Crashed:

Has OP at all mentioned the specific AV program and detection name?

Here:

Originally posted by matke587:

Both my desktop and laptop each running different AVs (Bitdefender antivirus Plus and Kaspersky Total Security, the top two you can buy) both of which have detected the trojan. I updated steam on both of my systems yesterday and they had the exact same steam game files. And the fact both of them have detected it I am more inclined to believe them, than over someone sitting at a desk somewhere, who doesn't work for Valve claiming "it must be a false positive". I trust my AVs to do their job, otherwise whats the point in having them!

Edit: Uninstalled Steam on both systems including the game files, then reinstalled with just the game I am currently playing. And nether AVs have detected anything, so must have been in one of the other game updates.

So perhaps they downloaded something bad for the client?

I depends what antivirus you are using

Originally posted by matke587:

Both my desktop and laptop each running different AVs (Bitdefender antivirus Plus and Kaspersky Total Security, the top two you can buy) both of which have detected the trojan.

So you can tell us the name of the file and the name of the detection.

Its in their history. They did not find "the trojan". What did they find?

Commercial AV software has to prove its value to the customer, so they keep renewing their subscriptions. Thus, it has to find dangerous things, so the customer feels protected.

What this means is that they not only add code to guess whether something might be malware (as in "if it behaves like malware, we assume it's malware") -- but they'll also err on the side of reporting stuff as malware that isn't, rather than missing some actual malware. User is more likely to renew his subscription if he's bombarded with tons of attacks that the AV software has valiantly defeated.

I basically gave up on such software years ago, as it kept reporting cookies and other stuff. Back then, MSE (Microsoft Security Essentials) was the only thing I kept -- being part of Windows and thus not dependent on users renewing their subscriptions, it didn't do rubbish reports just for the sake of reporting something and showing the user that it's active and working. In fact, every once in a (long) while I put the EICAR file on my desktop to see if the Defender still comes up -- since it's not doing false positives, there's really no way to see whether it's actually there, or whether it has decided to silently retire to some nice caribbean island.

The same applies to firewalls; it's been ages ago, but I still remember that stupid firewall popping up a window to tell me that it has blocked an attack... it defeated a dangerous ICMP ECHO REQUEST, commonly known as a "ping". Yes, that was back in the days when my box was directly connected to the Internet...

Originally posted by Kargor:

Commercial AV software has to prove its value to the customer, so they keep renewing their subscriptions. Thus, it has to find dangerous things, so the customer feels protected.

What this means is that they not only add code to guess whether something might be malware (as in "if it behaves like malware, we assume it's malware") -- but they'll also err on the side of reporting stuff as malware that isn't, rather than missing some actual malware. User is more likely to renew his subscription if he's bombarded with tons of attacks that the AV software has valiantly defeated.

I used some of them in timed give aways. Most of the time i removed "features", and when i was done they were like free antivirus anyway.
I dont need them, so i dont pay for them, they only show me i did not need them.

But as you mention this, i got annoyed by their list of what happened. It was full with stuff. While i only wanted to see when actually something important happened.
There was no setting for that.

All the AVs reports in both is "C/ Steam.exe" and there was 3 files they deleted, there is no virus name given. Looks to me like they basically removed the steam launch.exe ( a false positive) hence I had to reinstall Steam on both PCs... That is the first time they have ever flagged something as a full on Trojan attack.

Well it was one way to remove about 560GB of games from my HDD