antivirus detects steam localization files as trojans

全スレッド > Steam 掲示板 > Help and Tips > トピックの詳細

Vaja Vajush 2023年6月8日 9時05分

hello,
Windows Defender found trojans (specifically Trojan:Script/Wacatac.B!ml and Trojan:Script/ObfusScript.A!ml) in this steam path: C:\xy\Steam\steamui\localization\ and then files shared_koreana-json.js, shared_thai-json.js, and shared_vietnamese-json.js

I clicked to "remove" these files in the WD, but i gotta confess, i didnt get any malicious files in a long time and im not exactly sure how that works. Should I do something manually now to be safer or does that count as solved?
And also, the bigger topic on my mind why i decided to write on this forum, how did it get there? is it a false positive? When i googled my exact problem as im writing here i didnt get any answers, and when i googled the specific malware names, i found that those can be the very dangerous malwares people get scammed with, like in emails or when downloading anything, but i swear i did not encounter any suspicious messages nor did i download anything in the recent days (the windows defender notified me 3 hours ago)

このトピックの作成者がこの投稿に質問への回答というマークを付けました。
こちらをクリックすると、その投稿へ移動します。

投稿主: Havok:

shared_koreana-json.js - https://www.virustotal.com/gui/file/c9feabd87f1220e88721bd4df2328049031a0adb99d9f2fcc03cd77fc6d2b55c?nocache=1

shared_thai-json.js - https://www.virustotal.com/gui/file/ef4add00a650ddb3a7036bc30310ee0755eb9b6b00e65606c5252b6578093036?nocache=1

shared_vietnamese-json.js - https://www.virustotal.com/gui/file/feef83316000ce09fe7e6f9e55b9309898d5dc101af5b91d053b95a424beca20?nocache=1

Non Beta Branch

It is not unheard of for AVs to pick them up. Steam, every once in a while, the steam.exe, steamwebhelper.exe and some of its bundled packages get flagged. If you upload your file to VT, then you can see exactly why it was detected.

This being said, 1/60, especially from some of the following (Zillya, Rising, Jiangmin, etc) are most certainly false positives. The only time it may not be, is if you are using the old "arg matey" and not getting your contents directly from steams website. Those 3 in particular are super prone to false positives with steam, and have been for years. So, if its those 3, which are garboware chinese AVs, simply report the files on the steam beta branch discussion forums, and it will get taken care of eventually

< >

1-13 / 13 のコメントを表示

Silent ♋ 2023年6月8日 9時32分

Exactly like me but only detected shared_koreana, are you using the steam beta aswell?

Silent ♋ 2023年6月8日 9時37分

Silent ♋ の投稿を引用：
Exactly like me but only detected shared_koreana, are you using the steam beta aswell?

I believe it is from the steam beta as I just opted out (without cleaning the trojan) and when you opt out steam cleans the files itself and now I dont have the trojan

Vaja Vajush 2023年6月8日 9時46分

Silent ♋ の投稿を引用：
Exactly like me but only detected shared_koreana, are you using the steam beta aswell?

wow, I am also using the beta version! thank you so much!

𝑺𝑷𝑨𝑹𝑻𝑨𝑵 2023年6月8日 9時56分

Good morning,

Could you make a ticket to steam support to get an answer as soon as possible and give the news of the support you have to tell others about your experience?

THANKS.

https://help.steampowered.com/en/wizard/HelpWithSteamIssue?issueid=808
[support]

𝑺𝑷𝑨𝑹𝑻𝑨𝑵 2023年6月8日 9時58分

nullable の投稿を引用：
AV's aren't infallible. Are you aware of the possibility of false positives? https://en.wikipedia.org/wiki/False_positives_and_false_negatives

When your AV finds something you can choose to trust it blindly. But when the AV is flagging something you think may be incorrect, or is flagging something you trust, nothing is stopping you from doing some additional research to confirm or dismiss the result.

