are you sure it was scr and not src?

if it was src, it would make more sense that the panel came up. windows has no default program for that.

if it was scr, the panel can be "faked" to impose that you are safe. an scr is basicly an executable. it would be very unlikely that windows doesn't know what to do with it.

引用自 wuddih：

are you sure it was scr and not src?

if it was src, it would make more sense that the panel came up. windows has no default program for that.

if it was scr, the panel can be "faked" to impose that you are safe. an scr is basicly an executable. it would be very unlikely that windows doesn't know what to do with it.

Yes i am sure. I have the file listed on Chrome download list and it ends with ".scr"
full name is "pictures291.scr"

EDIT: I just found this topic about the exac named file on steam´s reddit https://www.reddit.com/r/Steam/comments/78r26u/watch_out_for_links_like_this_one_links_to_a/
It is a topic from a few hours ago

Old web-browsers get exploited into automatically running a .SCR virus, which then generates an EXE file and calls it via your Windows startup programs to run on following boots. Another trick it does would be to crash out the Steam Client and swap it's EXE file over so when restarted it shows a fake login prompt, this then grabs your password to send to a server online, melts and deletes it's own EXE (to hide it's detection) and swaps the original back to run as normal. The user is then probably none the wiser that their login just got stolen, till the malicious person uses it themselves.

Newer web-browsers won't be exploited and will give a 'save' prompt to be able to cancel.

So firstly keep your Operating System and Web-browser up-to-date. If you are using Win 10, then the Creators Fall Edition (latest) has exploit protection.

If you wish to double check to ensure you aren't infected, use something like SpyBot (free edition): https://www.safer-networking.org/

Just clean out your web-browser temporary internet files. Download and update the anti-malware scanner, then run a full scan. It will detect those type of infections.

Avoid rebooting the PC, rerunning Steam Client (specially if it faked a crash) or entering passwords into Steam Client login prompt, Email accounts, Social Networks, etc. Till deemed clean.

If you where prompted to re-enter your Steam login details, then check your Steam Guard, stay logged in, ensure of the clean, then change your steam password.

Well, it happened that to some of my friends, it says a message like "ahaha lol (the link to a false screenshot with a virus)", some of my friends clicked on it, and it downloaded something, when they realized it was a virus, and it somehow modified their steam to send that message to all of his friends and infect their steam. {链接已删除}http://prntscr.com/h23qoa < example of an infected friend.

Pd: sorry if there in some ortography or grammar error, I'm spanish.

SCR files are screensaves in Windows, but they're renamed executables. An old prank we used to play on each other at work was to rename sol.exe (Windows Solitare) to sol.scr and set it as the active screensaver. So every time the computer would have started the screensaver, it'd start a new game of solitare.

Yes, it's very likely to be a virus if you were not intending to download a screensaver.
http://filext.com/file-extension/SCR will give you more information about the other things it could be, but that's the most likely.

Good luck.

If you still have the link, don't click it, but feel free to add me and send it via PM.

I'm a security expert (it's my job), but as a hobby enjoy terminating phishing/malware hosting or at least blacklisting it.

SCR exploit is dated back since 2006. It was emailed to the US Government and even they got infected by it auto-running. You would think Microsoft would of fixed it by now...

引用自 ♥ TasteDa：

Well, it happened that to some of my friends, it says a message like "ahaha lol (the link to a false screenshot with a virus)", some of my friends clicked on it, and it downloaded something, when they realized it was a virus, and it somehow modified their steam to send that message to all of his friends and infect their steam. http://prntscr.com/h23qoa < example of an infected friend.

Pd: sorry if there in some ortography or grammar error, I'm spanish.

Gracias, yo tambien hablo español.
Es exactamente ese mismo mensaje! asi que debe ser el mismo archivo.
Tu amigo lo ejecuto? Yo como dije en el post descargue el archivo, pero cuando lo fui a ejecutar milagrosamente windows me mostro el panel para elejir con que aplicacion queria abrir el archivo.. y ahi cerre todo (Por lo tanto yo creo que realmente no se ejecuto en mi pc)
Calculo que si estuviera infectado estaria enviando ese mismo link a toda mi lista de amigos, pero eso no paso hasta ahora.. asi que calculo que no debo estar infectado pero quiero estar seguro.
Tu amigo pudo resolver el problema?

引用自 Azza ☠：

If you still have the link, don't click it, but feel free to add me and send it via PM.

I'm a security expert (it's my job), but as a hobby enjoy terminating phishing/malware hosting or at least blacklisting it.

