Have you used AVG and did a full computer scan? Any fishy software installed?

Originally posted by Ricardo Shillyshally:

https://support.steampowered.com/kb_article.php?ref=6057-YLBN-1660

already read this article but didnt work

Originally posted by Captain Price:

Have you used AVG and did a full computer scan? Any fishy software installed?

I did a full computer scan yesterday and I found one steam file that was fishy. I then removed that folder but it is still here

Originally posted by add -> bhudiismurf:

Originally posted by Captain Price:

Have you used AVG and did a full computer scan? Any fishy software installed?

I did a full computer scan yesterday and I found one steam file that was fishy. I then removed that folder but it is still here

I'd maybe do a fresh Windows install if there is no other solution by the end of the day.

Originally posted by Captain Price:

Originally posted by add -> bhudiismurf:

I did a full computer scan yesterday and I found one steam file that was fishy. I then removed that folder but it is still here

I'd maybe do a fresh Windows install if there is no other solution by the end of the day.

that would maybe be my last resort if nothing else works, don't want to get to that point though

try a program like malwarebytes it's MUCH better at finding malware and adware

Originally posted by Alexalmighty502 Sup Acc:

try a program like malwarebytes it's MUCH better at finding malware and adware

ok i'll give it a try!

Avoid downloading that anti-virus scanner suggested under the Javascript box. It will be a fake and cause actually more infection or demand for payments.

Reboot your PC into Safemode, as this will help prevent the adware from running while you clean.


DNS = Domain Name System. It's the web server which looks up that URL typed in your Address Bar and converts it to an IP Address. If it's been replaced, it means that URL can be redirected to a malicious IP Address instead of the real one.

Under your Control Panel > Network and Sharing Center > Click on your Connection (whatever it might be you use for the internet), listed under "Connections".

This will bring up a "Status", under activity click "Properties".

Find "Internet Protocol Version 4 (TCP /IPv4)" and click "Properties" on that selected.

You will find under this, "Obtain DNS server address automatically" and "Use the following DNS server addresses". If one is manually entered there, note it down and remove it.

If you wish to force a valid trusted DNS, you can manually set it to one, for example:

Perferred DNS server: 8.8.8.8
Alternate DNS server: 8.8.4.4

(Those are the Google DNS servers, trusted, secure and free to use - else you could find and use your ISP DNS servers or another open public DNS, so long you trust it and it performs fast, while being secure enough not to be spoofed)

Validate settings upon exit and "OK" back out.


Download and use the Free Edition of Spybot (or similar anti-malware):
https://www.safer-networking.org/mirrors/

Malwarebytes is another very good one, but Spybot specializes more in web-browser hi-jack cleaning and future prevention.

Note: Ensure when you go webpages, that it's valid and not changed/injected on you. Specially on downloads. Do NOT download the adware fake scanners. If you are concerned, download via another PC (not infected), then WRITE PROTECT it on a thumb stick or similar, to transfer over to the infected. If doing this, just ensure the virus can't jump onto the thumb stick and respread.

If using Spybot to clean, update it's definations first, then run a full scan, wait and show results. It will find a lot, even minor privacy risks and cookies. Look for the high threat levels and clean, or just clean all.

Afterwards optionally apply it's immunization tool. This will add a block list to your web-browser(s) of known adware/malware websites, helping prevent this issue occuring again in the future.

Under your web-browser(s): Remove all plugins/extentions, reset the browsers default settings and clear out all the cache / temporary internet files.

Reboot back to normal and recheck it's clean.

Originally posted by Azza ☠:

Avoid downloading that anti-virus scanner suggested under the Javascript box. It will be a fake and cause actually more infection or demand for payments.

Reboot your PC into Safemode, as this will help prevent the adware from running while you clean.

Ensure you DNS isn't spoofed.

DNS = Domain Name System. It's the web server which looks up that URL typed in your Address Bar and converts it to an IP Address. If it's been replaced, it means that URL can be redirected to a malicious IP Address instead of the real one.

Under your Control Panel > Network and Sharing Center > Click on your Connection (whatever it might be you use for the internet), listed under "Connections".

This will bring up a "Status", under activity click "Properties".

Find "Internet Protocol Version 4 (TCP /IPv4)" and click "Properties" on that selected.

You will find under this, "Obtain DNS server address automatically" and "Use the following DNS server addresses". If one is manually entered there, note it down and remove it.

If you wish to force a valid trusted DNS, you can manually set it to one, for example:

Perferred DNS server: 8.8.8.8
Alternate DNS server: 8.8.4.4

(Those are the Google DNS servers, trusted, secure and free to use - else you could find and use your ISP DNS servers or another open public DNS, so long you trust it and it performs fast, while being secure enough not to be spoofed)

Validate settings upon exit and "OK" back out.

