Malware spotted from Steam file :: Steam Discussions

All Discussions > Steam Forums > Steam Discussions > Topic Details

FighterSoldier Nov 29, 2023 @ 4:12pm

Malware spotted from Steam file

I just got a notification from my antivirus that a malware has been spotted from a Steam file. Has anyone else's antivirus spot anything suspicious from Steam too or is it just me?

Edit: It is likely a false positive. My antivirus is Webroot, and I don't know if this is exclusive to Webroot, but it considers that Steam file as a threat.

Last edited by FighterSoldier; Nov 29, 2023 @ 7:28pm

The author of this topic has marked a post as the answer to their question.
Click here to jump to that post.

Originally posted by Kage Goomba:

Well lookie here.
https://www.reddit.com/r/antivirus/comments/186jxp9/webroot_detecting_a_temporary_steam_startup_file/

Looks like its a new thing.
Research shows its a known and frequent target of malware but generally not a threat unless your system is already compromised.

Odds are - its a false positive and webroot fudged up.

If it was a threat - I'm rather confident my package would have stuck a fork in steam already.

Id flag it with webroots folks - and make an exception to ignore it/restore it or you'll risk breaking steam or something.

UNLESS - you do have a problem - one can never be too careful - but odds are in your favor (that being its not a problem)

May want to notify Steam Support as well - they have the weight to give Webroot the evil eye and tell them to "Knock it off"

< >

Showing 1-15 of 51 comments

DarkCrystalMethod Nov 29, 2023 @ 4:15pm

Only a few times in a few foreign games. They were all false alarms though.

Kage Goomba Nov 29, 2023 @ 4:16pm

1: Which antivirus? There's dozens out there - many of which are shoddy/fake/hostile
2: What is the actual malware/message.

Now I'm running a VERY aggressive security suite
Steam is clean as clean as it gets - so pretty sure you have a false positive.

Unless you are modding or using 3rd party software that tampers with your steam client.

FighterSoldier Nov 29, 2023 @ 4:17pm

Originally posted by DarkCrystalMethod:
Only a few times in a few foreign games. They were all false alarms though.

Interesting...

My antivirus said the threat has been removed though so maybe in my case it was a real malware.

Kage Goomba Nov 29, 2023 @ 4:18pm

Originally posted by FighterSoldier:
Originally posted by DarkCrystalMethod:
Only a few times in a few foreign games. They were all false alarms though.

Interesting...

My antivirus said the threat has been removed though so maybe in my case it was a real malware.

You still have yet to identify who/what.
Might help if you fill in the blanks.

FighterSoldier Nov 29, 2023 @ 4:18pm

Originally posted by Kage Goomba:
1: Which antivirus? There's dozens out there - many of which are shoddy/fake/hostile
2: What is the actual malware/message.

Now I'm running a VERY aggressive security suite
Steam is clean as clean as it gets - so pretty sure you have a false positive.

Unless you are modding or using 3rd party software that tampers with your steam client.

1. Webroot Security
2. Don't know exactly, but apparently it's from a Steam file, and now it says threat removed

Kage Goomba Nov 29, 2023 @ 4:21pm

Originally posted by FighterSoldier:
Originally posted by Kage Goomba:
1: Which antivirus? There's dozens out there - many of which are shoddy/fake/hostile
2: What is the actual malware/message.

Now I'm running a VERY aggressive security suite
Steam is clean as clean as it gets - so pretty sure you have a false positive.

Unless you are modding or using 3rd party software that tampers with your steam client.

1. Webroot Security
2. Don't know exactly, but apparently it's from a Steam file, and now it says threat removed

You don't know...... no malware program out there would say you have something without saying what that something is.

It makes it hard to identify if you have a problem or not.
But alas - if steam is still working and your ok - then you can go about your gaming day.

Or you can keep digging - and maybe report to the Devs that they had a false positive - IF that's what that is.

AFAIK Steam hasn't really ever triggered a false positive in ages - but then I I'm running Security suites on Steroids - and they are extremely picky.

Last edited by Kage Goomba; Nov 29, 2023 @ 4:22pm

FighterSoldier Nov 29, 2023 @ 4:23pm

Originally posted by Kage Goomba:
Originally posted by FighterSoldier:

1. Webroot Security
2. Don't know exactly, but apparently it's from a Steam file, and now it says threat removed

You don't know...... no malware program out there would say you have something without saying what that something is.

It makes it hard to identify if you have a problem or not.
But alas - if steam is still working and your ok - then you can go about your gaming day.

Or you can keep digging - and maybe report to the Devs that they had a false positive - IF that's what that is.

Yeah I don't know how to find that removed malware in Webroot, I'm trying to find out exactly what it is.

