Dismiss Notice

Don't forget to connect your Steam account to your forum profile. Click here to do this now or click your name in the right-top corner and choose 'External Accounts'.

New Steam Virus

Discussion in 'General Discussion' started by Vulcan, Nov 16, 2014.

  1. Vulcan

    Vulcan Game Server Moderator

    This morning I had a Steam message from hotchickenballs that said WTF and had a link to what looked like a comment posted to one of my screenshots. I clicked on the link and got a message from my Kaspersky that it was a bad link but I did not believe it and continued anyway. There was no link, instead it was a virus that immediately sent the same Steam message to everyone on my friends list that had Steam open. I immediately ran Hitman Pro 3 and it found a Trojan then my IOBit found a couple things related to my Borderlands 3 Gibbed Save Editor. Be aware of any Steam messages with links that say WTF or have screenshots in the link address.

    I am very sorry if I caused anybody any grief :(
     
  2. Adward

    Adward Game Server Moderator Staff Member

    It's all good man! Word went out pretty quickly not to click it, things happen. Just take more care in future bro!
     
  3. Stefeman

    Stefeman Head Administrator Staff Member

    It appears to save itself under C:\Windows\Temp as "set2A5.tmp.exe" for example with randomly generated name. At least in my case.

    Since i've blocked all actions in temporary & appdata/program data folders in group policies it never executed itself.

    Quite interesting virus though..

     
  4. Adward

    Adward Game Server Moderator Staff Member

    570 is the game ID for Dota 2 and 730 is the ID for Counter-Strike: Global Offensive, both of which carry HIGHLY expensive skins/in-game items.

    I'd imagine they've scalped a lot of accounts of anything of value so far. I didn't download it at all, as soon as the .scr extension turned up I nope'd out of there.

    Nice info though Stefe!
     
  5. Vulcan

    Vulcan Game Server Moderator

    So is it possible my Gibbed Save Editor had anything to do with this? The link I clicked on was from hotchickenball who I assume clicked on the same link from another friend. My email was recently hacked and is spamming out bullshit to my contacts.
     
  6. Guest

    Guest Guest

    I don't think so, unless you downloaded it from a dodgy place and not the original location of the creator.
     
  7. ChooChoo

    ChooChoo Head Administrator Staff Member

    Thanks for the warning. I never click on suspicious links. :)
     
  8. Stefeman

    Stefeman Head Administrator Staff Member

    [​IMG]

    Dat "ErrorDocument" though..
     
  9. Jost

    Jost Game Server Moderator

    There is another going around atm. message with censored link: Hi bro see this ahahhaha ****-screenshot.com/lolsmem.png
     
  10. Cocaine

    Cocaine Head Administrator

    1. Dont klick any Links, even it comes from a Friend ;)
    2. Use a limited Account to surf and play online, dont use the Admin Account
    3. Use Brain 3.0 ;)
     
  11. erik

    erik Senior Member

    I recently got a "your account is unable to use the community market" error lately. I just wanted to get rid of a strange low-dollar balance, and it won't even let me use steam wallet funds.

    Could it be related to this bullshit?
     
  12. Adward

    Adward Game Server Moderator Staff Member

    That message comes up either when:
    -a new device is authorised via steam guard (computer/phone/laptop)
    -you use new payment info (new card/bank/etc)
    -multiple fraud/account intrusion attempts (I think?)

    More info here: https://support.steampowered.com/kb_article.php?ref=1047-edfm-2932

    If you haven't done any of these recently you'll want to change passwords. Still, it isn't related! :)
     
  13. erik

    erik Senior Member

    god blessed, just when i remembered my password. prob someone trying to access my account cuz none of that other junk applies ughghghghghghghghghghghgh

    thanks for the reply
     

Share This Page