Malicious code detected in Steam.

Today when I was going to log in to Steam I got a warning from CIS that a keylogger was detected. I chosed to clean it and it put it into quarantine displaying this result:

Worm.Win32.KeyLogger.AutoRun.AE@284569245 in the file “Steam.exe”. (I assume everyone knows what Steam is).

I tried to submit the file online but all I got was a bunch of checksums and a link that doesn’t work when you click on it. Also the page looks like it keeps reloading itself.

I restored the quarantined file and scanned it manually but than it didn’t find anything. How does the cleaning process works exactly? Does CIS quarantine the file and then clean out the malicious code in it? If so then it makes sense if nothing is found if scanned again after it has been restored. If not, then the cleaning process doesn’t make any sense.

Also when I booted the computer in failsafe mode and scanned the hard drive CIS found another threat in the game called “Counter-Strike Nexon: Zombies” displayed as Trojware.Win32.Kryptik.ISNQ@358253279 in the file “ehsvc.dl-”. This file is part of a kind of antihacker software that gets installed when you install Counter-Strike Nexon: Zombies.

A couple of days a go the game had an emergency update according to the announcement on Steam which caused a lot of problems for people. So maybe there were something phishy going on.

Also Steam itself is not recoqnized as trustworthy software by UAC, so it would be very nice if Comodo could take a good look at this software. Everything about Steam smells as spyware to me.

I got 4 quarantined files but there is no way to tell which file is what because they’re only displayed with a bunch of numbers. Also I don’t know if quarantining removes the malicious code. If so then there would be no point in uploading it. I guess I would have to upload it then before I clean it or whatever. Someone explain this to me, please.


Please submit the samples to following link, so we can check them.

Kind Regards,
Erik M.

I tried to download and install this game again from Steam and this time I got an alert about a trojan detected as “TrojWare.Win32.Kryptik.ISNQ@358253279” located in the game file “cstrike-online.exe” The file was quarantined and I’ve just sent it for analyses to Comodo.

Please upload the file to Virus Total and leave the url of the Virus Total report here. That way Comodo can check the file.

I got an email where I was told it was a false positive and that it would be fixed with the latest antivirus update. I downloaded the update and tried to start the game but I still got a warning. So it hasn’t been fixed.

I did what you suggested and uploaded the file to Virus Total and got this result:

I suppose green means it’s all good, right? But please actually fix the false positive with the next antivirus update.

Hello AntiCode,

The sample you have provided is not detected by CIS version with database version 23401.

Best regards,