Thank you so much for all your help.
Sadly i do not have the link anymore because it does not show on the chat, and also because i deleted all the history, temporal archives, cockies, etc con my web browser.
BUT i found a very recent post on reddit that talks about the same file https://www.reddit.com/r/Steam/comments/78r26u/watch_out_for_links_like_this_one_links_to_a/
It is exactly the same one, maybe there it is some information there that it is very important but since my english is not the best and i am novice in all of this pc stuff maybe i do not understand it.
Until now nothing is wrong in my acc

引用自 Dieguit0dm：

引用自 ♥ TasteDa：

Well, it happened that to some of my friends, it says a message like "ahaha lol (the link to a false screenshot with a virus)", some of my friends clicked on it, and it downloaded something, when they realized it was a virus, and it somehow modified their steam to send that message to all of his friends and infect their steam. {链接已删除}http://prntscr.com/h23qoa < example of an infected friend.

Pd: sorry if there in some ortography or grammar error, I'm spanish.

Gracias, yo tambien hablo español.
Es exactamente ese mismo mensaje! asi que debe ser el mismo archivo.
Tu amigo lo ejecuto? Yo como dije en el post descargue el archivo, pero cuando lo fui a ejecutar milagrosamente windows me mostro el panel para elejir con que aplicacion queria abrir el archivo.. y ahi cerre todo (Por lo tanto yo creo que realmente no se ejecuto en mi pc)
Calculo que si estuviera infectado estaria enviando ese mismo link a toda mi lista de amigos, pero eso no paso hasta ahora.. asi que calculo que no debo estar infectado pero quiero estar seguro.
Tu amigo pudo resolver el problema?

引用自 Azza ☠：

If you still have the link, don't click it, but feel free to add me and send it via PM.

I'm a security expert (it's my job), but as a hobby enjoy terminating phishing/malware hosting or at least blacklisting it.

Thank you so much for all your help.
Sadly i do not have the link anymore because it does not show on the chat, and also because i deleted all the history, temporal archives, cockies, etc con my web browser.
BUT i found a very recent post on reddit that talks about the same file http://steamcommunity.com/discussions/forum/1/1480982338943879647/?tscn=1508985460
It is exactly the same one, maybe there it is some information there that it is very important but since my english is not the best and i am novice in all of this pc stuff maybe i do not understand it.
Until now nothing is wrong in my acc

No, el no lo ejecuto, solo abrió el link pensando que era una imagen, se le descargo algo, y luego lo borro, sin ejecutar el programa, y empezó a mandarme esos mensajes sin el consentimiento de el, no le paso nada a su cuenta pero aun sigue con ese problema de enviar los mensajes, creo que por que tenia steam guard le salvo la cuenta.

引用自 ♥ TasteDa：

引用自 Dieguit0dm：

Gracias, yo tambien hablo español.
Es exactamente ese mismo mensaje! asi que debe ser el mismo archivo.
Tu amigo lo ejecuto? Yo como dije en el post descargue el archivo, pero cuando lo fui a ejecutar milagrosamente windows me mostro el panel para elejir con que aplicacion queria abrir el archivo.. y ahi cerre todo (Por lo tanto yo creo que realmente no se ejecuto en mi pc)
Calculo que si estuviera infectado estaria enviando ese mismo link a toda mi lista de amigos, pero eso no paso hasta ahora.. asi que calculo que no debo estar infectado pero quiero estar seguro.
Tu amigo pudo resolver el problema?




Thank you so much for all your help.
Sadly i do not have the link anymore because it does not show on the chat, and also because i deleted all the history, temporal archives, cockies, etc con my web browser.
BUT i found a very recent post on reddit that talks about the same file http://steamcommunity.com/discussions/forum/1/1480982338943879647/?tscn=1508985460
It is exactly the same one, maybe there it is some information there that it is very important but since my english is not the best and i am novice in all of this pc stuff maybe i do not understand it.
Until now nothing is wrong in my acc

No, el no lo ejecuto, solo abrió el link pensando que era una imagen, se le descargo algo, y luego lo borro, sin ejecutar el programa, y empezó a mandarme esos mensajes sin el consentimiento de el, no le paso nada a su cuenta pero aun sigue con ese problema de enviar los mensajes, creo que por que tenia steam guard le salvo la cuenta.

Uy no, entonces no hizo nada diferente a mi. Tenes idea si los mensajes los empezo a mandar automaticamente al instante que descargo el archivo? A mi todo esto me paso hace 4 horas y todavia nada

引用自 Dieguit0dm：

引用自 ♥ TasteDa：

No, el no lo ejecuto, solo abrió el link pensando que era una imagen, se le descargo algo, y luego lo borro, sin ejecutar el programa, y empezó a mandarme esos mensajes sin el consentimiento de el, no le paso nada a su cuenta pero aun sigue con ese problema de enviar los mensajes, creo que por que tenia steam guard le salvo la cuenta.

Uy no, entonces no hizo nada diferente a mi. Tenes idea si los mensajes los empezo a mandar automaticamente al instante que descargo el archivo? A mi todo esto me paso hace 4 horas y todavia nada

Empezó a enviar esos mensajes después de descargar el archivo.