sLOVEnec Posted August 22, 2022 Share Posted August 22, 2022 Hi all, My system just started reporting a virus - I'm using Windows 11 and built-in Windows Defender. It started this morning when I returned from vacation, the computer has been turned off for a week. I checked the iCUE version it was 4.26.110. I checked the site, noticed 4.27.168, unistalled old one, installed new one, same error. I presume it's Defender reporting as a false positive, since I've been running iCUE software for a while now. Can someone verify all is ok, are other people with different AV programs receiving same alert? Andy 1 Link to comment Share on other sites More sharing options...
Atomicvai Posted August 22, 2022 Share Posted August 22, 2022 Having the same issue since this morning. Link to comment Share on other sites More sharing options...
KrMal Posted August 22, 2022 Share Posted August 22, 2022 Same. This is a new install of windows and this virus alert popped up just as I had installed iCue and started it for the first time. Just now when refreshed Windows update it installed a new security intelligence update ( Microsoft Defender Antivirus - KB2267602 (Version 1.373.806.0) and the virus alerts stopped so I guess its fixed (?) Link to comment Share on other sites More sharing options...
BuckeyeBunny Posted August 22, 2022 Share Posted August 22, 2022 Same happening to me. Uninstalled and reinstalled iCue, deleted all temp files, and same thing. Malwarebytes doesn't find any issues, just Windows Defender. Link to comment Share on other sites More sharing options...
Troggers Posted August 22, 2022 Share Posted August 22, 2022 Can confirm has also been happening to me since this afternoon. Link to comment Share on other sites More sharing options...
sLOVEnec Posted August 22, 2022 Author Share Posted August 22, 2022 Thanx guys, I can confirm that the 4pm CEST Microsoft update - KB2267602 (Version 1.373.806.0) stopped reporting iCUE as virus, seems it was a false positive. Link to comment Share on other sites More sharing options...
Troggers Posted August 22, 2022 Share Posted August 22, 2022 (edited) Interesting, I have just updated to KB2267602 (Version 1.373.806.0) and still getting the notification pop up, exact same as everyone else was getting. Edited August 22, 2022 by Troggers Link to comment Share on other sites More sharing options...
Bavanity Posted August 22, 2022 Share Posted August 22, 2022 Hi everyone My first post, I just joined for this and was somewhat relieved it was found in a google search! I just installed iCUE and went to change a colour profile and defender did its thing, claiming a trojan. Lenovo Legion 7i here. I use Malwarebytes premium in conjunction with Defender (with necessary exclusions set in either of course, but they can run together) and since MWB finds no problem after scanning the entire appdata folder, I will assume it's a false positive and I told Defender to allow. Fingers crossed! Link to comment Share on other sites More sharing options...
Leeds29 Posted August 23, 2022 Share Posted August 23, 2022 Hello everyone, exactly the same problem has occurred with me since yesterday. Unfortunately, I do not have a Windows update pending. Let's see how long the false positive messages last. Link to comment Share on other sites More sharing options...
Astral85 Posted August 23, 2022 Share Posted August 23, 2022 Files located in AppData\Local\Temp such as: CUE4fHXlUW{d4dbfc25-3c98-4dd8-aca2-103e8274d3e8} I assume are related to CUE4? Windows Defender detected two of these files on my system today as Trojan:Script/Wacatac.B!ml. Just wondering if they are likely a false positive. Link to comment Share on other sites More sharing options...
Jarik Posted August 23, 2022 Share Posted August 23, 2022 One more data point - Just got the same starting 22-Aug. Windows malware defs also just updated on a manual check. Appreciate the thread calling this out. Link to comment Share on other sites More sharing options...
dorio Posted August 23, 2022 Share Posted August 23, 2022 (edited) Adding to the pile with a same here. Severe threat notifcation for Trojan:Script/Sabsik.FL.A!ml or Trojan:Script/Sabsik.TE.A!ml in my AppData folder with a CUE4xxxxxxxxxxxx file every few hours since yesterday, just had another one now. Windows Security/Windows 11. Relieved to find this thread but still pretty concerned until there's confirmation of a false positive Edited August 23, 2022 by dorio added second trojan name Link to comment Share on other sites More sharing options...
darkwise Posted August 23, 2022 Share Posted August 23, 2022 Might as well put my hat in the ring also, I also noticed this fresh out of an install last night, same positive with the wacatac, I manually updated windows and it pulled another security intelligence version, and I noticed it stopped with the false positive, this morning. I closed icue, reopened icue, no more alerts, I then rebooted and it didn't alert me after reboot either, so manually update windows and hopefully it pulls the newer intelligence version and it goes away for you too....lol if it comes back, i'll edit the post. Hope this helps. Link to comment Share on other sites More sharing options...
YndeV Posted August 23, 2022 Share Posted August 23, 2022 I've been having this issue as well. No updates available. I'm on Windows 10, for what it's worth. Tried three other pieces of antivirus software, none of which detected a thing. Link to comment Share on other sites More sharing options...
Corsair Employee Corsair Nick Posted August 23, 2022 Corsair Employee Share Posted August 23, 2022 @sLOVEnec thank you for bringing this to our attention. I've escalated this to our validations team to review. For someone of you, it looks like the KB2267602 (Version 1.373.806.0) update did not resolve the issue like it did for sLOVEnec. Besides Windows Defender, is there any other software that is detecting a false positive? If so, please let us know so that we can pass this information on to our development team. Link to comment Share on other sites More sharing options...
numach Posted August 23, 2022 Share Posted August 23, 2022 Just adding my hat into the ring. I've got 4 notifications starting a little after 3am this morning and going until about 11:30am. Each time a new name for the CUE......H!ml temp file. Running Windows 10 here but from what I see it doesn't seem to matter whether it's 10 or 11. I just heard this morning about a new MS security update that broke logins for some users... maybe it caused this too? Good ol' MS updates! Link to comment Share on other sites More sharing options...
frizur Posted August 23, 2022 Share Posted August 23, 2022 (edited) yes, suddenly icue gets reported as containing a virus.... a newly detected one. god knows how long corsair been doing this. it figured, corsair can't be trusted . Edited August 23, 2022 by frizur Link to comment Share on other sites More sharing options...
HoodCal Posted August 24, 2022 Share Posted August 24, 2022 Also having this issue. Installed icue for the first time today Link to comment Share on other sites More sharing options...
Hazardouswolf Posted August 24, 2022 Share Posted August 24, 2022 I've been having this happen as well. Noticed the pattern of the file path always being "CUE4" in my temp folder. These were all the detections I've gotten so far with my screenshot highlighting the very beginning of it, all being in the same folder and starting with CUE4, so I believe there may be a false positive possibly happening here with the iCUE app. Did a full system scan with both malwarebytes and windows defender and nothing ever showed up. I also did an offline scan twice with defender and got the same result, nothing. However defender has periodically reported this being the issue though for the past two days now. Link to comment Share on other sites More sharing options...
Corsair Employee Corsair Nick Posted September 1, 2022 Corsair Employee Share Posted September 1, 2022 Quick update for all of you. Thank you for sharing the information and assisting our team with this issue. Based on our testing, if you are experiencing this issue, please be sure to perform Microsoft Update KB2267602 (Version 1.373.816.0). This should resolve any issues with iCUE being improperly detected as a virus. If anyone else experiences other issues related to this, please let us know. Link to comment Share on other sites More sharing options...
ShamWoW Posted October 12, 2022 Share Posted October 12, 2022 FWIW, the most recent iCUE update (Build date of 7th of October) triggered this again. Link to comment Share on other sites More sharing options...
VeriSkye1123 Posted October 13, 2022 Share Posted October 13, 2022 This started flagging while the install was running but yes flagging as of the newest update to icue. Link to comment Share on other sites More sharing options...
jackd Posted February 27, 2023 Share Posted February 27, 2023 (edited) On 8/23/2022 at 10:23 PM, Corsair Nick said: @sLOVEnec thank you for bringing this to our attention. I've escalated this to our validations team to review. For someone of you, it looks like the KB2267602 (Version 1.373.806.0) update did not resolve the issue like it did for sLOVEnec. Besides Windows Defender, is there any other software that is detecting a false positive? If so, please let us know so that we can pass this information on to our development team. avast paid premium quarantined isolated leonova related isues, de-indtalled Icue, and without it my windows 10 LTSC seems to run fine LoL. Edited February 27, 2023 by jackd Link to comment Share on other sites More sharing options...
jackd Posted February 27, 2023 Share Posted February 27, 2023 looked it up: 'Leonovo760s'. Link to comment Share on other sites More sharing options...
xabel22x Posted April 6, 2023 Share Posted April 6, 2023 On 1/9/2022 at 23:50, Corsair Nick said: Actualización rápida para todos ustedes. Gracias por compartir la información y ayudar a nuestro equipo con este problema. Según nuestras pruebas, si experimenta este problema, asegúrese de ejecutar Microsoft Update KB2267602 (versión 1.373.816.0). Esto debería resolver cualquier problema con la detección incorrecta de iCUE como virus. Si alguien más experimenta otros problemas relacionados con esto, háganoslo saber. I recently found that when installing Icue several conhost processes run, which makes me totally distrust this program, since searching the internet I have seen that you have to be careful because there are programs that run those processes to mine from your graphics cards... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now