Win.32 Badur Trojan Malware in FiveM


As of yesterday my Virus scanner Kaspersky detected malware within my FiveM folders. The name was “Win.32 Badur” and was located in my FiveM directory. Kaspersky did not give me any other option then to delete FiveM completely. So I deleted, rebooted and reinstalled. This was all yesterday 11-8-2019.

Today, 12-08-2019, I played the entire day until about an hour ago I got the same Message. “Win.32 Badur Malware detected” and Deleted, rebooted and reinstalled again.

I am not sure whats causing it. I can’t imagine the file is in the FiveM download, but lets be sure about that. So my suspicion goes to downloading Server side files? I honestly don’t know, but would like to report it nonetheless.

If there is anything I can do on my end, please let me know.

Thank you for taking your time and keep up the amazing work FiveM!


its a false positive, simply add fivem to your exceptions.

1 Like

I and another member of my gaming clan had it popup also today in the same area. i had exceptions put in and my Kaperskies caught win32.Badur.trojan this afternoon. after doinf a full disinfection of my compute window popped up with multiple damaged area for repair
rojan . Badur is a nasty infection that could corrupt your Windows operating system without much effort at all. Also referred to as Trojan . Win32 . Badur .hbyw or … Do you know what Trojan.Badur is?

Trojan.Badur is a Trojan horse. It works by employing a Steam gaming platform bot that adds people as friends and sends a shortened link, which contains a malware program disguised as a screensaver file. When opened, it creates a backdoor that allows a malicious program to enter your system. It steals your Steam login data and takes over the account. If this situation feels familiar to you, we are here to explain how Trojan.Badur works and how to remove it.

Trojan.Badur infects your system when you accept a friend request from an unknown person. After you accept this bot as a friend, a chat pop-up immediately comes up. This “person” introduces himself as a real-life friend and gives you a link to a photo. Being wary of shortened links could literally save you a lot of trouble later on, because dealing with Steam customer support to restore any stolen items could take a long time.

When you click the shortened link, you are redirected to Google Drive, where the file, IMG_211102014_17274511.scr, is hosted. Since “&confirm=no_antivirus” is added to the Google Drive URL, you are presented with the option of running or saving the file on your computer immediately. If you click Run, the malware that hacks your Steam account will load. In this case, you should close your Steam client and remove Trojan.Badur together with any other malicious files immediately. Otherwise, if you choose to save the file on your computer, delete it along with Trojan.Badur immediately and scan your system with a malware removal program.