H
hjlbx
Thread author
AMD users should be aware that some AMD graphics driver installers, and drivers themselves, are being detected as malware.
Oh boy, this can be real problem...
I noticed this after scanning a test system with Bitdefender. Bitdefender returned a file detection for atiode.exe and vcredist.exe_x86 2012.exe. atiode.exe is a part of AMD\ATI Catalyst Control Center.
NOTE: These files are installed by the more recent AMD\ATI graphics and chipset\RAID installers - available for direct download at the AMD Driver Support webpage - as well as OEM supplied install package.
This Herd Protect link is from 02/17/2016:
http://www.herdprotect.com/atiode.exe-6dfde22ae8f1f2e7a896ea83416db1906317f6ff.aspx
Upon further examination, I performed a Virus Total query. Security soft vendors such as Avast and Bitdefender - among others - are currently detecting a few of the AMD\ATI executables as malicious.
COMODO Valkyrie detects some as malware, but others as safe. A file not detected by Bitdefender was rated by Vakyrie as a backdoor - pending manual analysis by a COMODO technician. A final verdict will not be made until manual analysis is performed.
It appears that one vendor's scan engine made a malicious file verdict via heuristics, uploaded it to Virus Total, and other vendors are just copying that file verdict.
AMD users need to be aware of this fact !
Your security suite will detect - and delete\quarantine these objects - dependent upon settings ! atiode.exe is installed to C:\Windows\System32\DriverStore ! Blocking and\or deleting\quarantining it might cause your graphics software to malfunction.
If your AV makes any detection of AMD\ATI files investigate further - before permanently deleting the file(s) ! If you determine the files are safe, then add them to AV scan exclusions list. You might also consider submitting any detected files as false positives.
Oh boy, this can be real problem...
I noticed this after scanning a test system with Bitdefender. Bitdefender returned a file detection for atiode.exe and vcredist.exe_x86 2012.exe. atiode.exe is a part of AMD\ATI Catalyst Control Center.
NOTE: These files are installed by the more recent AMD\ATI graphics and chipset\RAID installers - available for direct download at the AMD Driver Support webpage - as well as OEM supplied install package.
This Herd Protect link is from 02/17/2016:
http://www.herdprotect.com/atiode.exe-6dfde22ae8f1f2e7a896ea83416db1906317f6ff.aspx
Upon further examination, I performed a Virus Total query. Security soft vendors such as Avast and Bitdefender - among others - are currently detecting a few of the AMD\ATI executables as malicious.
COMODO Valkyrie detects some as malware, but others as safe. A file not detected by Bitdefender was rated by Vakyrie as a backdoor - pending manual analysis by a COMODO technician. A final verdict will not be made until manual analysis is performed.
It appears that one vendor's scan engine made a malicious file verdict via heuristics, uploaded it to Virus Total, and other vendors are just copying that file verdict.
AMD users need to be aware of this fact !
Your security suite will detect - and delete\quarantine these objects - dependent upon settings ! atiode.exe is installed to C:\Windows\System32\DriverStore ! Blocking and\or deleting\quarantining it might cause your graphics software to malfunction.
If your AV makes any detection of AMD\ATI files investigate further - before permanently deleting the file(s) ! If you determine the files are safe, then add them to AV scan exclusions list. You might also consider submitting any detected files as false positives.
Last edited by a moderator:
