Jump to content

Be careful of the new Vortex update

emrik99

By emrik99
in Vortex Support

Recommended Posts

HadToRegister Grand Master

HadToRegister

Posted
Posted

So after uninstalling , reinstalling many times and using my antivirus every time I came up with some odd results

When i scanned the update file itself there was no virus found

however if i let vortex update , it would try to install the trojan, defender would quarantine it and id get an error message about noodle.dll

 

So i went to users/username/appdata/roaming/vortex/update and deleted everything in there

then reinstalled from the previous version , forcing it to download a new copy of the update

did a defender offline scan and rebooted my computer

fired up vortex and let it download the update and reinstall

the trojan was back

 

I don't know how this is happening , All i can offer is the above and say that if you go to shut down vortex without it being for an update and it asks for permissions to change things , say no .

 

 

Did you ever scan your system while Vortex was uninstalled?

 

You could have something sitting in your temp directory that's going to try and install every time you try and install ANYTHING.

Link to comment
Share on other sites
rmm200 Grand Master

rmm200

Posted
Posted

Question on the Vortex installer.

Does the Installer package include - EVERYTHING - Vortex needs?

We know Vortex includes a lot of open source packages. Do any of those get downloaded at install time?

Just looking for other places a virus could sneak in. Given that only the OP has seen this behavior, it does seem to make it specific to his system.

Link to comment
Share on other sites
emrik99 Rookie

emrik99

Posted
  • Author
Posted

 

So after uninstalling , reinstalling many times and using my antivirus every time I came up with some odd results

When i scanned the update file itself there was no virus found

however if i let vortex update , it would try to install the trojan, defender would quarantine it and id get an error message about noodle.dll

 

So i went to users/username/appdata/roaming/vortex/update and deleted everything in there

then reinstalled from the previous version , forcing it to download a new copy of the update

did a defender offline scan and rebooted my computer

fired up vortex and let it download the update and reinstall

the trojan was back

 

I don't know how this is happening , All i can offer is the above and say that if you go to shut down vortex without it being for an update and it asks for permissions to change things , say no .

 

 

Did you ever scan your system while Vortex was uninstalled?

 

You could have something sitting in your temp directory that's going to try and install every time you try and install ANYTHING.

 

Yes i did a deep scan, 6 hrs and nothing found

I agree that seems likely except ive installed 17.7 a few times and never had the issue its only when i try 17.8

 

So im not sure what to do . All i know is that it auto updated the night of the 20th, then on the 21st mid download of some fallout mods with vortex the errors started popping up .

I googled for the error messages and got a video telling me to remove files from defender quarantine to get it to work.

So I checked what was in quarantine and sure enough there was the Trojan:Win32/Skeeyah.l

Needless to say with a title like that I googled what that was before i doing anything else and it came back as virus that will allow 3rd party control of your computer, steal sensitive info and in a general sense slow the operating system down.

Link to comment
Share on other sites
rmm200 Grand Master

rmm200

Posted
Posted

You might also check what version Windows Defender you are using. False positives are a real thing. Update it if you can.

Don't go too much by the Trojan name. That is just the pattern Windows Defender found. Nothing to do with an actual file name.

Link to comment
Share on other sites
emrik99 Rookie

emrik99

Posted
  • Author
Posted

You might also check what version Windows Defender you are using. False positives are a real thing. Update it if you can.

Don't go too much by the Trojan name. That is just the pattern Windows Defender found. Nothing to do with an actual file name.

I didnt consider false positives ty for that . I ran Microsoft security tool and let it do a deep scan. It found nothing either.

As per your suggestion of an update, defender updated yesterday morning but i made it check again and it had a new one for this afternoon.

 

I updated vortex to 17.8

got the warning "Controlled Folder Access Detected" and when you click on it for more info you get this

 

 

I did not follow its instructions this time , i went and selected a mod at random

vortex downloaded it and installed it without a problem

i closed and re opened vortex and no issues , nothing detected by defender.

 

So i guess ill use the 17.8 and just ignore the notification about controlled folder access

Your theory about a false flag might be very on point , I really dont know as no other program found a problem

i just know that its working now , defender isn't quarantining anything so im gonna go just not mess with it , the notification icon is annoying but i can tune that out .

 

 

Ty everyone for your suggestions etc

Link to comment
Share on other sites
HadToRegister Grand Master

HadToRegister

Posted
Posted

I am a little concerned that you triggered Controlled Folder Access.

Show us what you specified for Download directory and Mod directory.

Also where is your game directory located.

We might have some useful insights.

 

 

It's a known problem with Windows Defender and Vortex.

Since some people let Vortex install to the default locations, Windows Defender kicks in, whenever Vortex tries to write stuff to that Microsoft "protected" directory.

 

MS is such a pain, first they insist on everything installing to Program File (x86), then they make it so even an admin can barely access it

Link to comment
Share on other sites
emrik99 Rookie

emrik99

Posted
  • Author
Posted

I am a little concerned that you triggered Controlled Folder Access.

Show us what you specified for Download directory and Mod directory.

Also where is your game directory located.

We might have some useful insights.

 

I have 2 drives , of course vortex uses C:/users/"username"/ etc for temp files and the like , but i store all my games , steam and otherwise on my d drive which for convience has a programfilesx86 on it .

I do this because my C drive is smaller and is mainly just for my os , the D drive is 1tb as opposed to c being 250gig

Link to comment
Share on other sites
HadToRegister Grand Master

HadToRegister

Posted
Posted

 

I am a little concerned that you triggered Controlled Folder Access.

Show us what you specified for Download directory and Mod directory.

Also where is your game directory located.

We might have some useful insights.

 

I have 2 drives , of course vortex uses C:/users/"username"/ etc for temp files and the like , but i store all my games , steam and otherwise on my d drive which for convience has a programfilesx86 on it .

I do this because my C drive is smaller and is mainly just for my os , the D drive is 1tb as opposed to c being 250gig

 

 

Since your games or on your D:\ drive, be sure to have your Mod Staging Folder on your D:\ drive as well.

Screenshot shows where that setting is.

 

 

Vortex-Staging-Folder.jpg

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...