Virus Found.

carlos726811

Bright Spark
Virus Found. I Don't go on any Websites i don't know. But i have noticed i only get the virus from watching twitch streams. could this be a false positive. what would next step be. Wipe windows etc and start from scratch or will it be fine.

Case
CORSAIR iCUE 5000X RGB MID TOWER GAMING CASE
Promotional Item
Get a discount code for 20% off select peripherals at Corsair.com
down_right_arrow.gif
Promotional Code
down_right_arrow.gif
Terms & Conditions
Processor (CPU)
AMD Ryzen 7 7800X3D Eight Core CPU (4.2GHz-5.0GHz/104MB w/3D V-CACHE/AM5)
Motherboard
ASUS® ROG STRIX X670E-A GAMING WIFI (AM5, DDR5, PCIe 5.0, Wi-Fi 6E)
Memory (RAM)
32GB Corsair VENGEANCE DDR5 6000MHz (2 x 16GB)
Graphics Card
24GB NVIDIA GEFORCE RTX 4090 - HDMI, DP
Graphics Card Support Bracket
NONE (BRACKET INCLUDED AS STANDARD ON 4070 Ti / RX 7700 XT AND ABOVE)
1st M.2 SSD Drive
1TB SOLIDIGM P44 PRO GEN 4 M.2 NVMe PCIe SSD (up to 7000MB/sR, 6500MB/sW)
2nd M.2 SSD Drive
2TB SOLIDIGM P44 PRO GEN 4 M.2 NVMe PCIe SSD (up to 7000MB/sR, 6500MB/sW)
DVD/BLU-RAY Drive
NOT REQUIRED
Power Supply
CORSAIR 1200W RMx SHIFT SERIES™ MODULAR 80 PLUS GOLD, ULTRA QUIET
Power Cable
1 x 1.5 Metre UK Power Cable (Kettle Lead, 1.0mm Core)
Processor Cooling
CORSAIR iCUE H150i ELITE LCD XT RGB CPU Cooler
down_right_arrow.gif
Change to: CORSAIR ICUE LINK H150i RGB HIGH PERFORMANCE CPU COOLER
Thermal Paste
STANDARD THERMAL PASTE FOR SUFFICIENT COOLING
Sound Card
ONBOARD 6 CHANNEL (5.1) HIGH DEF AUDIO (AS STANDARD)
Network Card
ONBOARD 2.5Gbe LAN PORT
Wireless Network Card
NOT REQUIRED
USB/Thunderbolt Options
MIN. 2 x USB 3.0 & 2 x USB 2.0 PORTS @ BACK PANEL + MIN. 2 FRONT PORTS
Operating System
Windows 11 Home 64 Bit - inc. Single Licence
down_right_arrow.gif

Operating System Language
United Kingdom - English Language
Windows Recovery Media
Windows 10/11 Multi-Language Recovery Image - Unlimited Downloads from Online Account
Office Software
FREE 30 Day Trial of Microsoft 365® (Operating System Required)
Anti-Virus
NO ANTI-VIRUS SOFTWARE
Browser
Microsoft® Edge
Warranty
3 Year Platinum Warranty (3 Year Collect & Return, 3 Year Parts, 3 Year labour)
Delivery
STANDARD INSURED DELIVERY TO UK MAINLAND (MON-FRI)
Build Time
 

Attachments

  • Untitled.jpg
    Untitled.jpg
    141.3 KB · Views: 35

SpyderTracks

We love you Ukraine
Virus Found. I Don't go on any Websites i don't know. But i have noticed i only get the virus from watching twitch streams. could this be a false positive. what would next step be. Wipe windows etc and start from scratch or will it be fine.

