simonsimpleton 0 Posted April 11, 2022 Share Posted April 11, 2022 Over night ESET seems to now want to class quite of few of the steam game .exe's I've had installed for a while as Win64/Agent.BGH Trojans. I was unaware of any update that could have caused ESET to behave like this and I was wondering if others are having a similar problem. Some of the game .exe's in question are Beat Saber, Valheim, Vrchat, Risk of Rain 2. etc. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted April 11, 2022 Administrators Share Posted April 11, 2022 It was a false positive. You can either restore the file(s) from quarantine manually yourself or wait a bit and the file(s) will be restored automatically. simonsimpleton 1 Link to comment Share on other sites More sharing options...
simonsimpleton 0 Posted April 11, 2022 Author Share Posted April 11, 2022 Good to know, I did think it was quite odd. Thank you! ^^ Link to comment Share on other sites More sharing options...
Morogan 0 Posted April 11, 2022 Share Posted April 11, 2022 Same issue here, but manually restoring from quarantine doesn't work as the engine instantly re-detects the files as trojans and quaranteens them again. "Restore and exclude from scanning" option is grayed out for each of the files, so that can't be used, either. Link to comment Share on other sites More sharing options...
Rossos 0 Posted April 11, 2022 Share Posted April 11, 2022 (edited) Greetings. I have a similar situation. Eset started deleting my steam game *.exes. However the Information text it provided referred to iType.exe trying to access those. Below is the exported xml <?xml version="1.0" encoding="utf-8" ?> <ESET> <LOG> <RECORD> <COLUMN NAME="Time">11/04/2022 15:47:32</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Games\Steam\steamapps\common\HiddenFolks\Hidden Folks.exe</COLUMN> <COLUMN NAME="Detection">Win64/Agent.BGH trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">Rossos</COLUMN> <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (B9464FBB05B0F74B2B14FFC3F53903051CCC1B47).</COLUMN> <COLUMN NAME="Hash">F41D3EF15B10DBAC12AB76EFE8F4F763F9AF8951</COLUMN> <COLUMN NAME="First seen here">28/09/2018 19:52:42</COLUMN> </RECORD> <RECORD> <COLUMN NAME="Time">11/04/2022 15:47:33</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Games\Steam\steamapps\common\House Flipper\HouseFlipper.exe</COLUMN> <COLUMN NAME="Detection">Win64/Agent.BGH trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">Rossos</COLUMN> <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (B9464FBB05B0F74B2B14FFC3F53903051CCC1B47).</COLUMN> <COLUMN NAME="Hash">2B2BD3D76E9487C3A34E8AB531C878DBC8ED3DFF</COLUMN> <COLUMN NAME="First seen here">25/03/2022 17:31:36</COLUMN> </RECORD> </LOG> </ESET> Edit: Upon computer scan another steam exe was detected: <?xml version="1.0" encoding="utf-8" ?> <ESET> <LOG> <RECORD> <COLUMN NAME="Log">C:\Games\Steam\steamapps\common\Train Valley 2\TrainValley2.exe - Win64/Agent.BGH trojan - cleaned by deleting [1]</COLUMN> </RECORD> </LOG> </ESET> Please advice. Edited April 11, 2022 by Rossos Link to comment Share on other sites More sharing options...
Recommended Posts