Today when I was going to log in to Steam I got a warning from CIS that a keylogger was detected. I chosed to clean it and it put it into quarantine displaying this result:
Worm.Win32.KeyLogger.AutoRun.AE@284569245 in the file “Steam.exe”. (I assume everyone knows what Steam is).
I tried to submit the file online but all I got was a bunch of checksums and a link that doesn’t work when you click on it. Also the page looks like it keeps reloading itself.
I restored the quarantined file and scanned it manually but than it didn’t find anything. How does the cleaning process works exactly? Does CIS quarantine the file and then clean out the malicious code in it? If so then it makes sense if nothing is found if scanned again after it has been restored. If not, then the cleaning process doesn’t make any sense.
Also when I booted the computer in failsafe mode and scanned the hard drive CIS found another threat in the game called “Counter-Strike Nexon: Zombies” displayed as Trojware.Win32.Kryptik.ISNQ@358253279 in the file “ehsvc.dl-”. This file is part of a kind of antihacker software that gets installed when you install Counter-Strike Nexon: Zombies.
A couple of days a go the game had an emergency update according to the announcement on Steam which caused a lot of problems for people. So maybe there were something phishy going on.
Also Steam itself is not recoqnized as trustworthy software by UAC, so it would be very nice if Comodo could take a good look at this software. Everything about Steam smells as spyware to me.
I got 4 quarantined files but there is no way to tell which file is what because they’re only displayed with a bunch of numbers. Also I don’t know if quarantining removes the malicious code. If so then there would be no point in uploading it. I guess I would have to upload it then before I clean it or whatever. Someone explain this to me, please.