ClientSdkMDNSHost.exe detected as having a trojan

Kaspersky detecting a trojan…

C:\Program Files (x86)\Blizzard\StarCraft\x86_64\ClientSdkMDNSHost.exe

Trojan-Banker.Win32.CliptoShuffler.bqe

I just came in here to say I am seeing the same thing (i.e. same file and same Trojan detected).

Kaspersky Internet Security 21.2.16.590(b)
Windows 10 20H2 (19042.685).

File information:
Size: 595KB
Version: 1.0.0.1
Product Version: 379.38.1
Last Modified: 12-15-2020 at 21:30PST

Detection occurred 12-24-2020 at 11:45PST.

Out of interest, I restored the file the Trojan was detected in to a temporary folder (C:\Temp) and scanned it with the signatures released at 03:08PST today and it came back clean.

According to VirusTotal, Kaspersky and ZoneAlarm detect the file as Trojan-Banker.Win32.CliptoShuffler.bqe.

The file comes back completely clean on Jotti Malwarescan

The file appeared to have been restored by some means at 21:40PST on 12-24-2020 to C:\Program Files (x86)\StarCraft\x86_64 judging by the last modified timestamp. As far as I am able to determine the only difference between this file and the file originally detected is the last modified timestamp. The new file also came back clean when I scanned it. My impression thus far is that this was a false positive on the part of Kaspersky Lab that they have since corrected.

I also had the same issue this morning and trying to figure out what’s happening!

Howdy Neutroniks,

As Elk1212 explained, this would be a false positive so these warnings can be ignored.