Jump to content

Detecting Steam Game .EXE's as Trojans


Recommended Posts

Over night ESET seems to now want to class quite of few of the steam game .exe's I've had installed for a while as Win64/Agent.BGH Trojans. I was unaware of any update that could have caused ESET to behave like this and I was wondering if others are having a similar problem.
Some of the game .exe's in question are Beat Saber, Valheim, Vrchat, Risk of Rain 2. etc.

Link to comment
Share on other sites

  • Administrators

It was a false positive. You can either restore the file(s) from quarantine manually yourself or wait a bit and the file(s) will be restored automatically.

Link to comment
Share on other sites

Same issue here, but manually restoring from quarantine doesn't work as the engine instantly re-detects the files as trojans and quaranteens them again. "Restore and exclude from scanning" option is grayed out for each of the files, so that can't be used, either.

Link to comment
Share on other sites

Greetings.

I have a similar situation. Eset started deleting my steam game *.exes.

However the Information text it provided referred to iType.exe trying to access those.

Below is the exported xml

 

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Time">11/04/2022 15:47:32</COLUMN>
      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
      <COLUMN NAME="Object type">file</COLUMN>
      <COLUMN NAME="Object">C:\Games\Steam\steamapps\common\HiddenFolks\Hidden Folks.exe</COLUMN>
      <COLUMN NAME="Detection">Win64/Agent.BGH trojan</COLUMN>
      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
      <COLUMN NAME="User">Rossos</COLUMN>
      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (B9464FBB05B0F74B2B14FFC3F53903051CCC1B47).</COLUMN>
      <COLUMN NAME="Hash">F41D3EF15B10DBAC12AB76EFE8F4F763F9AF8951</COLUMN>
      <COLUMN NAME="First seen here">28/09/2018 19:52:42</COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Time">11/04/2022 15:47:33</COLUMN>
      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
      <COLUMN NAME="Object type">file</COLUMN>
      <COLUMN NAME="Object">C:\Games\Steam\steamapps\common\House Flipper\HouseFlipper.exe</COLUMN>
      <COLUMN NAME="Detection">Win64/Agent.BGH trojan</COLUMN>
      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
      <COLUMN NAME="User">Rossos</COLUMN>
      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (B9464FBB05B0F74B2B14FFC3F53903051CCC1B47).</COLUMN>
      <COLUMN NAME="Hash">2B2BD3D76E9487C3A34E8AB531C878DBC8ED3DFF</COLUMN>
      <COLUMN NAME="First seen here">25/03/2022 17:31:36</COLUMN>
    </RECORD>
 </LOG>
</ESET>

Edit: Upon computer scan another steam exe was detected:

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Log">C:\Games\Steam\steamapps\common\Train Valley 2\TrainValley2.exe - Win64/Agent.BGH trojan - cleaned by deleting [1]</COLUMN>
    </RECORD>
 </LOG>
</ESET>

Please advice.

Edited by Rossos
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...