After all it's better for an AV to say something is a trojan and be wrong. Than it is to say something isn't a trojan and be wrong.

Valve checks all the data published to it, and the number of legitimate issues of malicious files being served to users is pretty small. So to my mind it's much much more likely Windows Defender is being overly aggressive and conservative in this case. And rather than blindly trusting your AV in all cases, you're free to apply a bit more nuance and skepticism towards it.

I would also say the files you've listed are JSON files. JSON is a common and popular way to structure data to provide interoperability between languages and systems. It's just text and generally just contains data and it's pretty easy to look at the files and see if there's anything besides JSON in there. It's pretty easy to determine if those files contain suspicious code or not.

Even if looking at JSON is above your pay grade since JSON and Javascript are so popular it would be pretty trivial to get some reliable opinions about those files.

Vaja Vajush 2023年6月8日 10時34分

yes, yes! after i switched from the beta version to the regular one, the antivirus is detecting 0 threats, so it indeed was most likely a false positive of the beta version. I did not file a ticket at steam support as i got my help here and it was most likely just the AVs fault for being too agressive. Thank you for the quick and valuable responses, everyone!

Faust the Lizardman 2023年6月8日 11時43分

Got this too.

Windows Security detected:

Trojan:Win32/Phonzy.B!ml in Steam\steamui\localization\shared_vietnamese-json.js
Trojan:Script/Wacatac.B!ml in Steam\steamui\localization\shared_thai-json.js
Trojan:Script/ObfusScript.A!ml in Steam\steamui\localization\shared_koreana-json.js

I was also in Steam Beta so hopefully just a false positive.

最近の変更はFaust the Lizardmanが行いました; 2023年6月8日 11時43分

Timo 2023年6月8日 13時15分

same here

Windows Security detected:
Trojan:Win32/Phonzy.B!ml in Steam\steamui\localization\shared_vietnamese-json.js
Trojan:Script/Wacatac.B!ml in Steam\steamui\localization\shared_thai-json.js
Trojan:Script/ObfusScript.A!ml in Steam\steamui\localization\shared_koreana-json.js

vanni 2023年6月8日 14時41分

Got the same warning from Windows Defender and I’m using the beta client, too.

Found in Steam\steamui\localization\.

Trojan:Script/Wacatac.B!ml:
shared_koreana-json.js
shared_thai-json.js

Trojan:Script/Phonzy.B!ml:
shared_vietnamese-json.js

最近の変更はvanniが行いました; 2023年6月8日 14時42分

magicISO Sweden 2023年6月8日 15時36分

vanni の投稿を引用：
Got the same warning from Windows Defender and I’m using the beta client, too.

Found in Steam\steamui\localization\.

Trojan:Script/Wacatac.B!ml:
shared_koreana-json.js
shared_thai-json.js

Trojan:Script/Phonzy.B!ml:
shared_vietnamese-json.js

false positive

#10

Lithurge 2023年6月9日 3時42分

If they're small enough in size you can upload them to Virustotal which runs them through multiple AV's for peace of mind.

#11

このスレッドの作成者がこの投稿を元のトピックへの回答と指定しました。

Havok 2023年6月9日 5時41分

最近の変更はHavokが行いました; 2023年6月9日 5時41分

#12

BugBear28 2023年6月16日 19時44分

Just updated Talisman today (Jun 16, 2023), and Windows Security (Windows 10) detected -
Trojan:Script/Wacatac.B!ml
in
file: C:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe
Microsoft link at --
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AScript%2FWacatac.B!ml&threatid=2147735503
Any help appreciated

#13

< >

1-13 / 13 のコメントを表示

ページ毎: 1530 50

全スレッド > Steam 掲示板 > Help and Tips > トピックの詳細

投稿日: 2023年6月8日 9時05分

投稿数: 13

新しいスレッドを作成

ルールとガイドライン

この投稿を報告する