กระดานสนทนาทั้งหมด > ฟอรัม Steam > Help and Tips > รายละเอียดกระทู้
Autumn405 9 พ.ย. 2016 @ 4: 48pm
Virus haunting Steam, I might just cry
Hey.
BEWARE! It's gonna be long. You're dealing with a shaky hormonal woman right here. :steamsad:

I have two machines:
1. One kinda-old PC, recently formatted with a brand new Windows 10. Has newest ESET antivirus running and Malwarebytes installed as well.
2. My dearest Lenovo laptop. Has Bitdefender and Malwarebytes always running, both premium. Also running Windows 10.


Anyway, during the past week on the old renewed pc, I downloaded some torrents while having active adblock and said antivirus active. Yet some ad popups showed up, meh but no big deal.
Today I entered steam first time in about 6 months or so (been abroad) on said PC. At first Steam seemed to be updating itself which was weird at first because it's a newly installed Steam. Meh. Logging in.
Then. an ad on the bottom-right side of steam popped up, using the steam-web-thingy. Long story short, gazillion antimalware scans later and registry restoration and the apparent Trojan still offers me Russian girls (I'm a straight female, TRY HARDER, H4X0RS!).
I thought I might format the poor PC once again, just to stay clean, and for now return to my beloved lappy.
I logged in.
BOOM
Russian girls, AliAxpress and whatnot ads. I DON'T KNOW how the virus moved there. I used Google Drive to move some files between computers and that was it. Thing is, on both computers Steam seemed to be updating itself right before the heartbreak. I don't see anything related to those ads anywhere else.
I know Steam is protected and encrypted on some level, but it's just so weird. I don't know what to think, really.

I got so freaked out for my lappy so I uninstalled Steam (I don't care for them save files, ugh), put on safe mode and scanned with Malwarebytes and CCleaner. Too scared to reinstall Steam for anytimes soon.

Only evindence of an actual virus I could find was on the old pc, it was a bunch of files and reg keys using the title KMS-R@1n.exe . I realized it was running in the background and tried to eliminate every trace and file related to it but it was just too easy with all the files carrying the same name so it can't be just it.

Crazy thing is how it moved to my laptop?! Could it really be something to do with Steam update launcher? I know it's not possible because then we'd see more complaints. So maybe it has to do something with my own account?
Have I ever sinned?


Will appreciate any help. A bit panicking but I'll hold it.

I didn't proof read what I wrote so I hope it's clear enough. If not, please say so.
I wanna know if anyone ever had this and if there's a solution or a way to avoid it in the future. This is the first time I have to handle a virus in the past decade, so please no lecturing about safe browsing.


Thanks in advance.
แก้ไขล่าสุดโดย Autumn405; 9 พ.ย. 2016 @ 5: 15pm
< >
กำลังแสดง 1-15 จาก 31 ความเห็น
Satoru 9 พ.ย. 2016 @ 5: 00pm 
You have malware on your system. It is injecting into the steam browser.

Steam is not the issue. The malware ist he problem

CLean the malware from your system. Run a full virus scan and use something like MalwareBytes to clean your system too.
#1
Autumn405 9 พ.ย. 2016 @ 5: 03pm 
I appreciate your copy paste but I have used Malwarebytes, AdwCleaner, Hitmanpro, ESET Nod and CCleaner.
I never blamed Steam for this but the ads aren't showing up anywhere else but on Steam so I thought someone else might have come across this and could help.
#2
Spambot71 (main character) 9 พ.ย. 2016 @ 5: 04pm 
you need to boot in safe mode, clear steams cache completely, then run the antimalware there. it cant clean it when its in active memory.
#3
xxkain13xx 9 พ.ย. 2016 @ 5: 52pm 
i dowloaded a game and i think thats were same type of virus came from
#4
Satoru 9 พ.ย. 2016 @ 5: 53pm 
โพสต์ดั้งเดิมโดย Autumn:
I appreciate your copy paste but I have used Malwarebytes, AdwCleaner, Hitmanpro, ESET Nod and CCleaner.
I never blamed Steam for this but the ads aren't showing up anywhere else but on Steam so I thought someone else might have come across this and could help.

Again the ads are injected into Steam via the malware. Steam does not have ads. An external program is injecting them. Note a clean scan merely indicates 'I couldnt find it' not 'the machine is clean'

Another possiblity is your DNS settings are corrupted which is injectgint the ads into the browser via a DNS hijack

Otherwise you'll likely have to reformat your entire machine to ensure the infection is clean
แก้ไขล่าสุดโดย Satoru; 9 พ.ย. 2016 @ 5: 57pm
#5
xxkain13xx 9 พ.ย. 2016 @ 6: 05pm 
tried to cantact steam but thats a pain in the butt
#6
Satoru 9 พ.ย. 2016 @ 8: 46pm 
โพสต์ดั้งเดิมโดย xxkain13xx:
tried to cantact steam but thats a pain in the butt

The virus did not come from steam. it is pointless ot contact them because of an issue on your end
#7
BoogieMan_83 9 พ.ย. 2016 @ 9: 26pm 
โพสต์ดั้งเดิมโดย Satoru:
You have malware on your system. It is injecting into the steam browser.