Case
CORSAIR iCUE 5000X RGB MID TOWER GAMING CASE
Promotional Item
Get a discount code for 20% off select peripherals at Corsair.com
down_right_arrow.gif
Promotional Code
down_right_arrow.gif
Terms & Conditions
Processor (CPU)
AMD Ryzen 7 7800X3D Eight Core CPU (4.2GHz-5.0GHz/104MB w/3D V-CACHE/AM5)
Motherboard
ASUS® ROG STRIX X670E-A GAMING WIFI (AM5, DDR5, PCIe 5.0, Wi-Fi 6E)
Memory (RAM)
32GB Corsair VENGEANCE DDR5 6000MHz (2 x 16GB)
Graphics Card
24GB NVIDIA GEFORCE RTX 4090 - HDMI, DP
Graphics Card Support Bracket
NONE (BRACKET INCLUDED AS STANDARD ON 4070 Ti / RX 7700 XT AND ABOVE)
1st M.2 SSD Drive
1TB SOLIDIGM P44 PRO GEN 4 M.2 NVMe PCIe SSD (up to 7000MB/sR, 6500MB/sW)
2nd M.2 SSD Drive
2TB SOLIDIGM P44 PRO GEN 4 M.2 NVMe PCIe SSD (up to 7000MB/sR, 6500MB/sW)
DVD/BLU-RAY Drive
NOT REQUIRED
Power Supply
CORSAIR 1200W RMx SHIFT SERIES™ MODULAR 80 PLUS GOLD, ULTRA QUIET
Power Cable
1 x 1.5 Metre UK Power Cable (Kettle Lead, 1.0mm Core)
Processor Cooling
CORSAIR iCUE H150i ELITE LCD XT RGB CPU Cooler
down_right_arrow.gif
Change to: CORSAIR ICUE LINK H150i RGB HIGH PERFORMANCE CPU COOLER
Thermal Paste
STANDARD THERMAL PASTE FOR SUFFICIENT COOLING
Sound Card
ONBOARD 6 CHANNEL (5.1) HIGH DEF AUDIO (AS STANDARD)
Network Card
ONBOARD 2.5Gbe LAN PORT
Wireless Network Card
NOT REQUIRED
USB/Thunderbolt Options
MIN. 2 x USB 3.0 & 2 x USB 2.0 PORTS @ BACK PANEL + MIN. 2 FRONT PORTS
Operating System
Windows 11 Home 64 Bit - inc. Single Licence
down_right_arrow.gif

Operating System Language
United Kingdom - English Language
Windows Recovery Media
Windows 10/11 Multi-Language Recovery Image - Unlimited Downloads from Online Account
Office Software
FREE 30 Day Trial of Microsoft 365® (Operating System Required)
Anti-Virus
NO ANTI-VIRUS SOFTWARE
Browser
Microsoft® Edge
Warranty
3 Year Platinum Warranty (3 Year Collect & Return, 3 Year Parts, 3 Year labour)
Delivery
STANDARD INSURED DELIVERY TO UK MAINLAND (MON-FRI)
Build Time
Twitch / Discord etc are all exactly the same as any web link with regards to viruses, they transport them in exactly the same way.

Even known websites can be compromised, hackers can gain control of a page, change the embedded files or links to dangerous ones, this is why antivirus is so important.

The suspect file is a gzip which is a linux based archive, obviously with an embedded .exe file within.

You don't even need to click on something on Twitch as it's a moving image, the code behind that can automatically execute it as soon as you start watching.

Whatever that channel is, you need to report it.

I would action that and fully delete the files, but defender has done it's job and prevented any execution, so you're safe to continue IMHO

I would run a full system scan just in case.
 

carlos726811

Bright Spark
Twitch / Discord etc are all exactly the same as any web link with regards to viruses, they transport them in exactly the same way.

Even known websites can be compromised, hackers can gain control of a page, change the embedded files or links to dangerous ones, this is why antivirus is so important.

The suspect file is a gzip which is a linux based archive, obviously with an embedded .exe file within.

You don't even need to click on something on Twitch as it's a moving image, the code behind that can automatically execute it as soon as you start watching.

Whatever that channel is, you need to report it.

