u/raynethedark

Hello everyone. So I just found out about the Cemu malware this morning and after reading several articles (including the Cemu page) and doing some further research I don’t understand a few things.

I have Cemu installed through retroarch and emudeck on my steam deck running SteamOS. I don’t actively use the retroarch install. I did updated Cemu through EmuDeck on the 13th as I was unaware of the malware issue. When I checked today the appimage showed the non compromised sha256sum but I do believe I had previously updated Cemu on the 8th during the infection period but have no way of verifying what the file sha256sum was for that time period.

I have already wiped SteamOS and installed a fresh version via a usb. I also changed my steam password.

I still have a questions regarding my device security.

1. is completely wiping the os and doing a fresh install via usb enough?

2. I haven’t opened Cemu (no Wii games) but I am pretty sure I ran Emulation Station on the gaming side of Steam during the infection period. I didn’t open any games, just flipped through the screen and menus to show my hubby. Does that count as opening Cemu? I ask because on the steam deck desktop when you go into Dolphin and look at last accessed for the appimage it shows that I’ve accessed Cemu today even though I haven’t opened it. I only opened EmuDeck which ran an automatic update. Does anyone know why this is showing like that? Does this count as running Cemu as well or do you have to actually open the application for the malware to run? I’m not sure what kind of activity counts toward the accessed tab in Dolphin but from my limited testing it seems updating it counts.

3. Do I need to also change my WiFi passwords?

4. If I had a password manager installed via a Firefox plugin (like bitwarden for example) but did not open the extension during the infection period would my account be compromised? (I don’t understand how browsers extension data is stored so I don’t know if that a possible area of attack for this malware).

5. Is it possible my dygma keyboard was infected while being connected since it has onboard memory?

6. Is reformatting my SD card enough or do I need to do anything additional?

7. Is it possible for the steam controller puck to have gotten the malware while pushing the firmware update?

Thank you and sorry for the novel.

Sorry I am using EmuDeck on my steam deck and I just found out about this and have unfortunately updated EmuDeck in the last few days and I don’t remember if I also updated EmuDeck during the infection period (I stupidly update it pretty regularly). As such I have a few questions:

1. Is there a way to see the last few times Cemu was updated?
2. I haven’t opened Cemu but I I think I ran Emulation Station on the gaming side of Steam but I didn’t open any games, just flipped through the screen and menus to show my hubby. Does that count as opening Cemu?
3. On the steam deck when you go into Dolphin and look at last accessed it shows that I’ve accessed Cemu today even though I haven’t opened it, only EmuDeck. Does anyone know why this is showing like that? Also does this count as running Cemu as well or do you have to actually open the application?

Thanks everyone!

Edit: do I need to also change my WiFi passwords or just my steam account?

Is anyone else having a hard time getting the razor clams during this event? The whole event I’ve only had one spawn and my helper hasn’t gotten any either :/