ICUE has a virus?

[sLOVEnec]

Hi all,

My system just started reporting a virus - I'm using Windows 11 and built-in Windows Defender. It started this morning when I returned from vacation, the computer has been turned off for a week. I checked the iCUE version it was 4.26.110. I checked the site, noticed 4.27.168, unistalled old one, installed new one, same error.  I presume it's Defender reporting as a false positive, since I've been running iCUE software for a while now. Can someone verify all is ok, are other people with different AV programs receiving same alert?

 

Andy

[Atomicvai]

Having the same issue since this morning.

[KrMal]

Same.

This is a new install of windows and this virus alert popped up just as I had installed iCue and started it for the first time.

Just now when refreshed Windows update it installed a new security intelligence update ( Microsoft Defender Antivirus - KB2267602 (Version 1.373.806.0) and the virus alerts stopped so I guess its fixed (?)

 

 

[BuckeyeBunny]

Same happening to me.  Uninstalled and reinstalled iCue, deleted all temp files, and same thing.  Malwarebytes doesn't find any issues, just Windows Defender. 

[Troggers]

Can confirm has also been happening to me since this afternoon.

[sLOVEnec]

Thanx guys,

I can confirm that the 4pm CEST Microsoft update - KB2267602 (Version 1.373.806.0) stopped reporting iCUE as virus, seems it was a false positive.

[Troggers]

Interesting, I have just updated to KB2267602 (Version 1.373.806.0) and still getting  the notification pop up, exact same as everyone else was getting.

Edited August 22, 2022 by Troggers

[Bavanity]

 Hi everyone

My first post, I just joined for this and was somewhat relieved it was found in a google search!

I just installed iCUE and went to change a colour profile and defender did its thing, claiming a trojan.

Lenovo Legion 7i here.

I use Malwarebytes premium in conjunction with Defender (with necessary exclusions set in either of course, but they can run together)

and since MWB finds no problem after scanning the entire appdata folder, I will assume it's a false positive and I told Defender to allow.

Fingers crossed!

[Leeds29]

Hello everyone,

exactly the same problem has occurred with me since yesterday.

Unfortunately, I do not have a Windows update pending. 

Let's see how long the false positive messages last.

[Astral85]

Files located in AppData\Local\Temp such as: CUE4fHXlUW{d4dbfc25-3c98-4dd8-aca2-103e8274d3e8} I assume are related to CUE4? Windows Defender detected two of these files on my system today as Trojan:Script/Wacatac.B!ml. Just wondering if they are likely a false positive.

[Jarik]

One more data point - Just got the same starting 22-Aug.  Windows malware defs also just updated on a manual check.

Appreciate the thread calling this out.

[dorio]

Adding to the pile with a same here. Severe threat notifcation for Trojan:Script/Sabsik.FL.A!ml or Trojan:Script/Sabsik.TE.A!ml in my AppData folder with a CUE4xxxxxxxxxxxx file every few hours since yesterday, just had another one now. Windows Security/Windows 11.

Relieved to find this thread but still pretty concerned until there's confirmation of a false positive

Edited August 23, 2022 by dorio
added second trojan name

[darkwise]

Might as well put my hat in the ring also, I also noticed this fresh out of an install last night, same positive with the wacatac, I manually updated windows and it pulled another security intelligence version, and I noticed it stopped with the false positive, this morning. I closed icue, reopened icue, no more alerts, I then rebooted and it didn't alert me after reboot either, so manually update windows and hopefully it pulls the newer intelligence version and it goes away for you too....lol if it comes back, i'll edit the post. Hope this helps.

[YndeV]

I've been having this issue as well. No updates available. I'm on Windows 10, for what it's worth. Tried three other pieces of antivirus software, none of which detected a thing.

[Corsair Nick]

@sLOVEnec thank you for bringing this to our attention.  I've escalated this to our validations team to review.

For someone of you, it looks like the KB2267602 (Version 1.373.806.0) update did not resolve the issue like it did for sLOVEnec.  Besides Windows Defender, is there any other software that is detecting a false positive?  If so, please let us know so that we can pass this information on to our development team.

[numach]

Just adding my hat into the ring. I've got 4 notifications starting a little after 3am this morning and going until about 11:30am. Each time a new name for the CUE......H!ml temp file. Running Windows 10  here but from what I see it doesn't seem to matter whether it's 10 or 11. I just heard this morning about a new MS security update that broke logins for some users... maybe it caused this too? Good ol' MS updates!

[frizur]

yes, suddenly icue gets reported as containing a virus.... a newly detected one. god knows how long corsair been doing this.

it figured, corsair can't be trusted . 

Edited August 23, 2022 by frizur

[HoodCal]

Also having this issue. Installed icue for the first time today

[Hazardouswolf]

I've been having this happen as well. Noticed the pattern of the file path always being "CUE4" in my temp folder. These were all the detections I've gotten so far with my screenshot highlighting the very beginning of it, all being in the same folder and starting with CUE4, so I believe there may be a false positive possibly happening here with the iCUE app. Did a full system scan with both malwarebytes and windows defender and nothing ever showed up. I also did an offline scan twice with defender and got the same result, nothing. However defender has periodically reported this being the issue though for the past two days now.

[Corsair Nick]

Quick update for all of you.  Thank you for sharing the information and assisting our team with this issue.  Based on our testing, if you are experiencing this issue, please be sure to perform Microsoft Update KB2267602 (Version 1.373.816.0).  This should resolve any issues with iCUE being improperly detected as a virus.

If anyone else experiences other issues related to this, please let us know.

[ShamWoW]

FWIW, the most recent iCUE update (Build date of 7th of October) triggered this again.

 

 

[VeriSkye1123]

This started flagging while the install was running but yes flagging as of the newest update to icue.

[jackd]

On 8/23/2022 at 10:23 PM, Corsair Nick said:

@sLOVEnec thank you for bringing this to our attention.  I've escalated this to our validations team to review.

For someone of you, it looks like the KB2267602 (Version 1.373.806.0) update did not resolve the issue like it did for sLOVEnec.  Besides Windows Defender, is there any other software that is detecting a false positive?  If so, please let us know so that we can pass this information on to our development team.

avast paid premium quarantined isolated leonova related isues, de-indtalled Icue, and without it my windows 10 LTSC seems to run fine LoL.

Edited February 27, 2023 by jackd

[jackd]

looked it up: 'Leonovo760s'.

[xabel22x]

On 1/9/2022 at 23:50, Corsair Nick said:

Actualización rápida para todos ustedes. Gracias por compartir la información y ayudar a nuestro equipo con este problema. Según nuestras pruebas, si experimenta este problema, asegúrese de ejecutar Microsoft Update KB2267602 (versión 1.373.816.0). Esto debería resolver cualquier problema con la detección incorrecta de iCUE como virus.

Si alguien más experimenta otros problemas relacionados con esto, háganoslo saber.

I recently found that when installing Icue several conhost processes run, which makes me totally distrust this program, since searching the internet I have seen that you have to be careful because there are programs that run those processes to mine from your graphics cards...