I would action that and fully delete the files, but defender has done it's job and prevented any execution, so you're safe to continue IMHO

I would run a full system scan just in case.
When i dont have twitch open, i do a scan. no virus found. Soon as i load twitch and do another scan. It finds the same virus. No matter which channel i watch, I always get the same virus.
Also, The issue only started after the latest windows update. I used mum Laptop before we updated window, when i had twitch open on laptop and did a scan. no virus found. I updated windows on laptop. opened twitch, did a scan, virus found.
 

SpyderTracks

We love you Ukraine
When i dont have twitch open, i do a scan. no virus found. Soon as i load twitch and do another scan. It finds the same virus. No matter which channel i watch, I always get the same virus.
Also, The issue only started after the latest windows update. I used mum Laptop before we updated window, when i had twitch open on laptop and did a scan. no virus found. I updated windows on laptop. opened twitch, did a scan, virus found.
Could be a false positive, but I’d treat it as malicious never the less. It may be because it’s packed in a gzip archive.

You can upload it to Microsoft for analysis and then they can update defender

 

FigmentOfYourImagination

Gold Level Poster
That one was a false positive...there have been many reports of this one happening and, as of today, Defender is no longer flagging anything suspicious from Twitch.

There's something strange going on with Defender currently as, whilst the Twitch one has gone, a scan run this morning is now flagging up the same Trojan with the OBS folder on my PC.
 

SpyderTracks

We love you Ukraine
That one was a false positive...there have been many reports of this one happening and, as of today, Defender is no longer flagging anything suspicious from Twitch.

There's something strange going on with Defender currently as, whilst the Twitch one has gone, a scan run this morning is now flagging up the same Trojan with the OBS folder on my PC.
Microsoft in general have massively dropped the ball this year, if you check their reliability in Azure / Windows / Office with updates applied this year it's been absolutely attrocious, basically since they've implemented Copliot into everything it just broke things at a platform level.

That's why most enterprises and end users are spending an awful lot of time investigating alternatives to Microsoft. They're sinking at an extremely fast rate
 
Last edited:

carlos726811

Bright Spark
Am on phone to PCs as we speak trying to do fresh install. Got bsod. We can't get past the Internet phase where it looking to connect Internet
 

carlos726811

Bright Spark
Woooow. Finally up and running. Over 3 hours on phone and the lad who helped was really helpful.. Wouldn't even let me connect to Internet. All drivers had been wiped. Couldn't make progress with clean install.. But the chap finally sorted it for me
 

SpyderTracks

We love you Ukraine
Woooow. Finally up and running. Over 3 hours on phone and the lad who helped was really helpful.. Wouldn't even let me connect to Internet. All drivers had been wiped. Couldn't make progress with clean install.. But the chap finally sorted it for me
Drivers being wiped is entirely expected, that's what a clean install is, it completely wipes everything

How come you clean installed in the first place?
 

carlos726811

Bright Spark
Drivers being wiped is entirely expected, that's what a clean install is, it completely wipes everything

How come you clean installed in the first place?
Put PC on this morning. checking emails and got BSOD.. Then nothing wouldn't work. So i installed windows 11 media creation tool to usb. incase i had to do a fresh install.. But when pc came back on. loaded up in bios. but was only showing 2nd. So phoned PCspecialist up. they was helping me, adviced me to do a full clean
Anyway. When we was doing a fresh install. It came up with. Lets connect you to a network, Next box was all greyed out and couldn't connect.
Wasnt picking up internet via ethernet or wifi.
So i had to go on asus website to download the LAN driver for my motherboard and install on to same usb as the media creation. But as stated. all sorted now.
 

carlos726811

Bright Spark
Bloke who helped me also told me to do fresh install. as when he did remote assist he couldnt load windows defender up.. was telling him to sign in all time. he did scannow in cmd and files and stuff bugged.. He tried looking a minidumps but files and folder was missing, when i told him about the virus, he said its sounds like microsoft issue, that when he told me to do fresh install for security....
 

SpyderTracks

We love you Ukraine
Bloke who helped me also told me to do fresh install. as when he did remote assist he couldnt load windows defender up.. was telling him to sign in all time. he did scannow in cmd and files and stuff bugged.. He tried looking a minidumps but files and folder was missing, when i told him about the virus, he said its sounds like microsoft issue, that when he told me to do fresh install for security....
That makes sense, did sound like something was a bit corrupted somewhere.

