Win Defender Detecting Virus when I open OBS

[thenickster15]

Hi everybody,

I recently got an El Gato stream deck for streaming on OBS. Today when I opened OBS, Windows defender popped up saying a threat was detected:

Trojan:Script/Wacatac.B!ml

This happened every time I opened OBS, the supposed threat is located at: C:\Users\[me]\AppData\Roaming\obs-studio\plugin_config\obs-browser\Cache\f_002129

I'm fairly certain this is a false positive after installing the stream deck, but I wanted to know if others have dealt with this or something similar?

Thanks in advance!

 

[koala]

I doubt this is a false positive. You're probably in danger. This directory is the cache of the obs internal browser, so it seems you navigated to some malware distributing website with the obs internal browser, so that trojan was downloaded and is now as cached object in the browser cache. If it is also present as live file on your harddrive isn't clear. I don't know if the internal browser has some download functionality. If it has, there is danger. If it doesn't, it might be sufficient to remove that file. In either case, you should scan your computer thoroughly and completely with Windows defender and delete found malware files.

 

[thenickster15]

I doubt this is a false positive. You're probably in danger. This directory is the cache of the obs internal browser, so it seems you navigated to some malware distributing website with the obs internal browser, so that trojan was downloaded and is now as cached object in the browser cache. If it is also present as live file on your harddrive isn't clear. I don't know if the internal browser has some download functionality. If it has, there is danger. If it doesn't, it might be sufficient to remove that file. In either case, you should scan your computer thoroughly and completely with Windows defender and delete found malware files.

Yikes, okay thanks, I've deleted the files. OBS isn't triggering Windows Defender anymore, I'm going to run a scan and make sure everything is all good...Thanks!

 

[Harold]

As of right now, windows defender may be mis-detecting cookies for twitch authentication as malicious. Report them as false positives please.

 

[thenickster15]

As of right now, windows defender may be mis-detecting cookies for twitch authentication as malicious. Report them as false positives please.

I figured it might be false positives. Every time OBS creates a new cache file, Defender flags it as a Trojan:Script/Wacatac.B!ml threat.

 

[Harold]

Check for updates to defender, a hotfix from microsoft may have been pushed

 

[thenickster15]

Check for updates to defender, a hotfix from microsoft may have been pushed

Perfect, thanks I will!

 

[thenickster15]

Just a quick update, checked for Defender updates, I do not seem to be having this issue anymore!