StreamElements flagged as a trojan

2025-07-08T05:29:54Z

Hi there!

I just got a warning when trying to update Stream Elements about a trojan, I think it might be a false positive but wanted to double check.

Im currently on Windows 10, version 22h2.
With Kaspersky Security Cloud version 21.3.10.391

2025-07-08T07:04:00Z

Welcome to Kaspersky Community.

1st of all, I would update Your KSCloud 21.3, it's getting obsolete, current version is 21.21:

Your KSCloud license will activate the new Kaspersky Plus.

Where can I download that detected exe?

2025-07-08T08:51:28Z

Thanks for the info, I have already updated the version.

In regards of the exe, it is a plugin for OBS used for multistreaming, this specific exe is only used when updating the plugin, so my guess is that installing OBS and then the plugin should also install the update.exe?

2025-07-08T09:18:27Z

So, to get that exe I should OSB 🤔

2025-07-08T09:47:17Z

Yeah, that's how I got it, I dont think you can get it independently

2025-07-08T09:58:24Z

Ok, what version of OSB do You have installed?

2025-07-08T10:07:05Z

For OBS I have the 31.0.1, and for StreamElements I have the 25.6.19.485, they are both older versions since I had not opened it in a while, and updating them is what caused the alarm to pop up

2025-07-08T10:10:30Z

I've downloaded different installers of new OSB, but scanning them on demand, I can't get any detection:

2025-07-08T10:43:03Z

I have just installed OBS 31.0.4 + the same SE plugin version:

No detection 🤔

2025-07-08T12:08:55Z

@TakenCOmb Could you at least post (as a text) the detected file hash from the file anti-virus reports? Example:

Or maybe this file is in quarantine/in the folder (path see in the report)? If yes - you may analyse it here.

Edited yesterday at 12:31 PM by AlexeyK

2025-07-09T02:20:33Z

Hi there, sorry for the late response.

Evento: Se detectó un objeto malicioso
Componente: Prevención de intrusiones
Descripción del resultado: Detectado
Tipo: Troyano
Nombre: Trojan-Downloader.Win32.Tovkater.dsxp
Nivel de amenaza: Alta
Ruta del objeto: C:\Users\Dylan\AppData\Roaming\obs-studio\plugin_config\obs-streamelements
Nombre del objeto: obs-streamelements-update.exe

I also tried to update it today after having my Kaspersky version updated and I still get the same flag

Evento: Se detectó un objeto malicioso
Componente: Prevención de intrusiones
Descripción del resultado: Detectado
Tipo: Troyano
Nombre: Trojan-Downloader.Win32.Tovkater.dsxp
Nivel de amenaza: Alta
Ruta del objeto: C:\Users\Dylan\AppData\Roaming\obs-studio\plugin_config\obs-streamelements
Nombre del objeto: obs-streamelements-update.exe

Edited 12 hours ago by TakenCOmb

2025-07-09T05:11:05Z

4 hours ago, TakenCOmb said:

Hi there, sorry for the late response.

Hello @TakenCOmb,

Thank you for the information & screen-print!

OPEN the Report window as BIG as possible by selecting the tiny square in the top-right-hand-corner (A)
Select the Trojan alert (B)
In the lower-section of the Report window, on the right-hand-side, use the arrow to scroll to the bottom of the Trojan details (C)
Select & copy the MD5 information & post back please? (D)

Thank you🙏
Flood🐳+🐋

Edited 8 hours ago by Flood and Flood's wife
Added original image posted by TakenCOmb, 8th July 2025

2025-07-09T07:04:06Z

Hi there, here is the screenshot

Just realized the 2 screenshots look awful, no idea why, they are full screen, I will also send the text from there

Precisión: Exacta
Nivel de amenaza: Alta
Tipo de objeto: Archivo
Nombre del objeto: obs-streamelements-update.exe
Ruta del objeto: C:\Users\Dylan\AppData\Roaming\obs-studio\plugin_config\obs-streamelements
MD5 de un objeto: 6DED485D1954B9CA6C29F04507FDA7BD
Motivo: Bases de datos
Fecha de publicación de las bases de datos: 07/07/2025 08:28:00 p. m.

2025-07-09T07:08:34Z

https://opentip.kaspersky.com/6DED485D1954B9CA6C29F04507FDA7BD/results?tab=lookup

https://www.virustotal.com/gui/file-analysis/NmRlZDQ4NWQxOTU0YjljYTZjMjlmMDQ1MDdmZGE3YmQ6MTc1MjA0NDg5Mw==

Probably a false positive 🤔

2025-07-09T07:44:38Z

I tought so too, KS is preventing the download, is there a way to let it through?

2025-07-09T07:50:07Z

As I can't get that file as an update, try this:

If You have the file in Your K. Quarantine, You can disable protection temporally, Restore the file to its original source, compress it with password "infected" (without "), upload it to cloud service, and send me the link to download it.

2025-07-09T08:12:01Z

Hey there, unfortunately I can't do that, I did not quarantine the file and can no longer get it since I fixed the issue by uninstalling the old version and getting the new one, to be clear, this does not happen when downloading stream elements plugin, I was able to install the new version with no issues, this happened when I got a pop up for the update and clicked on 'update'. The stream elements update is what is getting flagged.

StreamElements flagged as a trojan

Recommended Posts

TakenCOmb

harlan4096

TakenCOmb

harlan4096

TakenCOmb

harlan4096

TakenCOmb

harlan4096

harlan4096

AlexeyK

TakenCOmb

Flood and Flood's wife

TakenCOmb

harlan4096

TakenCOmb

harlan4096

TakenCOmb

Please sign in to comment

Forum

Products

Support

Personal Account