Jump to content
Sign in to follow this  
pocketjazzy

2012/10/06 15:57:16 Steam - DETECTION #:\#\Steam\bin\avutil-51.dll Trojan.Fakesig

Recommended Posts

2012/10/06 15:57:16 -0400 ### ### DETECTION #:\#\Steam\bin\avutil-51.dll Trojan.Fakesig QUARANTINE

There is now a thread on the steam forums regarding this issue. There are multiple reports of users encountering this probable false positive. According to some, it is continuously getting re-downloaded by steams auto update feature. So their MBAM logs are getting spammed a bit.

If you need anything else from me, like logs or reports please have an admin email my account email address as I will not be monitoring this thread.

The steam thread is here http://forums.steampowered.com/forums/showthread.php?p=33025932

Thanks,

Pocketjazzy

Share this post


Link to post
Share on other sites
Guest Bugen

More info

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.06.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

xxxxx :: xxxxx-PC [administrator]

Protection: Enabled

10/6/2012 1:28:26 PM

mbam-log-2012-10-06 (13-29-05).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: Registry | File System

Objects scanned: 166134

Time elapsed: 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\Program Files (x86)\Steam\bin\avutil-51.dll (Trojan.Fakesig) -> No action taken. [728bdab2500d75c19740f7d2dc249868]

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files (x86)\Steam\bin\avutil-51.dll (Trojan.Fakesig) -> No action taken. [728bdab2500d75c19740f7d2dc249868]

Here are the 4 files all the same just different detections

C:\Users\****\Desktop\avutil-51 (2).dll (Trojan.Fakesig) -> No action taken. [cd30f59763fac27437a059701be559a7]

C:\Users\****Desktop\avutil-51 (3).dll (Trojan.Fakesig) -> No action taken. [2fce246808552511fbdca029ad5303fd]

C:\Users\****\Desktop\avutil-51 (4).dll (Trojan.Fakesig) -> No action taken. [2ecf612b3924310527b0b217946ca957]

C:\Users\****\Desktop\avutil-51.dll (Trojan.Fakesig) -> No action taken. [b24bd4b8f6673ef8a0373990af5127d9]

virustotal

https://www.virustot...d175a/analysis/

Here are the four files

avutil-51 (4).zip

Share this post


Link to post
Share on other sites

I got 6 hits for the file:

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.06.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Protection: Enabled

10/6/2012 3:52:07 PM

mbam-log-2012-10-06 (16-38-49).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 488855

Time elapsed: 46 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\Program Files (x86)\Steam\avutil-51.dll (Trojan.Fakesig) -> No action taken. [17e60a8293ca999da82f6861a35d629e]

C:\Program Files (x86)\Steam\old\avutil-51.dll.1345594691 (Trojan.Fakesig) -> No action taken. [7b82ff8d4d1020168750408977898779]

C:\Program Files (x86)\Steam\old\avutil-51.dll.1345761927 (Trojan.Fakesig) -> No action taken. [b7461676baa34de9b126567356aa08f8]

C:\Program Files (x86)\Steam\old\avutil-51.dll.1346877015 (Trojan.Fakesig) -> No action taken. [e01d513bd38ae155d9fe5b6e6e927a86]

C:\Program Files (x86)\Steam\old\avutil-51.dll.1347051250 (Trojan.Fakesig) -> No action taken. [ef0e0a82aeafbc7a37a0f6d344bc21df]

C:\Program Files (x86)\Steam\old\avutil-51.dll.1349310303 (Trojan.Fakesig) -> No action taken. [5e9face0c19ccf67a03726a31fe1ce32]

(end)

Share this post


Link to post
Share on other sites

I got the same. I hope this gets fixed soon. It looks like Malwarebytes is not the only that attacking the same bin folder. Avast is attacking it too.

Share this post


Link to post
Share on other sites

Your quite welcome. If this ever happens again please feel free to let us know in this forum asap. We aim to fix these as fast as possible.

Share this post


Link to post
Share on other sites

mcgpas.jpg

I do not think it's a false positive because after uninstalling steam, did a full scan with malwarebytes and the file was moved to another folder.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.