PDA

View Full Version : Steam have trojans?


Eriikok
10-12-2010, 07:58 AM
Hi, when i started steam today i got a message that said that Norman had found a trojan in C:Program files\...\GameOverlayRenderer.dll with the name "W32/Malware.OHZZ".

WTF!? 1. Steam have trojans. 2. Its Norman who got this wrong.

I think and hope its number 2, and I hope someone clouud explain this to me, fix it or something like that.

And BTW, i cant open steam overlay when im in game, and when i tried to restart steam it started to update. When update was finished the Norman message came again (Epic rime). I tried several times.

Maledict21
10-12-2010, 08:04 AM
Hi, when i started steam today i got a message that said that Norman had found a trojan in C:Program files\...\GameOverlayRenderer.dll with the name "W32/Malware.OHZZ".

WTF!? 1. Steam have trojans. 2. Its Norman who got this wrong.


The detection is a false positive due to the way the overlay works. You should be able to safely ignore it.


And BTW, i cant open steam overlay when im in game, and when i tried to restart steam it started to update. When update was finished the Norman message came again (Epic rime). I tried several times.

Have you looked through this Support article? This could also be due to your anti-virus blocking the overlay (from the false positive).

Steam Community Overlay does not Activate (https://support.steampowered.com/kb_article.php?ref=9394-YOFV-0014)

Eriikok
10-12-2010, 08:06 AM
Fair enough, but how do i make so that Norman does not put the file in quarantine?

Gone'Postal
10-12-2010, 08:09 AM
Fair enough, but how do i make so that Norman does not put the file in quarantine?

Add the steam dir to an exclusion list.

I don't use Norman, so you might have to look over the program or it's support pages.

UnSaveDWisitor
10-12-2010, 12:01 PM
Hi,i have same problem when i start Steam comes trojan W32/Malware.
OHZZ(i have 2 before that:W32/Malware.NUED and OEVF).Norman find those trojans and put it to guarantine but Avast did not find it.
Shut down Norman virus search and load Steam after that use Norman to destroy trojan in Steam Folder.There is trojan in System Volume Information,too.

Killerwatt
10-12-2010, 01:56 PM
Pretty straightforward how to manually check the cleanness of Steam executables, since they are all digitally signed.

1. Browse to the file in question. (In this case: C:\Program files\Steam\GameOverlayRenderer.dll)
2. Right click on it and select Properties. OR simply press ALT+ENTER on the file.
3. Go to the Digital Signatures tab. (If you don't see this tab, then your file is either not an executable, or it is infected/corrupted/hacked/etc., so the check failed.)
4. Press the Details button. A new panel comes up.
5. The first lines on this screen should read: "Digital Signature Information / This digital signature is OK." - If you don't see this, then your file is infected/corrupted/yadayada...
But if you DO see the above lines, then your file is 100% intact and NOT infected (or corrupted, etc.), regardless what antiviruses say, since the smallest change in the file breaks the digital signature.

UnSaveDWisitor
10-12-2010, 11:48 PM
Killerwatt thanks for information.I send this W32/Malware.OHZZ to Normans
Sandbox online analyzer:NO Virus,no malware it is MD5 hash and they can not
guarantee that it is harmless.

UnSaveDWisitor
10-14-2010, 12:52 AM
I find program GameOverlayRenderer Remover.I download it and now programs name is Instant Spyware Remover v6.4.0,i run this program in my Pc and it found one critical file from c:\windows\system32\drivers\atihdmi.sys.I removed ATIHDMI.sys file and now i donīt have any Malvare or Trojan problems with STEAM.(and i update my ATI driver via STEAM).

Gentle
10-14-2010, 11:00 AM
STOP!

You are using a program from somewhere to remove a part of what appears to be your video card driver.

You are probably opening yourself to being keylogged or something.

If you have a problem with the GameOverlayRenderer... TALK TO STEAM SUPPORT by using a Steam Support account.

I am not kidding about this.

Gentle

P.S. I think you should have been worried when you downloaded "GameOverlayRenderer Remover" and it changed names to "Instant Spyware Remover v6.4.0". Then instead of removing GameOverlayRenderer, it removes ATIHDMI.sys which is part of your ATI video card drivers.

Killerwatt
10-14-2010, 12:55 PM
I find program GameOverlayRenderer Remover.I download it and now programs name is Instant Spyware Remover v6.4.0,i run this program in my Pc and it found one critical file from c:\windows\system32\drivers\atihdmi.sys.I removed ATIHDMI.sys file and now i donīt have any Malvare or Trojan problems with STEAM.(and i update my ATI driver via STEAM).

Most likely NOW you downloaded malicious software. You can find millions of "spyware removers" on the net, that are actually fake security softwares, trying to either infect your computer, or make you pay for a "full" version -- which are also fake.
I guess you made a search term to GameOverlayRenderer on an already questionable search site, which on the fly generated this antispyware result for you to make you download it. I don't understand why don't you use time-proven and known softwares like F-Secure, Kaspersky, Norton, AdAware, Spybot. Or if you are short on cash, you can still use the free Avast, AVG or MS Security Essentials.

Easton Dark
10-14-2010, 01:02 PM
I find program GameOverlayRenderer Remover.I download it and now programs name is Instant Spyware Remover v6.4.0,i run this program in my Pc and it found one critical file from c:\windows\system32\drivers\atihdmi.sys.I removed ATIHDMI.sys file and now i donīt have any Malvare or Trojan problems with STEAM.(and i update my ATI driver via STEAM).

Wow buddy.

Wrong move. You are doing terrible things to your computer.

