Be careful of the new Vortex update

[doahs]

I thought I better post a belated update on the upgrade of my Vortex app. Remember I posted that after the upgrade I could not start Vortex. It eventually started after I restarted the computer.

 

I then thought maybe my anti'virus was stopping Vortex from launching or activating something.

 

The next day I checked the list of my latest installs. I had not done any installs for a while. I found a malware app had been installed on the day Vortex was upgraded. I checked the web about the app and it had been listed as malware.

 

I was surprised my anti-virus had not stopped installation, but I guess it did but I may have forced an install when I restarted the computer.

 

Maybe it was just a coincidence, but it may be worth checking installed applications for unknown programs after the Vortex upgrade.

 

I wish I had noted the name of the malware before uninstalling it.

[Dark0ne]

There are now hundreds of thousands of users who are using and updating Vortex each month, yet you are the only one who has reported a link between malware on your system and the Vortex update process. Is it likely that hundreds of thousands of people have not noticed this issue, or is it more likely that this is not related to Vortex and more likely something else on your system is causing this?

 

We'll continue to listen for any other people having this issue, but right now, there's no proof Vortex is any sort of attack vector for malware.

[krazyborge]

I encountered this same issue today (I haven't updated or opened Vortex in a few months). Windows Defender picked it up immediately after I clicked "fix now" in Vortex.

[AugustaCalidia]

Neither Norton nor Malwarebytes detect the virus mentioned. They both deem Vortex 1.0 safe. I downloaded 1.0 from Nexusmods several days ago. I do not use the Vortex updater.

[krazyborge]

I've been able to replicate it with Windows Defender:

1. Manual download vortex exe from https://www.nexusmods.com/site/mods/1?tab=files
2. On computer extract the exe using winrar (or other archiving tool)
3. Right-click the extracted folder and select 'Scan using Windows Defender'

Results:
Windows Defender detects Trojan:Win32/Skeeyah.A!MTB in \Vortex-1-1-0-0-1564485055\resources\app.asar.unpacked\node_modules\native-errors\Detours\bin.X64\member.exe

 

Note: I'm not meaning to be accusatory and am aware this is likely a false positive. Just thought I'd post it for reference.

 

 

*Edit*: Also tested online and it looks like only Windows Defender picks this up: https://www.virustotal.com/gui/file/255d34ac5786570b9066e325cb8bb2bac34411650ebfbac0906d315c516d3397/detection

[AugustaCalidia]

After the virus reports, I re-downloaded Vortex 1.0 (default install) from Nexusmods and re-installed it. Both Norton and Malwarebytes still report 1.0 as safe.

[HadToRegister]

Kaspersky user here, no such report.

What seems to be in common with everybody who is getting the alarm is that they're using "Windows Defender"

Microsoft: Here's why Windows Defender AV isn't ranked higher in new antivirus tests

 

 

 

Windows Defender still has problems with incorrectly classifying legitimate apps as malware, according to the January-February test.

[AugustaCalidia]

The problem seens to be a Windows Defender issue. It appears to have now been fixed, according to a post in this thread: https://forums.nexus...emberexe/page-2.

[oblivionfan52]

The problem seens to be a Windows Defender issue. It appears to have now been fixed, according to a post in this thread: https://forums.nexus...emberexe/page-2.

It might be a Windows defender issue but it is not fixed, I've just gotten the same warning running the the definition update mentioned in that post.

[thekillershark223]

bit startled on this myself. running a deep scan with defender to be safe but thank you guys for saving me from a heart attack. (note to self, get something other than Defender as protection software)