Jump to content
ALilDashofConfused

Suspected False Positive - Steam.exe Ransomware

Recommended Posts

Hi,

Whilst recently playing a game on Steam (Dead By Daylight being the game in question), I accepted an invite from a friend and joined a full game. Upon joining the full game lobby, a Malwarebytes Ransomware protection box was thrown up with Steam.exe as the executable. The log itself comes up as a 'Website Blocked' log, and strangely does not have a domain attached to it - the box is listed as N/A. I can export & attach if you need to see it.

I have not been able to replicate this problem with any other lobbies and invite sessions as of yet, so I suspect it was just a bit wary of the host I was connected to, given that it's a peer-to-peer game and all.

I've run a full scan of the drive where my Steam folders are located, and scanned the Steam.exe file separately, with zero results found - and then run a separate scan of my SSD just to be certain and no results have been found. I've checked the Steam.exe executable file, which was accessed at 17:42PM BST, which was the time of being 'blocked' (I'm assuming it comes up as 'accessed' at that time because of the blocking process), and once again at 17:50 BST, which would've been when I was part-way through my scan.

I'll keep on going and see if I can replicate this.

I look forward to any response you might be able to provide.

Cheers.

Share this post


Link to post
Share on other sites
14 hours ago, shadowwar said:

Can you zip and attach the steam.exe here please.

Hi,

Please see the attached file: Steam.zip

The file itself hasn't been modified since September 8th this year, which was probably just one of the many updates they do.

I've done another quick scan on the file and it's produced no threats found. I've since re-launched Steam a few times and restarted my system, none of which have caused anything to trigger hence why I think it's just a false positive flag from the game itself being peer-to-peer rather than dedicated servers (which might explain why it's the Steam.exe file coming up instead of the game's file...? I have no idea)

I also haven't yet been able to replicate this warning doing anything else as of yet.

Share this post


Link to post
Share on other sites

This should no longer be detected. This was a behavioural detection so a normal scan will not pick it up. It has to run and perform behaviours similiar to ransomware to be detected.

 

This shouldnt of been detected though anyways so we are a little puzzled. Would you mind zipping and attaching the mbamservice.log that is located here:

C:\ProgramData\Malwarebytes\MBAMService\LOGS

so we can see what may have happened?

 

Edited by shadowwar

Share this post


Link to post
Share on other sites
18 minutes ago, shadowwar said:

This should no longer be detected. This was a behavioural detection so a normal scan will not pick it up. It has to run and perform behaviours similiar to ransomware to be detected.

 

This shouldnt of been detected though anyways so we are a little puzzled. Would you mind zipping and attaching the mbamservice.log that is located here:

C:\ProgramData\Malwarebytes\MBAMService\LOGS

so we can see what may have happened?

 

Hi,

Is this what you're looking for? MBAMSERVICE.zip

Share this post


Link to post
Share on other sites

Thanks. The only thing we see in the log is a website block though related to steam.exe. There is no evidence on a ransomware detection. Strange.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.