How to remove Trojan.MSIL.Steamazo

Discussion in 'other anti-virus software' started by rfresh, Oct 24, 2017.

  1. rfresh

    rfresh Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    10
    Location:
    USA
    I develop .NET programs for windows. I uploaded one of my programs to my website so customers can download it and use it. One of them said their browser warned them re the Trojan.MSIL.Steamazo virus and refused to download the file.

    I spent most of yesterday running anti-virus programs on my PC and none of them found a virus at all. I ran Malwarebutes, Avast, Bullguard, SpyHunter and ClamWin.

    However, when I load my file to various online virus scanning websites, out of 24 sites they use to scan the file, 2 sites report finding this virus. SpyHunter told me these are 'most likely' false positives.

    My question is: is there a known anti-virus program that can find this virus if it is on my PC? Or should I assume this is a false positive and tell my customer to download my file using another browser?

    Thanks for any help...
     
  2. zorro zorrito

    zorro zorrito Registered Member

    Joined:
    Feb 19, 2006
    Posts:
    175
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Have you scanned your web site to make sure it is clean?
     
  4. rfresh

    rfresh Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    10
    Location:
    USA
    I ran a scan using Dr. Web CureIt. It didn't find that specific virus (Trojan.MSIL.Steamazo) but it reported that BullGuardSetup.exe has a virus.
     
  5. rfresh

    rfresh Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    10
    Location:
    USA
    My hosting provider has an active anti-virus program watching all uploading of files. It won't let me FTP up a file if their software detects a virus. I've not been able to upload this file because it tells me it has a virus but doesn't identify which one. Not very helpful.

    I've now run a scan on my development PC using: BullGuard, HitManPro, AVG, Avast, Malwarebytes, Windows Defender and SpyHunter. None have found this virus. Only my hosting provider has found 'something' and those scanning websites, 2 have found this Trojan.MSIL.Steamazo virus. The rest of the scanning sites (about 20 of them) found nothing on this file.

    I'm starting to think this is a false positive, but I am not sure.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
  7. rfresh

    rfresh Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    10
    Location:
    USA
    I did that. I just did it again. See results from the attachment. 3 engines found viruses.

    62 scanning engines ran. The file upload size is very restricted on this site so I had to crop the attachment down to show just the virus hits. But there were 62 scan engines that ran. 59 passed.
     

    Attached Files:

  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    OK. This confirms what I suspected. This "Trojan.MSIL.Steamazo" is unique to Ikarus. Ikarus is known for false positives. I would directly contact them and report the FP to them. Note that Ikarus is classifying it as adware. Sure you have not incorporated any of that?
     
  9. rfresh

    rfresh Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    10
    Location:
    USA
    >Sure you have not incorporated any of that?

    Absolutely not. Thanks I will report it to them.

    Update: This has been reported to them.
     
    Last edited: Oct 24, 2017
  10. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I would say it is definitely a false positive. Both Baidu and eGambit have major issues with false positives.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.