It's worth doing a clean install annually on each major windows revision (24/H2 is the latest windows version released in September), that will avoid a lot of these issues. Often major updates can cause loads of issues if they're not clean installed and even if it does all go smoothly, you'll gradually lose performance due to windows getting clogged up if it's not clean installed every so often.

Enthusiasts would say clean install annually with each major windows version. Others may say every 2 years.
 

Matxer

Member
Clean install Windows every year ?? That would take a lot of time. Restore all data, reinstall all appls, configure everything...

I haven't heard of a single company doing that.

As a gamer, I have had Windows PCs run well after 5 to 7 years, until some hardware piece dies.
 

SpyderTracks

We love you Ukraine
I haven't heard of a single company doing that.
Ur, we're not talking about company machines, that's a completely different things, the registry is massively controlled by group policy on a domain which is entirely different to a home use computer.

Talking about high performance machines, like gaming or rendering.

You certainly don't NEED to, we're coming from the perspective that this is a community for people looking for best performance, gamers tend to pay a premium for those extra few frames, so keeping a clean OS that can do that for free seems a no brainer.

As a gamer, I have had Windows PCs run well after 5 to 7 years, until some hardware piece dies.
That's wonderful, but you just don't realise how much more performance is available in your system that you're missing out on.

This is general best practice and has been since early windows days






Clean install Windows every year ?? That would take a lot of time. Restore all data, reinstall all appls, configure everything...
I'm afraid this is because you're not doing it properly. These days any data will be on a dedicated drive, so clean install only affects the OS and programs.

With Programs, the configuration layer has been separated from the application layer for quite a long time now, so unless you're on severely outdated software, it should simply be a case of reinstalling the app and restoring the configuration directory from your storage drive. On an awful lot of applications these days, you can actually move the configuration profile to another drive for exactly this reason, so you simply install the app, change the configuration profile location in settings to your data drive, and that's it, application exactly as it was the last time you used it.

OS settings are now backed up in your microsoft profile, so that's done automatically when you sign in with your microsoft account.

If it's taking you any longer than about 30 minutes to do a clean install, it's likely because you're still doing things the old way before Windows 8 came along.

A new method of hosting applications that I've just been introduced to in containers means that you never have to even reinstall the application, you just link back to that container. So now I'm containerising everything, and simply move my container directory over to a new system, or reinstall the container host if I've done a clean install, and that automatically links to my container library.

Never have to worry about configuring or installing again.
 
Last edited:

SpyderTracks

We love you Ukraine
1 of your links mentions the Reset feature of Windows (11). Is this a good way to reinstall Windows ?
No, that will simply reset the existing install, doesn’t actually reinstall anything.

Clean install is the only proper install method
 

SpyderTracks

We love you Ukraine
Oh for goodness sake @SpyderTracks, now I'm going to have to reinstall Windows at the weekend after reading those links! :ROFLMAO:

I've definitely been one of those 'I'll do it later' types with this, but it's time.
Just do due diligence before reinstalling, make sure you back up any config sources, an awful lot these days are in the standard windows user profile in c:/Users/Username/

Just copy those into your data directory so it's off the OS drive.
If you've got any programs that support it check in the settings to see if the config profile can be moved to another location, even if you don't do that at this time, once you've reinstalled it's worth doing then so that in the future, you don't need to touch that config profile and you know it's always backed up off the OS drive

Getting set up initially takes a little time and effort, you'll need to google for each program.

But then, once you've got all that sorted, moving forwards it's an absolute breeze

And if you want to get really nerdy, check out this thread for installing apps, you can script it so that it's completely automated, then all you need to do anytime you reinstall is simply run that script


The problem with stuff like this is that the initial research into getting it first set up can take quite a bit of effort, but in the long term it's such a benefit. It's weather or not that effort is worth it.

The WinGet stuff is only really worthwhile if you've got masses of stuff installed.
 
Top