Windows Defender notifications about Win32/Hive.ZY virus were false positives

Ashwin
Sep 6, 2022
Security
|
9

Many users have reported that Windows Defender had notified them about a Win32/Hive.ZY virus on their computer. Microsoft has confirmed that a bug was causing the issue, and has fixed it.

Windows Defender notifications about Win32 Hive.ZY virus were false positives
Windows Defender detects Win32/Hive.ZY virus on many computers

Yesterday, many Windows users woke up to a notification from Windows Defender, the default antivirus in the OS, had alerted them that it had detected a malware on their system. The virus was identified as Win32/Hive.ZY. Naturally, this caused panic among users who didn't know how their computer got infected, hundreds of them sought help via social networks and forums.

Windows Defender Win32 Hive.ZY false positive

Image courtesy: reddit

ADVERTISEMENT

This is what happened according to people who experienced the issue. Windows Defender displayed a notification which said that the threat had been removed from the device. Screenshots of the notification tell us that the malware was described as a dangerous program that executes commands from an attacker. Win32/Hive.ZY is listed on Microsoft Security Intelligence's threat database as a generic detection.

Windows Defender Win32 Hive.ZY

Even though the antivirus had quarantined the threat, the same notification would reappear after about a minute or two. These repeated notifications caused further confusion among users, who began to worry whether this was a severe infection like ransomware, and began scanning their computers using third-party tools such as Malwarebytes Anti-Malware.

Some users mentioned they had noticed that the problem seemed to have occurred only when they tried to run specific apps such as Chrome, Edge, Spotify, Discord, to name a few. Closing these apps caused the notifications to stop. So, why were these apps triggering the warning? Were they infected? No, they weren't. One thing that is worth noting is that these programs have something in common, they are all based on Chromium or Electron.

What caused the false-positive issue?

A moderator on Microsoft's Discord community has explained that the Win32/Hive.ZY false positive issue originated in the Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.373.1508.0). The virus definition update in question was rolled out to users yesterday, and a bug in the database was incorrectly flagging Chromium-based apps as malware.

The Redmond company has already issued a fix for the false positive detection, and has advised users to update to the latest definitions. Version: 1.373.1537.0 (and above) resolves this issue. You may install the definitions update from the Windows Security app's Virus & Threat Protection > Protection Updates screen. Chances are that your system might already have a newer version, in which case, it should have solved the issue.  The current version, at the time of writing this article, is 1.373.1567.0.

If your computer is still experiencing the issue, you can download the latest virus definitions directly from Microsoft's website, and install them manually. Here are the direct downloads for the offline installers:

  • 64-bit version: https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64
  • 32-bit version: https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86

Based on the comments on reddit, Twitter, and Microsoft forums, hundreds of users were affected by the bug. But, I didn't run into the issue on Windows 11 and 10, even when running Edge, Vivaldi, Bitwarden, etc.

Did Windows Defender flag the Win32/Hive.ZY malware on your computer?

Summary
Windows Defender notifications about Win32/Hive.ZY virus were false positives
Article Name
Windows Defender notifications about Win32/Hive.ZY virus were false positives
Description
Microsoft has confirmed that Windows Defender notifications about Win32/Hive.ZY virus were false positives.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. John G. said on September 6, 2022 at 11:37 am
    Reply

    There is no way to delete old defender history whatever the days you set in options. There is no option neither to delete them manually, even one by one or them all with one click. Nonsense. Thanks for the article! :]

  2. X said on September 6, 2022 at 2:08 pm
    Reply

    4 Ways to Clear the Microsoft Defender Protection History on Windows 10 & 11:
    https://www.makeuseof.com/windows-microsoft-defender-clear-history/

    1. John G. said on September 6, 2022 at 2:33 pm
      Reply

      +1 thanks for this useful information provided by you.

  3. Tachy said on September 6, 2022 at 3:18 pm
    Reply

    Yes I ran into the issue, a quick manual update fixed it.

    @John G.

    “Delete the folder “Service” C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service.

    The folder is a hidden system folder so copy and paste “C:\ProgramData\Microsoft\Windows Defender\Scans\History” into the file explorer bar and hit enter.

    After deleting the folder Service turn off Cloud protection and Real-Time protection (in that order) Then turn them back on in the reverse order.

  4. Anonymous said on September 6, 2022 at 10:21 pm
    Reply

    What I do on every one of my devices now. https://github.com/jbara2002/windows-defender-remover

  5. CalixtoWVR1 said on September 7, 2022 at 12:48 am
    Reply

    Yes, I noticed the issue just today when I checked “Protection history” in Windows security > Virus & threat protection as per the first screenshot in your article. Now, I am feeling less concerned about the whole shebang because of your article. Thanks, Martin!

  6. owl said on September 7, 2022 at 1:36 am
    Reply

    @CalixtoWVR1,
    > Thanks, Martin!

    Windows Defender notifications about Win32/Hive.ZY virus were false positives – gHacks Tech News
    https://www.ghacks.net/2022/09/06/microsoft-windows-defender-win32-hive-zy-virus-false-positives/
    Ashwin Sep 6, 2022

    Therefore,
    This article was written by Ashwin.

  7. Tony said on September 7, 2022 at 4:58 am
    Reply

    By definition Edge and Chrome are spyware and adware. I would say that it wasn’t a false positive.

  8. Allwynd said on September 7, 2022 at 10:31 am
    Reply

    Windows Defender is as bad and obtrusive as it’s ugly.

    Personally I use Avira Free, I’m not saying it’s doing a stellar job at catching threats, it also has a lot of false positives for launchers of Asian MMORPGs, especially ones from SEA (South-East Asia), but at least I get notified that something has been caught and then I can easily, with one click go and see what it is and decide if I want to restore it or delete it.

    With Windows Defender that doesn’t happen. I never get notified when files are deleted or put into quarantine, the first few times that happened when I began using Windows 10 or 11, I had no idea what was causing this, it was when I opened the Windows Defender UI and fiddled for 5+ minutes before I found out where it kept quarantined items that I was able to take some control back from it.

    Now I just use tools like BC Uninstaller (Bulk Crap Uninstaller) and others to uninstall all the bloat from Windows 11, like Edge, Cortana, Windows Defender and so forth and it’s so cute when there are no traces of it left or when Windows wants to install Defender updates and fails… xD

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.