If my above theory is correct, it's almost impossible to determine what injected steam.exe memory since Eset didn't detect that activity. Augur stopped the modification while in-process which would account for the binary zeros you observed in the EventEditor.exe copy in Eset quarrantine, This "smells" like malware process hollowing activity which in stage one, clears a portion of process memory while its in a suspended execution state, and then injects the malware code in the previously cleared memory space. However, it could be that something injected stream.exe memory while executing and that something is what attempted to modify the EventEditor.exe download. Now I checked the hash shown for steam.exe at VT and its clean. Notice the activity flagged was steam.exe modifying EventEditor.exe. Refer back to the Eset Detection log entry. What Eset needs to do is repeat the whole Steam download process in a sand-boxed/vitual environment and determine if this activity is malicious Also, given the "flakey" things Steam does, it remains to be determined if the above activity is actually malicious. In this instance however, the modified process wasn't executed but rather, would've been saved to disk. I since deleted the game, and just this morning tried re-downloading.Īny help would be desperately appreciated. Does this mean that Steam has become infected and is serving malicious files via downloaded games? The log language seems to indicate that Steam was trying to maliciously modify a file.Īnother thing that worries me is that I've downloaded this game before, months ago. I'm currently running a full system scan, but I find this highly concerning. I have since submitted the file for analysis via the quarantine pane of ESET. 7:33:17 AM Real-time file system protection file D:\Steam\steamapps\downloading\637090\BattleTech_Data\StreamingAssets\editors\EventEditor.exe ML/Augur trojan cleaned by deleting Event occurred on a file modified by the application: D:\Steam\steam.exe (C821F111DE338D589627899951E39620F22E4BA9). Time Scanner Object type Object Detection Action User Information Hash First seen here When I check the detection log, I see the following: I wasn't able to screenshot it before the notice faded away, but It tagged a file EventEditor.Exe as a malicious trojan ML/Augur. While the game was installing, ESET popped up a detection warning on one of the files, as it was being downloaded by Steam. I was downloading the game via Steam directly, rather than any direct link download. This morning I was downloading BattleTech, a game made by Harebrained Schemes studio and published by Paradox Interactive.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |