Malware detected from Steam dl Witcher 3 Win32/Vigram.A

+
Hello, just installed Windows in my new PC. After trying to download Witcher 3 from Steam I can't complete the download since Windows Defender detects malware in steam download folder (tried 3 times already):
https://pasteboard.co/HZwNSB4YU0dr.png
Win32/Vigram.A (Crashreporter.exe)

Just sent request to CD Projekt Red Support, hope you guys work on this soon. I googled about it but only found a thread about it in a Russian forum, so I don't think its an issue on my end.

Thanks
 
I could be wrong but I googled "Vigram.a" and it appear to be a "well known" trojan... So I highly doubt it could be included with the game.
And even if it was the case, I assume everyone who use an anti-virus would have this alert while installing the game, and as far as I know, you're the only one.

So I could suggest to perform a full scan of your PC to be sure it's not already there.
 
Did you see the printscreen? The file infected is downloaded via Steam. I already did a scan, nothing was found (Windows Defender and Kaspersky)

Sorry, just realized created this topic in CP forum
 
Last edited:
Hi, I had the exact same 'error'.

Here you can find somebody else as well:

Looking trough this forum it seems people are reporting similiar 'issues' with Cyberpunk and GoG client in the past

GoG:

Cyberpunk 2077:

Also on Reddit:
https://www.reddit.com/r/gog/comments/ka4owp
The VirusTotal Link in my first URL (malwarebytes forum) seems only MS, Trapmine and Rising (have not heard of the last two before) seem to flag it like this.

This makes me think its a false positive.
I however also submitted as ticket today (no response yet) and MS Defender quarantined the file. I did a full scan with Defender and Malware bytes and nothing came up.
 
Same warning here, assume its a false positive, but CD Project should look into it before it spooks more people off.
 
Weird that few players encounter this "issue" now (and none before).
Could be wrong, but Windows Defender don't get an update recently (like January 9th) ?
Maybe related ?
https://www.microsoft.com/en-us/wdsi/defenderupdates

Latest security intelligence update​

The latest security intelligence update is:
  • Version: 1.381.1972.0
  • Engine Version: 1.1.19900.2
  • Platform Version: 4.18.2211.5
  • Released: 1/9/2023 8:12:56 PM
  • Documentation: Release notes
 
That is probably the reason why. This game does not crash every day, so you only notice once the crash handler tries to start up.
I (and the person on the Malwarebytes forum) had this since friday looking at the virus total link it has first been seen the 22nd of december 2022 (release I belive?)
First Seen In The Wild
2022-12-22 14:09:40 UTC
First Submission
2022-12-22 18:20:47 UTC

i do agree that Defender most likely only gets triggered because crashreporter.exe tries to run after a crash which in my case is not that often.
There is also a crashreporter.exe in the dx11 folder which does not seem to trigger it which might be because Defender only gets triggered when the .exe runs and tries to collect things. I believe that is the part that triggers it but I'm not an expert ;).
See: https://www.microsoft.com/en-us/wds...n?Name=Program:Win32/Vigram.A&threatId=232718

Also for me personally If I'd were to use another AV I would never have known about this as it would not have triggered.
I have not received a response to my ticket yet. Would be great if CDPR could shed some light on it but at the moment I'm not to worried about this looking at the previous reportswith Crashreporter.exe and the fact that virustotal still thinks it's mostly 'clean'.
 
Last edited:
I (and the person on the Malwarebytes forum had this since friday) looking at the virus total link it has first been seen the 22nd of december 2022 (release I belive?)
First Seen In The Wild
2022-12-22 14:09:40 UTC
First Submission
2022-12-22 18:20:47 UTC

i do agree that Defender most likely only gets triggered because crashreporter.exe tries to run after a crash which in my case is not that often.
There is also a crashreporter.exe in the dx11 folder which does not seem to trigger it which might be because Defender only gets triggered when the .exe runs and tries to collect things. I believe that is the part that triggers it but I'm not an expert ;).
See: https://www.microsoft.com/en-us/wds...n?Name=Program:Win32/Vigram.A&threatId=232718

Also for me personally If I'd were to use another AV I would never have known about this as it would not have triggered.
I have not received a response to my ticket yet. Would be great if CDPR could shed some light on it but at the moment I'm not to worried about this looking at the previous reportswith Crashreporter.exe and the fact that virustotal still thinks it's mostly 'clean'.
Thank you desertfox, I've contacted CD Projekt Red but had no feedback yet. It seems like a false positive, but may impact a lot of people trying to install through steam.
 
Thank you desertfox, I've contacted CD Projekt Red but had no feedback yet. It seems like a false positive, but may impact a lot of people trying to install through steam.
I got a reply back but the basicly only mention to add the app to an 'allow' list in Defender. (or bitdefender) using these instructions: (they did not link this but the text in their mail is pretty much the same)

There was no concrete mention whether this is a false positive or any info so I reply'd back notifying them about this thread and suggested maybe they can update their support page or something with an official message. :)
 
I always have Norton Antivirus turned on and it never complained (although Norton is often too quick to complain), so my bet is also that it's a false positive.
 
Thank you desertfox, I've contacted CD Projekt Red but had no feedback yet. It seems like a false positive, but may impact a lot of people trying to install through steam.
How did you contact CD Project? I checked their support site and could only find articles, but no support form or email.
 
How did you contact CD Project? I checked their support site and could only find articles, but no support form or email.
On some categories (not all).
If there is no categroy for the issue/subject you want to submit, just chose the "closest" category.
For the probable "false positive", this one should be fine ("Contact Us" button)
 
Update received from CD PR support
1673401357130.png
 
Hi all, I'm back behind my machine and can confirm that Windows Defender does not see crashreporter.exe as a 'virus' anymore! :) Just did a verify files on Steam and a scan of the crashreporter.exe file. It is no longer seen as a threat or automaticly removed or quarantined.

i also got a reply back from CDPR support but the basicly only asked me wheter the issue I had still occured or not kind of not mentioned the 'virus' part so I'm just gonna tell them to flag it as solved and mention (advise) that I can cause some confusion so that someone will have a look at it.

I'll keep an eye on this thread for a while and for reports from Defender ofcourse ;)
 
Top Bottom