Windows Defender appears to no longer be detecting the problematic Twitch.tv file(s).
Everytime I go on Twitch, the Microsoft Defender finds a Malware in my Files.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
So, this started to happen to me around 8 hours ago.
Every time I go on Twitch.tv to watch some live streams, Microsoft Defender will find a Trojan:Script/Wacatac.B!ml malware in the cache files of the browser I used to watch. I've tried different ones like Firefox, Chrome and Edge, aswell. Each of them contained the same—supposedly malicious—data file.
I haven't noticed any other website causing this problem, especially no other VoD/LiveStream platform.
After the first Microsoft Defender warning I received, I uninstalled my main browser and deleted all data that was in reference to it to get a fresh install. But even after I did that—and in the meantime I did multiple antivirus scans, not only by Microsoft Defender but also other antivirus products to be sure that there was no harmful data left on my PC—the same warning pop-up would still continue to be shown. Every other troubleshooting step provided by Microsoft Support didn't help as well.
Does anyone have the same problem as I do? And if somebody knows how to fix it, I would really appreciate it.
I think this is a false alarm, but I'm not really sure.
Windows for home | Windows 10 | Security and privacy
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Answer accepted by question author
12 additional answers
Sort by: Most helpful
-
Anonymous
2024-12-13T01:41:29+00:00 Hey Zev!
Thank you for your reply. I already submited the file on the Microsoft Security Intelligence website.
As of the latest Microsoft Defender update I'm currently on, the scanner doesn't recognize the file as the Trojan:Script/Wacatac.B!ml malware anymore.
Instead, it shows the same generated file by using Twitch as a Trojan:Win32/Malgent.
So, the MS Defender still detects the – probably false positive – file as a threat, unfortunately, just as a different sort of malware problem.
I'm going to submit the same file again on the Security Intelligence Website to see if it works out differently.
Just wanted to update you on that.
Best regards
-
Anonymous
2024-12-12T05:59:48+00:00 Hi Schmede,
Thanks for your post in Microsoft Community.
In your description, you are getting some malware alerts in Windows Defender while watching videos in Twitch.
I noticed that you tried different browsers and different security software, so thank you for your attempts and efforts to confirm this, and I appreciate your concerns about the security of your computer at this time.
I understand your concerns about the security of your computer at the moment. There are many people clicking on the “Same problem occurred”, so it is likely that this problem is a false alarm from Windows Defender.
We believe that the Twitch streaming platform contains dynamically loaded content or plug-ins, which may have been added to the malicious file list by some users, and thus recognized as malicious files.
Different security software has different scanning mechanisms for malware and viruses, so some other security software may not find the same problem.
If other security software does not find the same problem, and at the same time, there are no other anomalies in your usage, then it most likely means that the alerts you are currently experiencing are false positives from Windows Defender.
You can submit a file for malware analysis to the Microsoft Malware Analysis Center at the following link
Submit a file for malware analysis - Microsoft Security Intelligence
The relevant staff will make some adjustments after confirming the false positives.
Thank you for your understanding and support.
Best regards,
Zev - MSFT | Microsoft Community Support Specialist
-
_AW_ 67,251 Reputation points Volunteer Moderator2024-12-15T05:16:01+00:00 FWIW, this is the js file as served up by Twitch -
https://k.twitchcdn dot net/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/p dot js
URL scan -
https://www.virustotal.com/gui/url/92bee4634cbf9b3cd692d91d629aac7573ea88b5508692e8e4c883d2088183ff
js file scan -
https://www.virustotal.com/gui/file/a98aa488694bffe0c928f33c35810ac825fe202c727928fef2ecbe9d704a78d6
-
_AW_ 67,251 Reputation points Volunteer Moderator
2024-12-14T04:58:23+00:00 This file is served up as soon as you land on Twitch,
Inside the detected GZip archive is a heavily obfuscated javascript file. It's highly unlikely that Windows Defender will change its stance on the detection of such a heavily obfuscated file.
The only short term fix is to avoid Twitch. The long term fix is for Twitch to stop serving the file.