Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
* Trading site
* Skin gambling site
* Free giveaway (games, skins, etc.)
* Someone asked you to "vote for me/my team"
* Someone asked you to join a team, with a team website.
* etc.
Or have you used your steam account on a internet cafe, computer club or any other computer you have no control over?
no i dint visited anything remotly like that
*i never used a trading site
*i never used any type of skin site
*i dont enter in give aways
*no one asked me to vote anywhere
*no , i dint join in any team website
and i never log into my steam acc in public or friends pc , and like i just formated my pc like 2 weeks ago and i formated my router as well at the same day, so i dont understand how did that happed . and like do you think i should change my passwords for other things like my emais and stuff ?
You account could’ve been shadow hijacked for ages without you knowing.
For example, a lot of “legit” sites advertised by popular YouTubers, Streamers and Influencers are total scams - those people knowingly take money from scammers who feed on their fan base.
Anyway, for now? Do the basics, change passwords, generate new 2FA backup codes, revoke all devices, virus scan and revoke any Steam API key.
You get hijacked by logging into their site and supplying your credentials. The “sign into steam” is not actually a redirect to the steam login page, so you sign in, and poof you gave them your credentials.
Whether they sit on it or not doesn’t matter. They could immediately get your account, load money and buy dirt cheap stuff for super high to their account, whatever.
Unless it is the steam main page, don’t enter your credentials anywhere.
If you email isn’t compromised, change password from a clean computer, generate new backup codes, make sure your MFA is up to date and avoid shady links.
Literally the only place you want to sign into steam is on steam. I get it, people want to sell their skins for liquid cash, but guess what, it isn’t worth it.
No, you don’t need to format it again.
MFA - Multi Factor Authentication (steam guard)
As for how, there are only a few ways I can think of that this occurred.
1 being they brute forced their way in. If they have your password somehow, via password cracker, it won’t do them any good without your guard code. Change pass, and you’re set. Though that would only happen if somehow you gave away your login id.
1 being you downloaded something, anything and you got a keylogger. Could be from a friend sending you a file, torrented game, suspicious executable or other file downloaded from a shady place. It’s not unheard of for servers to host malware. FiveM has a few of those servers, conan exiles has those servers. If you have malware bytes up on trial and load conan server browser, a few RTPs come back as Trojans, and their IPs are super high risk on IP lookups as they are known malshare ips.
1 being you got phished for your account somewhere along the lines and don’t remember it.
Anyway,
Change your password from a device that isn’t your pc if you can. Formatting a drive doesn’t always remove malware. I remember years ago I downloaded something and had no idea what I was doing with internet safety at like 10 years old. The PC got RAT’d. Formatted drive, and what do you know, it was still there. Had to trash the drive and get a new one.
So, if this happens again after the change from a clean device, your pc is still infected. If that is the case, I recommend the following courses of action.
1. Download RKill
https://www.bleepingcomputer.com/download/rkill/
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.
As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
RKill will show as a virus, have no fears, it will stop known malware processes.
2. Download SuperAntiSpyware
https://www.superantispyware.com/free-edition.html
And run a “Maximum Boost Rescue Scan” then “High Boost Critical Point Scan” then “High boost full system scan” and make sure any malware is done.
3. Download CCleaner
https://www.ccleaner.com/
And clean up your system a bit, not like it will find much, since you just did a reset. But good tool for removing trackers.
4. Ensure your Windows Security Updates are good and you have the latest KB
5. Download Malwarebytes
https://www.malwarebytes.com/
And get rid of avast.
Optional:
6. Use the MS Safety Scanner:
https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/safety-scanner-download?view=o365-worldwide
7. Get process explorer:
https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer
And familiarize yourself with what processes are running on your computer and regularly check them against Virustotal
Advanced:
8. Get autoruns
https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
And understand exactly what is launching on your computer behind the scenes when you boot.
Keep in mind, all of that is like, a bazooka to kill a fly. And that’s only if you think you’re still compromised and can only trace it back to the pc being infected. RKill and SAS if you are infected, should clear you safely if you are infected.
Even if it’s not, probably good to know how to use those.
I run a superantispyware run every day or every few days, look at autoruns every few days, and load process explorer when I login, after a few hours, and before I shut down, JUST TO CHECK. With process explorer, false flags do occur. Garboware across the globe picks it up. Give it a few hours if you see 1/70 on legitimate processes.
But all in all, changing password is the first step. If you change, enter it on your pc, and you still find these logon attempts, go step 1-5, and do 6 for your first time.
Past that, a healthy checkup on running processes, regular SAS and MBAM scans and you’re all set.
Edit: yea, change on phone is fine, make sure you do the proper steps to change password, login on pc with new pass and monitor. No more attempts, you’re safe. More attempts, run steps 1-7 and change password once you’re done, then you’re safe.
Forgot to mention this, surprised no one did.
Deauthorize all other devices https://store.steampowered.com/twofactor/manage
Generate new backup codes for your mobile app https://store.steampowered.com/twofactor/manage
Revoke the API key if you see any over there https://steamcommunity.com/dev/apikey