Steam is not the issue. The malware ist he problem

CLean the malware from your system. Run a full virus scan and use something like MalwareBytes to clean your system too.
Yes, Malwarebytes is very good! Use it free, and as a secondary program! I use malwarebytes and AVG Antivirus. I also use Iolo system Mechanic Pro, But I think Sys. Mech. sets off GTA5 and labels you as a cheater. Not sure yet, but Like me, I have been banned. I recently installed AVG Antivirus and found several threats on my computer. Next time I play GTA5 online , I will disable System Mech. Pro..before I play!
#8
Muppet among Puppets 9 พ.ย. 2016 @ 10: 03pm 
โพสต์ดั้งเดิมโดย Autumn:
Bitdefender and Malwarebytes always running, both premium
Even IF two scanners would increase detection significantly,
which you know now doesnt prevent things anyway,
running 2 guards at the same time is the last you should do.

Simple: If you need 2 scanners, you need 3.
#9
Astraea Kisaragi 9 พ.ย. 2016 @ 10: 09pm 
Running those scammers via safe mode also increases detection.
#10
Seven7 9 พ.ย. 2016 @ 10: 44pm 
Russian anti-virus and anti-virus experts remove Russian adware better, then other
use http://virusinfo.info/content.php?r=171-Instructions-for-treatment
avz, adwarecleaner, uvs & an AV-expert is more than enough for remove any threat.
You don't need any AV Monsters at all.
btw, lenovo laptops shipped with pre-installed rootkits and adware, that protected from threatment with McAfee AV Have nice day! Muahaha! :steammocking:

P.S.: KMS-R@1n.exe is KMS-activator, OP used pirated Windows:steamfacepalm:
antivirus and safe mode will not help there... it's started as boot-kit, and safemode not work correct on cracked systems with KMS...
แก้ไขล่าสุดโดย Seven7; 9 พ.ย. 2016 @ 10: 49pm
#11
Xitreon 10 พ.ย. 2016 @ 12: 52am 
Also, check all your web browsers network options, some viruses tend to set up proxies that your browsing traffic is then ported through which is needless to say not good.

These you unfortunately have to remove manually as mbam and other scanners do not look for proxies on browsers. It's not that it's hard, it's actually quite easy but it is important if you value your privacy
#12
Autumn405 10 พ.ย. 2016 @ 3: 45am 
โพสต์ดั้งเดิมโดย Seven7:
Russian anti-virus and anti-virus experts remove Russian adware better, then other
use http://virusinfo.info/content.php?r=171-Instructions-for-treatment
avz, adwarecleaner, uvs & an AV-expert is more than enough for remove any threat.
You don't need any AV Monsters at all.
btw, lenovo laptops shipped with pre-installed rootkits and adware, that protected from threatment with McAfee AV Have nice day! Muahaha! :steammocking:

P.S.: KMS-R@1n.exe is KMS-activator, OP used pirated Windows:steamfacepalm:
antivirus and safe mode will not help there... it's started as boot-kit, and safemode not work correct on cracked systems with KMS...

um yeah the PC is indeed running fake Windows but lappy has an original installation that came with it. I managed to get safe mode on both computers and ran full scans with every software that I have.

Still no good for the PC.
On the Lappy I'm too scared to reinstall Steam because for now out of sight out of mind until I'm done expirementing on my PC how to get rid of this.
#13
ReBoot 10 พ.ย. 2016 @ 3: 54am 
Have you deleted Steams web cache?
#14
Seven7 10 พ.ย. 2016 @ 3: 56am 
again, KMS-R@1n.exe is child process of KMS-activator, that boot and run before OS core, you can't cure pirated OS, it not work or broken system completely if using standart methods
buy Windows or install Linux. No other ways.

start cure from resetting router, and disconnecting PC with pirated OS from it
reset Lenovo to manufacturer state, uninstall crapware & rootkits, update, install apps

themselves are stealing software, but blame around treacherous Russian hackers and Lord Gaben, Putin's agent :steamfacepalm::cfacepalm:
แก้ไขล่าสุดโดย Seven7; 10 พ.ย. 2016 @ 3: 58am
#15
< >
กำลังแสดง 1-15 จาก 31 ความเห็น
ต่อหน้า: 1530 50

กระดานสนทนาทั้งหมด > ฟอรัม Steam > Help and Tips > รายละเอียดกระทู้
วันที่โพสต์: 9 พ.ย. 2016 @ 4: 48pm
โพสต์: 31
เริ่มกระดานสนทนาใหม่

กฎและแนวทางปฏิบัติในกระดานสนทนา