Windows Defender notifications about Win32/Hive.ZY virus were false positives
Many users have reported that Windows Defender had notified them about a Win32/Hive.ZY virus on their computer. Microsoft has confirmed that a bug was causing the issue, and has fixed it.
Windows Defender detects Win32/Hive.ZY virus on many computers
Yesterday, many Windows users woke up to a notification from Windows Defender, the default antivirus in the OS, had alerted them that it had detected a malware on their system. The virus was identified as Win32/Hive.ZY. Naturally, this caused panic among users who didn't know how their computer got infected, hundreds of them sought help via social networks and forums.
Image courtesy: reddit
This is what happened according to people who experienced the issue. Windows Defender displayed a notification which said that the threat had been removed from the device. Screenshots of the notification tell us that the malware was described as a dangerous program that executes commands from an attacker. Win32/Hive.ZY is listed on Microsoft Security Intelligence's threat database as a generic detection.
Even though the antivirus had quarantined the threat, the same notification would reappear after about a minute or two. These repeated notifications caused further confusion among users, who began to worry whether this was a severe infection like ransomware, and began scanning their computers using third-party tools such as Malwarebytes Anti-Malware.
Some users mentioned they had noticed that the problem seemed to have occurred only when they tried to run specific apps such as Chrome, Edge, Spotify, Discord, to name a few. Closing these apps caused the notifications to stop. So, why were these apps triggering the warning? Were they infected? No, they weren't. One thing that is worth noting is that these programs have something in common, they are all based on Chromium or Electron.
What caused the false-positive issue?
A moderator on Microsoft's Discord community has explained that the Win32/Hive.ZY false positive issue originated in the Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.373.1508.0). The virus definition update in question was rolled out to users yesterday, and a bug in the database was incorrectly flagging Chromium-based apps as malware.
The Redmond company has already issued a fix for the false positive detection, and has advised users to update to the latest definitions. Version: 1.373.1537.0 (and above) resolves this issue. You may install the definitions update from the Windows Security app's Virus & Threat Protection > Protection Updates screen. Chances are that your system might already have a newer version, in which case, it should have solved the issue. The current version, at the time of writing this article, is 1.373.1567.0.
If your computer is still experiencing the issue, you can download the latest virus definitions directly from Microsoft's website, and install them manually. Here are the direct downloads for the offline installers:
- 64-bit version: https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64
- 32-bit version: https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86
Based on the comments on reddit, Twitter, and Microsoft forums, hundreds of users were affected by the bug. But, I didn't run into the issue on Windows 11 and 10, even when running Edge, Vivaldi, Bitwarden, etc.
Did Windows Defender flag the Win32/Hive.ZY malware on your computer?Advertisement