• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

NVCleanstall error plus Windows Defender trojan warning

S

sickhead racing

New Member
Joined
Oct 13, 2022
Messages
8 (0.01/day)
Hi, tried updating drivers to the latest driver and I'm getting this error and warning:

1679651013228.png


1679650856471.png


I guess the error appears because of Windows blocking stuff...is this a false positive?
 
sickhead racing said:
Hi, tried updating drivers to the latest driver and I'm getting this error and warning:

View attachment 289011

View attachment 289010

I guess the error appears because of Windows blocking stuff...is this a false positive?
Click to expand...

What version of Windows are you running? I used it just last week or so on my laptop with a Nvidia GeForce MX 150 2GB on Windows 11 Pro 22H2 without any problems.

I assume you also use the newest version of NVCleanInstall right?
 
I just had the exact same error, when trying to upgrade to the lastest nvidia driver on a RTX 2080Ti. Win 10 Pro 22H2 and NVcleanstall v1.15.1. I had to disable windows real time virusprotection to get it to work.
 
Exactly the same issue here. Windows 10 Home, latest NVCleanstall. Trying to update laptop 3060 drivers.
 
I also have this issue. Same file, Windows is flagging it as `Trojan:Script/Wacatac.H!ml`.

It would be great to get confirmation as to whether this is a false-positive, or if some malware has actually snuck itself inside NVCleanstall.
 
Same error here, running 22H2 22624.1470. Had NV installed for about 2 months prior to this update notification. Windows Defender blocked but was not providing me the same info as you when I went to check the block history.
 
i'm on holiday right now, so I can't double check.

the nvc files are actually zip files that contain the folders of the official nvidia installer separately, so you can download whats needed.

the files are generated by a script that downloads from nv, extracts, and repackages the folders, so i see no way how these got compromised
 
Selaya said:
false positive.
download the entire driver installation archive here and install from disk w/ nvcleaninstall and it won't error out
Click to expand...
good workaround until i have time to submit to microsoft so they confirm false positive
 
VinceV said:
As soon as I download "http://gpu.me/v1/files/531.41-deskt...national-dch-whql/.nvc/Display.Driver.nvz.001" using a browser, Defender quarantines it.

If I plug that URL into VirusTotal, no viruses are detected:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

Definitely seems like a Defender-specific false positive. I have submitted to MS for analysis.
Click to expand...

Hmm my the Security/Defender in my Windows 11 Pro 22H2 OS Build 22621.1413 doesn't find anything wrong with the file on the link it says clean....

Untitled-1.jpg
 
I just received notification from Microsoft that they've completed their analysis and removed the false positive. I updated my definitions to 1.385.1125.0 and everything seems to work fine now.
 
Thank you so much! Just back from holidays and wanted to work on it. Glad to see it's resolved
 
I also got an error when tried to install a packaged driver on a fresh windows 11 install, with defender interfering and saying it blocked a trojan horse...all things are up to date.
IMG_20240819_063906.jpg
 
AsadAlrafidain said:
I also got an error when tried to install a packaged driver on a fresh windows 11 install, with defender interfering and saying it blocked a trojan horse...all things are up to date.
View attachment 359640
Click to expand...

Just to confirm, you used NVCleanstall to create a driver package exe and named that NVIDIA.exe ? Any special settings? which driver version?
 
W1zzard said:
Just to confirm, you used NVCleanstall to create a driver package exe and named that NVIDIA.exe
Click to expand...
yes, that is correct.

used driver 536.67

as for nvcleanstall settings, the only uncommon settings that come to mind is assigned affinity to cores and enabled msi mode and accepting unsigned driver settings
 

Attachments

  • IMG_20240819_133017.jpg
    IMG_20240819_133017.jpg
    3.5 MB · Views: 72
  • IMG_20240819_133009.jpg
    IMG_20240819_133009.jpg
    3.2 MB · Views: 72
You must log in or register to reply here.
Back
Top