Steam's "GameOverlayRenderer.dll" virus: daisy-2378@31976254

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
1

Hi,

today I ran Steam when it started to update itself (as many times before…), the one difference between this update and the previous was the fact that this time Comodo’s antivirus alert came up with a message that the file C:\Program Files (x86)\Steam\GameOverlayRenderer.dll contains a virus named daisy-2378@31976254
I’m not sure but I think this is false positive, I took it in quarantine temporarily, but I really would like to get an answer if that file has a virus or it is just fake. (I sent it to Comodo already). I must mention that without this file the Steam update could not be finished.

Signature of my AV: 1757

Here’s the virustotal (sign. 1741) result: https://www.virustotal.com/analisis/1c95c7b3c793fd4a9ab3dac8efeca695d9d8bdcd1eed3374526dbab8a2f448a1-1248499098

2

I’ve just seen other user posted probably the same problem. Please move/delete this post if you keep the first one… thx

3

Hi hiker,

Thanks for reporting.We will get back to you after analysis.

Regards,
Vaishnavi.V.K

4

Same thing happened to me too. I would like to know if it was a genuine virus or a false positive.

5

Hi there,

I had this same problem today and it wasnt just in steam games. I got a msg when i first logged into my computer saying this:

http://img16.imageshack.us/img16/8763/virusacb.jpg

Note: i didnt run this program and havent for a very long time.

Then i ran a full scan and got the steam files:

I removed all and i’m about to reboot + run another scan as well.

My virus database signature is 1758.

Thanks,

David.

6

Update:

I switched over to my laptop for a while and after a short while i got another daisy message.

Screenshot here:

http://img24.imageshack.us/img24/5094/morelaptopviruswtf.jpg

I’m scanning the laptop now and so far its found 4 threats… I’ll post more when its done.

Laptops DB version is 1759

7

I scanned my computer again and found this:

http://img11.imageshack.us/img11/1664/virus4.jpg

The laptop scan i was doing showed the following 8 results:

Any news on this? These files all have genuine names for their respective directories.

8

Had to register to report the exact same GameOverlayRenderer.dll virus report (daisy-2378[at]31976254)

9

K i uploaded the file from

http://img11.imageshack.us/img11/1664/virus4.jpg

D:\Program Files (x86)\Atari\AITD\Uninstall\

https://www.virustotal.com/analisis/f4959b2fe4c5f144919f8e9a2f5dfe01e20bab5e26f52e7c62a1e54a40140810-1248519388

Weird it shows heuristic for mcafee?

I assume that because theres no other hits from other dbs that this is indeed a false positive. Its just seems weird that its detecting it from many other applications as well.

10

Hi hiker,

Reported FP has been fixed with DB 1762.Kindly update and confirm.

Regards,

Vaishnavi.V.K

11

I had something similar. Being concerned I scanned my laptop to find 37 hits which I quarantined just to be on the safe side. A scan on my wife’s laptop identified 32 viruses. These I quarantined also.

The viruses reported were…
daisy-2247@31700714
daisy-2375@31976257
Heur.Dual.Extensions
Heur.Dual.Suspicious@25595482

Shortly after quarantining these files nothing happened when we tried to print from on our Dell V305w printer from our laptops. Sure enough a number of the quarantined files were associated with the priter so I decided to reinstall the printer (on the assumption that it was a casuality of a virus infection). But would you believe it, the installation disk was highly infected by daisy-2375@31976257.

So I guess this is a false positive.

12

I’m on 1762 and am still getting virus alerts (reported above) for the installation disk for my printer.

13

Hello,

the database is updated (ATM it’s 1764), the file GameOverlayRenderer.dll is alright now.

Thanks,

h.

14

Virus database signature is now on 1765. No more false alarms with my dell printer. I’m not impressed with this morning’s signature update.