UnSaveDWisitor
10-14-2010, 01:14 PM
Hi,i use that program then i delete it and after that i run Norman full scan,Now my pc is clean and everything is working.I buy and start using HDMI cabel between pc and monitor,after that comes that Steam and Malware problem.(AVAST,F-Secure,AD-AWARE and Malware Bytes Anti-Malware did not found that MD5 or Malware.)

UnSaveDWisitor
10-16-2010, 12:40 AM
ERIIKOK,how did you solve this proplem?

Gentle
10-16-2010, 03:09 AM
Hi,i use that program then i delete it...

I hope it doesn't happen, but...Even just using the software one time could install a keylogger/malware file there and just wait for the right moment to launch. Then it would be bad.

Gentle

P.S. Please note, both users are "new". Both users use a little known software antivirus/antimalware? and both are talking about GameOverlayRenderer as if it is a trojan (which it is not). One then offers a "fix" which is potentially malware itself. Do not use the software he said he downloaded if you have a GameOverlayRenderer issue. CONTACT STEAM SUPPORT.

nullsquared
10-16-2010, 06:10 AM
Why would you do such a thing? You use a terrible program like Norman instead of Avast! or AVG, but then download a malicious program to remove the false alerts of Norman.

Anyone seeing where I'm going with this?

Gentle
10-16-2010, 06:12 AM
Read between the lines in my P.S. of my last message.

Gentle

nullsquared
10-16-2010, 06:13 AM
Read between the lines in my P.S. of my last message.

Gentle

They may be new to Steam, but not to anti-virus programs.

If they knew enough as to what an anti-virus program does, they should be able to know not to download every program they see. Especially not to just pick one out without seeing reviews or so.

seseorang
10-16-2010, 06:40 AM
If you downloaded the Steam install from www.steampowered.com then there is no cause for alarm and this is a false positive. If you downloaded this from another site then I would be dubious about it

Gentle
10-16-2010, 12:14 PM
They may be new to Steam, but not to anti-virus programs.

If they knew enough as to what an anti-virus program does, they should be able to know not to download every program they see. Especially not to just pick one out without seeing reviews or so.

O.k. I'll plainly spell it out.

Perhaps they don't really need support?

Perhaps the forums post was made to merely enable it to be found with a search engine to reinforce their stand that this program is a safe alternative to actually contacting support.

What if that program just attempts to gain access to other accounts by way of a keylogger?

Gentle

UnSaveDWisitor
10-16-2010, 01:18 PM
Hi,i let you know if something bad things start happent to my PC,if i can,heh.I think NORMAN is one of the best anti-virus program,F-Secure is good too,never test Kapersky.Steam is not new to me,i have games Half-Life,Half-Life 2 and Counter Strike.I check that there is in ATI folder AtiHDMI.sys files.This one which i moved was in wrong folder and it was a threat.I clean my fiwes brother laptop 2 years ago.When i try open Laptops to Windows,all i see was small red square midlle of screen.
There in laptop was over 500 hundred threats,Viruses,Malwares,Trojans and other.And today hes Laptop is still working and he use Avast now.

jaNNe
10-16-2010, 01:56 PM
Ew. Norman sucks. Had same problems before ;>

UnSaveDWisitor
10-16-2010, 03:50 PM
Hi,jaNNe,all this problems comes from Steam and Steam updated,because there is updates including XP,Vista and Windows 7,i have XP.

Gentle
10-16-2010, 11:19 PM
I have been using Steam since it was in beta, during the Counter-Strike 1.6 beta period.

That's sometime in early 2002.

Since that time I do not believe anyone has ever had a trojan from the Steam software.

If you claim you did, provide hard proof of that.

Not just you saying your software shows it is...

Get in touch with your anti-virus/anti-malware software maker and have them prove it to you.

Gentle

Dalek22
10-17-2010, 01:56 AM
Take a screenshot. To be honest, Norman fails for you. Just use Kaspersky, Malware Bytes, AVG 2011, Superanti spyware, they are great for catching stuff. Apart from that, Steam does not carry around viruses, you most probably downloaded something that sneaked onto your pc. It attacks that file and blam. There you have it.

UnSaveDWisitor
11-18-2010, 12:45 PM
Hello,finally i have answer to my "Steam Trojan" problem.There was problem in my PC.I have put 2Gb more DDR-memory,pc works some time with no harm,but now i know that those extra memory combs did not fit together with original ddram combs.Extra memory away and restart my PC and now i donīt have any problems with Steam,you were right about Steam.

cat126
11-18-2010, 02:02 PM
Hi, when i started steam today i got a message that said that Norman had found a trojan in C:Program files\...\GameOverlayRenderer.dll with the name "W32/Malware.OHZZ".

.

that file is not related to steam

Glowhyena
11-18-2010, 04:51 PM
I never thought Steam has Trojans.

Cyber 14
11-23-2010, 02:07 PM
that file is not related to steam


Either you're joking, or are thinking that the virus name is the file. The overlay renderer dll is a part of Steam. I've checked myself, digitally signed and everything. Not to offend you, just trying to clear up the confusion.

To the original poster, don't worry, this happens all the time. Most likely your AV saw the file launching and had a mental conversation something like: "AAAHHHHH!!! a program trying to insert itself into another!!! Quarantine!!! Quarantine!!! For the love of God, Quarantine!!!"

This has happened to me on several occasions with games. That's what the "send to (insert AV provider’s name here)" button is for, to verify whether or not something is in fact problematic. Due to the nature of heuristic scanning, naturally some innocent things will get caught in the net.

Just thought I'd let you know.

Peace out and God bless.