Karlend 1 Posted July 7, 2023 Posted July 7, 2023 Hello everyone. This night i've got an detection in my afterburner folder. Virus called like a "win64/microstar.j", it's marked as potential dangerous. I can't find any info about it on virusradar. After deleting it my afterburner showed an empty screen of program: no temp, fan speed, clock speed and etc. So here no ways to control my GPU. I tried to reinstall the program from officail site, but ESET it keeps detecting this microstar again. What it could be, and how to fix it? Thanks for any help.
Administrators Marcos 5,450 Posted July 8, 2023 Administrators Posted July 8, 2023 It's a detection of a vulnerable driver. If you have the latest driver installed and it's still detected and vulnerable, create a detection exclusion with the path to the file that you want to exclude so that the driver in different locations would still be detected.
itman 1,801 Posted July 8, 2023 Posted July 8, 2023 (edited) The MSI Afterburner drivers issue dates to 2019 and is a serious one. You can read about it here: https://cve.report/qid/377637 . Additionally, these vulnerable drivers have also been used in ransomware attacks: https://www.scmagazine.com/brief/vulnerability-management/msi-driver-vulnerability-leveraged-in-new-blackbyte-attacks . MSI issued an update to Afterburner earlier this year: https://www.msi.com/news/detail/MSI-Releases-Updated-Version-4-6-5-of-Afterburner-141807. I would think they would have issued new drivers to correct this vulnerability. You stated that you did recently update Afterburner to this latest version. I would contact MSI and verify the drivers in the latest version of Afterburner have corrected the vulnerability. If this is confirmed by MSI, it then would be safe to created an Eset detection exclusion for these latest drivers. Edited July 8, 2023 by itman
Most Valued Members Nightowl 206 Posted July 9, 2023 Most Valued Members Posted July 9, 2023 And if you don't look to overclock and play with the GPU , uninstall Afterburner because it's useless.
Karlend 1 Posted July 19, 2023 Author Posted July 19, 2023 On 7/8/2023 at 3:50 PM, Marcos said: It's a detection of a vulnerable driver. If you have the latest driver installed and it's still detected and vulnerable, create a detection exclusion with the path to the file that you want to exclude so that the driver in different locations would still be detected. But is it safe? I mean are you sure that isn't a virus or malware at all, and i can safely exclude it, so nothing will be broken in my PC and here is no ways to other viruses to mess with my system trough this thing?
itman 1,801 Posted July 19, 2023 Posted July 19, 2023 3 hours ago, Karlend said: But is it safe? Do you do as I instructed here: https://forum.eset.com/topic/36898-win64microstar/?do=findComment&comment=168810 ?
Recommended Posts