Jump to content

Detecting Steam Game .EXE's as Trojans


Recommended Posts

Over night ESET seems to now want to class quite of few of the steam game .exe's I've had installed for a while as Win64/Agent.BGH Trojans. I was unaware of any update that could have caused ESET to behave like this and I was wondering if others are having a similar problem.
Some of the game .exe's in question are Beat Saber, Valheim, Vrchat, Risk of Rain 2. etc.

Link to comment
Share on other sites

Same issue here, but manually restoring from quarantine doesn't work as the engine instantly re-detects the files as trojans and quaranteens them again. "Restore and exclude from scanning" option is grayed out for each of the files, so that can't be used, either.

Link to comment
Share on other sites

Greetings.

I have a similar situation. Eset started deleting my steam game *.exes.

However the Information text it provided referred to iType.exe trying to access those.

Below is the exported xml

 

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Time">11/04/2022 15:47:32</COLUMN>
      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
      <COLUMN NAME="Object type">file</COLUMN>
      <COLUMN NAME="Object">C:\Games\Steam\steamapps\common\HiddenFolks\Hidden Folks.exe</COLUMN>
      <COLUMN NAME="Detection">Win64/Agent.BGH trojan</COLUMN>
      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
      <COLUMN NAME="User">Rossos</COLUMN>
      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (B9464FBB05B0F74B2B14FFC3F53903051CCC1B47).</COLUMN>
      <COLUMN NAME="Hash">F41D3EF15B10DBAC12AB76EFE8F4F763F9AF8951</COLUMN>
      <COLUMN NAME="First seen here">28/09/2018 19:52:42</COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Time">11/04/2022 15:47:33</COLUMN>
      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
      <COLUMN NAME="Object type">file</COLUMN>
      <COLUMN NAME="Object">C:\Games\Steam\steamapps\common\House Flipper\HouseFlipper.exe</COLUMN>
      <COLUMN NAME="Detection">Win64/Agent.BGH trojan</COLUMN>
      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
      <COLUMN NAME="User">Rossos</COLUMN>
      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (B9464FBB05B0F74B2B14FFC3F53903051CCC1B47).</COLUMN>
      <COLUMN NAME="Hash">2B2BD3D76E9487C3A34E8AB531C878DBC8ED3DFF</COLUMN>
      <COLUMN NAME="First seen here">25/03/2022 17:31:36</COLUMN>
    </RECORD>
 </LOG>
</ESET>

Edit: Upon computer scan another steam exe was detected:

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Log">C:\Games\Steam\steamapps\common\Train Valley 2\TrainValley2.exe - Win64/Agent.BGH trojan - cleaned by deleting [1]</COLUMN>
    </RECORD>
 </LOG>
</ESET>

Please advice.

Edited by Rossos
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...