To anyone that happened to run the exe -file; The trojan in it gets rooted onto the discord.exe and startup. Deleting discord, running Kaspersky and Malwarebytes followed by RKill will do it. Takes awhile, but I promise it will do the trick. No need to reinstall whole windows etc. I noticed none of these programs did it alone, however I ran Kaspersky last on my 4hr initial trial and that seemed to do the trick, by finding the trojan, which kept popping 2 more trojans on each startup. So Malwarebytes and RKill together didn't do the trick, they rather dealt with the aftermath, while the Kaspersky dealt with the root issue.

Ideally something like this;
1) Remove Discord
2) Run Kaspersky Virus Removal Tool and let it do it's thing
3) Boot in safe-mode and run Malwarebytes and RKill
4) Enjoy your Trojan-free computer and feel free to install Discord again.

Crypt.Trojan.MSIL.DDS x2 was the issue, which kept reappearing after each boot, while the Kaspersky found the initial problem, which I can't get to pop in my head rn.

The actual blackhat part of it in it was so heavily rooted onto the Discord folder and process itself, that after awhile of digging I noticed it wasn't really fond of anything else. What it did however is charge my linked Paypal account through Discord and gifted couple of nitros to who knows who. Somebody may have already posted solutions for this trojan(s), which turned out to be one of the harder ones I've had to remove since early 00s, but I ain't going through 16 pages of this.

If anyone needs help, feel free to pop me a message. :)

Publicado originalmente por GunsForBucks:

What I find confusing here is the OP states its fine but people here are saying it's gone.

So obviously Munin isn't Munin?... yeah that other guy must be a hacker too if he vouched for him.

I mean if they can't change the OP something is seriously wrong. Wonder if their bank accounts got hacked...

It's because the OP kept getting updated after the comments were made.

The Discord was gone but now it's back.

I was tricked into running the EXE (came from a gamedev friend, and I also checked the EXE in Windows Defender first and it said no issues, ugh). However, I did not have Discord installed on this PC, was only accessing Discord via website in Chrome.

Am I still hosed if Discord wasn't installed on the computer? How should I react? Already ran several virus scans but nothing was located, and have not had my Discord account hacked.

The only safe response to running known malware is restoring your OS from backup / clean reinstall. Virii love to install other virii.

Never noticed anything, i am glad i found this sticky and that everything is fine again.

Is anyone else having trouble with the discord invite not working? I've been trying to get back in for a few days now but it keeps saying "unable to accept invite".

Publicado originalmente por Dr.Filzball:

Is anyone else having trouble with the discord invite not working? I've been trying to get back in for a few days now but it keeps saying "unable to accept invite". :VGRUMPY:

Means you were probably banned during the hack or something

What is Discord? My Valheim game on steam is showing 5.6K download/update @ 12:41am EST. Any relation to all this?

Publicado originalmente por jackblaster:

What is Discord? My Valheim game on steam is showing 5.6K download/update @ 12:41am EST. Any relation to all this?

Are you living under a rock or something? How do you not know what discord is? Especially when you use steam/a gamer.

Publicado originalmente por DamnTyranny:

I was tricked into running the EXE (came from a gamedev friend, and I also checked the EXE in Windows Defender first and it said no issues, ugh). However, I did not have Discord installed on this PC, was only accessing Discord via website in Chrome.

Am I still hosed if Discord wasn't installed on the computer? How should I react? Already ran several virus scans but nothing was located, and have not had my Discord account hacked.

You are not safe friend, you're waiting too long.
That ♥♥♥♥ is running through your processes.

SCORCHED EARTH, backup your sensitive data only and NUKE your drives: most importantly, find a safe device to CHANGE all your passwords from and check your activity log on any account potentially hacked, that virus steals passwords, cookies, browsing data, everything.

This is the right thing to do when you're not completely sure.
Would you rather live with the doubt that thing keeps fetching your data and passwords, lurking in the shadow of your rig?

DO NOT go for a Windows Recovery Tool restore as it won't solve a thing, you have to fresh reinstall fro ma USB drive using Media Creation Tool. Make sure to download it from a safe PC.

Publicado originalmente por Bibberbang🛸:

To anyone that happened to run the exe -file; The trojan in it gets rooted onto the discord.exe and startup. Deleting discord, running Kaspersky and Malwarebytes followed by RKill will do it. Takes awhile, but I promise it will do the trick. No need to reinstall whole windows etc. I noticed none of these programs did it alone, however I ran Kaspersky last on my 4hr initial trial and that seemed to do the trick, by finding the trojan, which kept popping 2 more trojans on each startup. So Malwarebytes and RKill together didn't do the trick, they rather dealt with the aftermath, while the Kaspersky dealt with the root issue.

Ideally something like this;
1) Remove Discord
2) Run Kaspersky Virus Removal Tool and let it do it's thing
3) Boot in safe-mode and run Malwarebytes and RKill
4) Enjoy your Trojan-free computer and feel free to install Discord again.

Crypt.Trojan.MSIL.DDS x2 was the issue, which kept reappearing after each boot, while the Kaspersky found the initial problem, which I can't get to pop in my head rn.

The actual blackhat part of it in it was so heavily rooted onto the Discord folder and process itself, that after awhile of digging I noticed it wasn't really fond of anything else. What it did however is charge my linked Paypal account through Discord and gifted couple of nitros to who knows who. Somebody may have already posted solutions for this trojan(s), which turned out to be one of the harder ones I've had to remove since early 00s, but I ain't going through 16 pages of this.

If anyone needs help, feel free to pop me a message. :)

Can you 100% confirm that this works and there are no leftovers?
Cause the way the Virus was analyzed and the properties have some people theorize it can even nest and hybernate on periphereals and hardware's firmware.

Before nuking my drives, I noticed the major spotlight culprits in the Task Manager's processes: WindowsBootManager.exe and other 3-4 parasites running along. Former had a mini-pc icon, the latters had this blue dot icon with tiny white motives inside.

Do you confirm those are gone from your process tab?

Publicado originalmente por TheTimelessOne26:

Publicado originalmente por jackblaster:

What is Discord? My Valheim game on steam is showing 5.6K download/update @ 12:41am EST. Any relation to all this?

Are you living under a rock or something? How do you not know what discord is? Especially when you use steam/a gamer.

We're *you* born knowing that? What about just explaining instead of being a duck about it?

About Discord: https://en.m.wikipedia.org/wiki/Discord

Publicado originalmente por TheTimelessOne26:

Publicado originalmente por jackblaster:

What is Discord? My Valheim game on steam is showing 5.6K download/update @ 12:41am EST. Any relation to all this?

Are you living under a rock or something? How do you not know what discord is? Especially when you use steam/a gamer.

I mean of heard of it, somewhere, but I do not think I've never needed it to play any games. I do live on top of a rock. Now and again I will come down\ and download a few games to bide my time. Bottom line, this did not effect people that just play the game, correct?

As far as we know, this only affected those who had joined Valheim's Discord server and that also downloaded the malicious fake game posting and ran it (.exe). If you were not on Valheim's Discord server, then you should not be affected by this. The Valheim game on Steam itself is safe (as far as we know).

Discord is a program separate from Steam that people use to communicate (text and voice) and share content with other people while they play games, do work, and other stuff online. It is not needed to play games on Steam or Valheim, but many people use it.

Steam is pretty active in checking to ensure no games that it has up have malware or viruses of any kind, and I assume whatever safety checks they perform is done for every new version of a game that is uploaded, so even if they had somehow gotten the devs Steam account and uploaded a hacked version, it likely would have been caught.