Vortex v1.0 only - Trojan Virus in member.exe ?

[rmm200]

It would help if people reporting malware would indicated where they are located. Some parts of the world are riskier for malware than others.

That and Vortex really needs to post a checksum. Then we could verify the package Vortex sent is actually the package you got.

My trust in the world wide internet has gone down a lot in recent years.

[Pickysaurus]

As far as I can tell, this is a false positive from Windows Defender. Very similar to when Microsoft's AV decides random mod files that have been up for ages are malicious.

[LostDragonist]

The code in question is Detours, not Detour. https://www.microsoft.com/en-us/research/project/detours/ This is Microsoft's code which only Microsoft's Windows Defender is picking up as a trojan. That's a little funny.

 

I'm guessing someone released some sort of trojan that uses Detours for nefarious purposes so now any legitimate usage of Detours is being picked up as that trojan.

 

Detours is being used in the node-native-errors module: https://github.com/Nexus-Mods/node-native-errors.

 

Best I can tell, the code for Detours used by Vortex is unchanged from the code provided by Microsoft.

 

So... all in all, probably nothing to worry about.

[AlantirDarke]

I did the Malware Bytes, Hitman Pro and Windows Safety Scanner round of scans and they all came back negative. After another windows scan, it supposedly found the threat and removed it.

 

To be safe I scanned the Vortex folder and the mods folder where I last installed mods and nothing came up. Ran vortex and so far no odd computer behavior.

 

So I'm inclined to agree (hopeful) that it's a false positive. I'll defer to the the judgement of the almighty coders on this though. :)

 

AD

[Rovlad84]

I've reported this to MS Defender team with all the relevant info, including link to this thread.

I'm 99.99% sure that it's a false positive on Defender's part though, so hopefully they'll just update its definitions and it will stop freaking out.

[HadToRegister]

Kaspersky user here, no such report.

What seems to be in common with everybody who is getting the alarm is that they're using "Windows Defender"

Microsoft: Here's why Windows Defender AV isn't ranked higher in new antivirus tests

 

 

 

Windows Defender still has problems with incorrectly classifying legitimate apps as malware, according to the January-February test.

[amoeba00]

It would certainly help if the file hashes could be posted so folks could also use that as a tool to determine if the original source has been compromised.

[Rovlad84]

Looks like it's been fixed with their latest definitions (1.299.1250.0).

[AugustaCalidia]

It would certainly help if the file hashes could be posted so folks could also use that as a tool to determine if the original source has been compromised.

Use Vortex feedback to send that suggestion to the developers.

[amoeba00]

Looks like it's been fixed with their latest definitions (1.299.1250.0).

Just updated the definitions and still got the same alert.