Trojan computer virus code, cyber security concept

Several Windows users have reported that Windows Defender has detected real Windows files as Trojan:Win32/Bluteal.B!rfn. Here’s how to fix the problem.

A flaw in Windows Defender is mistaking many users’ legitimate Windows files for trojans, according to a Wednesday report from Bleeping Computer.

A number of Windows users have come forward on online forums to report the issue. The program appears to have first begun detecting Trojan:Win32/Bluteal.B!rfn after May 18, according to a post on the Windows Defender Security Intelligence site.

« Windows Defender Antivirus detects and removes this threat, » the post says. « This threat can perform a number of actions of a malicious hacker’s choice on your PC. »

While no more detail is provided, users have noted that Windows Defender is now detecting files as Trojan:Win32/Bluteal.B!rfn. These files include CPU miners, which would be an appropriate threat to flag, but also real Windows files, which would not.

For example, one users posted in a Bleeping Computer forum this week that the program had begun detecting the legitimate file « C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C26a36d2b#\daf01e12fa59ed340363c44b7deff15e\ » as Trojan:Win32/Bluteal.B!rfn, with the recommended action « Remove threat now. »

The following legitimate files have also been flagged as the trojan, according to the report:

  • C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C26a36d2b#\daf01e12fa59ed340363c44b7deff15e\
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vde5ed89a#\457b4a4c20bed2246e03f1f9e5eaa1a5\
  • ArchieSteamFarm.dll
  • SPCB.exe (SharePoint Client Browser)
  • Oracle_VM_VirtualBox_Extension_Pack-5.2.12.vbox-extpack
  • AutoHotkey

Microsoft confirmed to Bleeping Computer that the detection was a false positive, and that it had already been addressed. It appears that the issue may have been resolved on Tuesday, with definition version, the report noted.

Users who are experiencing this problem should check for new updates for Windows Defender, and install them immediately, according to the report. To do so, users can go to Settings, click Update & Security, and then click Windows Update, and select Check for updates. If new Windows Defender definitions are available, they will be listed as « Definition Update for Windows Defender, » the report said.

This incident is a reminder to business users that even established software can contain flaws, and that keeping current with updates is key for security and operations.

The big takeaways for tech leaders:

  • A number of Windows users have reported that Windows Defender is detecting legitimate Windows files as trojans.
  • To fix the issue, users should check for new updates to Windows Defender and install them immediately.