Aluvard Nov 29, 2023 @ 4:23pm

Originally posted by FighterSoldier:
Originally posted by Kage Goomba:
1: Which antivirus? There's dozens out there - many of which are shoddy/fake/hostile
2: What is the actual malware/message.

Now I'm running a VERY aggressive security suite
Steam is clean as clean as it gets - so pretty sure you have a false positive.

Unless you are modding or using 3rd party software that tampers with your steam client.

1. Webroot Security
2. Don't know exactly, but apparently it's from a Steam file, and now it says threat removed

Strange that it didn't inform you what exactly it is removing and from where nor asked for permission to do it.
My inner cynism says, that it was most likely false positive and done solely to improve statistics.

Last edited by Aluvard; Nov 29, 2023 @ 4:26pm

DarkCrystalMethod Nov 29, 2023 @ 4:24pm

I don't know much about webroot but most good antivirus programs have a log of actions taken. Also perhaps the virus file was "quarantined" (moved to a safe location where it can't do any harm, but it could be restored if you really needed that file... and it should tell you what the original location was)

FighterSoldier Nov 29, 2023 @ 4:25pm

Originally posted by Aluvard:
Originally posted by FighterSoldier:

1. Webroot Security
2. Don't know exactly, but apparently it's from a Steam file, and now it says threat removed
Strange that it didn't inform you what exactly it is removing and from where nor asked for permission to do it.

Yeah I just ran a scan and I guess it got removed during the scan.

#10

Kage Goomba Nov 29, 2023 @ 4:25pm

Originally posted by FighterSoldier:
Originally posted by Kage Goomba:

You don't know...... no malware program out there would say you have something without saying what that something is.

It makes it hard to identify if you have a problem or not.
But alas - if steam is still working and your ok - then you can go about your gaming day.

Or you can keep digging - and maybe report to the Devs that they had a false positive - IF that's what that is.

Yeah I don't know how to find that removed malware in Webroot, I'm trying to find out exactly what it is.

Open Webroot itself - check the systray to do that - most are hiding there (near your windows clock in the corner) - check for preferences/settings - anything that says logs history quarantine jar etc.
Those key words should point you to some kind of record or history as to what it did.

Last edited by Kage Goomba; Nov 29, 2023 @ 4:26pm

#11

Aluvard Nov 29, 2023 @ 4:29pm

Originally posted by Kage Goomba:
1: Which antivirus? There's dozens out there - many of which are shoddy/fake/hostile
2: What is the actual malware/message.

Now I'm running a VERY aggressive security suite
Steam is clean as clean as it gets - so pretty sure you have a false positive.

Unless you are modding or using 3rd party software that tampers with your steam client.

Out of curiosity - what kind of security suite?

#12

DarkCrystalMethod Nov 29, 2023 @ 4:30pm

Originally posted by John wicks pencil🖉:
You mean Zlib1.dll? i got the same as well. apparently its to compress and decompress files on steam maybe.

If it is that file and its part of the windows installation of steam then it "should" come back when you restart steam... perhaps triggering the antivirus again.
I have C:\Program Files (x86)\Steam\zlib1.dll and its 115,048 bytes(properties window of the file). Neither Norton360Premier or SystemMechanicPro is complaining about it.

Last edited by DarkCrystalMethod; Nov 29, 2023 @ 4:32pm

#13

FighterSoldier Nov 29, 2023 @ 4:30pm

Originally posted by Kage Goomba:
Originally posted by FighterSoldier:

Yeah I don't know how to find that removed malware in Webroot, I'm trying to find out exactly what it is.

Open Webroot itself - check the systray to do that - most are hiding there (near your windows clock in the corner) - check for preferences/settings - anything that says logs history quarantine jar etc.
Those key words should point you to some kind of record or history as to what it did.

Tried to check, appears no threat log saved, but I did find the execution history, trying to check there.

Last edited by FighterSoldier; Nov 29, 2023 @ 4:31pm

#14

FighterSoldier Nov 29, 2023 @ 4:33pm

Originally posted by DarkCrystalMethod:
Originally posted by John wicks pencil🖉:
You mean Zlib1.dll? i got the same as well. apparently its to compress and decompress files on steam maybe.
If it is that file and its part of the windows installation of steam then it "should" come back when you restart steam... perhaps triggering the antivirus again.

Yeah I got the notification after the Steam update I think.

#15

< >

Showing 1-15 of 51 comments

Per page: 1530 50

All Discussions > Steam Forums > Steam Discussions > Topic Details

Date Posted: Nov 29, 2023 @ 4:12pm

Posts: 51

Start a New Discussion

Discussions Rules and Guidelines

Report this post