Malware scan claims trojan in Proton / Wine >

Alle diskussioner > Steam-fora > Help and Tips > Trådoplysninger

geordiejedi 25. juni 2023 kl. 11:54

Hi there guys.

I was wondering if you could help me with an issue that I've just discovered
on my Steam installation

I run Linux as my main OS for my computer.
Occasionally I will used a USB stick with some anti-malware apps on them and scan
my Linux box for any kind of malware (Windows or Linux) or associated issues.

I came across this hit/issue this morning, after running a scan last night.

HEUR:Trojan.Win32.Msb.a @Filesystem[33336756-65dd-e261-038e-7d45410180e1]/[my username]/.steam/debian-installation/steamapps/common/Proton 8.0/dist/lib64/wine/x86_64-windows/mscoree.dll Trojan program MD5:D5A6CC9419D9ED38976A3008BA0ED790 SHA256:495CB7D12B425220BF98D9A191B0DF2FAF82DD07FF44BD32F3940CEFB077B501

Questions:

1. Based up on the information above, should I be worried ?

2. Is this a false positive ?
(The anti-virus / malware app) doesn't appear to like this file

3. Has anyone else had the same or something similar when using Steam on their
Linux box ?

TIA for any help or advice

Useful information:
OS: Linux (Ubuntu 22.04 LTS)
DE: KDE Plasma Version: 5.24.7
Kernel version: 5.19.0-45-generic (64-bit)

Steam version: (Built) May 30 2023 at 20:40:51
Steam package version: 1685488080

Motherboard: Sabertooth 990 FX
CPU: AMD FX(tm)-8150 (8 cores)
RAM: 16 GB
GFX: Nvidea GeForce GT 640
HDD: Samsung Evo SSD (500 GB)

Sidst redigeret af geordiejedi; 25. juni 2023 kl. 12:02

< >

Viser 1-3 af 3 kommentarer

Azure Fang 25. juni 2023 kl. 12:03

1. No
2. Yes

HEUR:Trojan.Win32.Msb.a

That HEUR tag means this was a heuristic detection. Long story short, it's a guess by the scanner that something is potentially malicious based on a vague subset of rules. Proton relies on a number functions that are benign when used properly but CAN be used maliciously, usually memory scanning and injection routines. This is, without a doubt, a false positive.

Crashed 25. juni 2023 kl. 12:34

Oprindeligt skrevet af Azure Fang:
1. No
2. Yes

HEUR:Trojan.Win32.Msb.a
That HEUR tag means this was a heuristic detection. Long story short, it's a guess by the scanner that something is potentially malicious based on a vague subset of rules. Proton relies on a number functions that are benign when used properly but CAN be used maliciously, usually memory scanning and injection routines. This is, without a doubt, a false positive.

Definitely send the file in question to the antivirus provider so they can whitelist it.
mscoree.dll is the runtime for the .NET Framework.

geordiejedi 25. juni 2023 kl. 13:07

@Azure Fang; @Crashed

Fantastic !

You're right, that makes a great deal more sense now
I can't believe that I missed the HEUR tag

Thank you VERY much for your help
It's much appreciated

< >

Viser 1-3 af 3 kommentarer

Per side: 1530 50

Alle diskussioner > Steam-fora > Help and Tips > Trådoplysninger

Dato opslået: 25. juni 2023 kl. 11:54

Indlæg: 3

Start en ny diskussion

Diskussionsregler og retningslinjer

Rapporter dette indlæg