Clean the web-browser hi-jacker

Download and use the Free Edition of Spybot (or similar anti-malware):
https://www.safer-networking.org/mirrors/

Malwarebytes is another very good one, but Spybot specializes more in web-browser hi-jack cleaning and future prevention.

Note: Ensure when you go webpages, that it's valid and not changed/injected on you. Specially on downloads. Do NOT download the adware fake scanners. If you are concerned, download via another PC (not infected), then WRITE PROTECT it on a thumb stick or similar, to transfer over to the infected. If doing this, just ensure the virus can't jump onto the thumb stick and respread.

If using Spybot to clean, update it's definations first, then run a full scan, wait and show results. It will find a lot, even minor privacy risks and cookies. Look for the high threat levels and clean, or just clean all.

Afterwards optionally apply it's immunization tool. This will add a block list to your web-browser(s) of known adware/malware websites, helping prevent this issue occuring again in the future.

Under your web-browser(s): Remove all plugins/extentions, reset the browsers default settings and clear out all the cache / temporary internet files.

Reboot back to normal and recheck it's clean.

those DNS server addresses are not valid??

Originally posted by add -> bhudiismurf:

Originally posted by Azza ☠:

Avoid downloading that anti-virus scanner suggested under the Javascript box. It will be a fake and cause actually more infection or demand for payments.

Reboot your PC into Safemode, as this will help prevent the adware from running while you clean.

Ensure you DNS isn't spoofed.

DNS = Domain Name System. It's the web server which looks up that URL typed in your Address Bar and converts it to an IP Address. If it's been replaced, it means that URL can be redirected to a malicious IP Address instead of the real one.

Under your Control Panel > Network and Sharing Center > Click on your Connection (whatever it might be you use for the internet), listed under "Connections".

This will bring up a "Status", under activity click "Properties".

Find "Internet Protocol Version 4 (TCP /IPv4)" and click "Properties" on that selected.

You will find under this, "Obtain DNS server address automatically" and "Use the following DNS server addresses". If one is manually entered there, note it down and remove it.

If you wish to force a valid trusted DNS, you can manually set it to one, for example:

Perferred DNS server: 8.8.8.8
Alternate DNS server: 8.8.4.4

(Those are the Google DNS servers, trusted, secure and free to use - else you could find and use your ISP DNS servers or another open public DNS, so long you trust it and it performs fast, while being secure enough not to be spoofed)

Validate settings upon exit and "OK" back out.

Clean the web-browser hi-jacker

Download and use the Free Edition of Spybot (or similar anti-malware):
https://www.safer-networking.org/mirrors/

Malwarebytes is another very good one, but Spybot specializes more in web-browser hi-jack cleaning and future prevention.

Note: Ensure when you go webpages, that it's valid and not changed/injected on you. Specially on downloads. Do NOT download the adware fake scanners. If you are concerned, download via another PC (not infected), then WRITE PROTECT it on a thumb stick or similar, to transfer over to the infected. If doing this, just ensure the virus can't jump onto the thumb stick and respread.

If using Spybot to clean, update it's definations first, then run a full scan, wait and show results. It will find a lot, even minor privacy risks and cookies. Look for the high threat levels and clean, or just clean all.

Afterwards optionally apply it's immunization tool. This will add a block list to your web-browser(s) of known adware/malware websites, helping prevent this issue occuring again in the future.

Under your web-browser(s): Remove all plugins/extentions, reset the browsers default settings and clear out all the cache / temporary internet files.

Reboot back to normal and recheck it's clean.

those DNS server addresses are not valid??

They are, google search "google dns settings" and Google itself will list them for you.

Each IP field can take up to 3 numbers: XXX.XXX.XXX.XXX

However it's only 1 number per field: XX8.XX8.XX8.XX8 (leave out the X as empty)

Are you using IPv4 or IPv6? Those are the IPv4 DNS servers.

Use opendns if you are experiencing issues with the google dns.
208.67.222.123
208.67.220.123

https://store.opendns.com/setup/#/familyshield

Originally posted by Azza ☠:

Originally posted by add -> bhudiismurf:

those DNS server addresses are not valid??

They are, google search "google dns settings" and Google itself will list them for you.

Each IP field can take up to 3 numbers: XXX.XXX.XXX.XXX

However it's only 1 number per field: XX8.XX8.XX8.XX8 (leave out the X as empty)

Are you using IPv4 or IPv6? Those are the IPv4 DNS servers.

im using IPv6

i dont need any of this dns stuff tho, i just need it off of my steam.

Just got this now when I have logged onto steam on my second account, it has opened a browser window outside of the game even before I have launched it and the JavaScript window has come up again???? FFS https://gyazo.com/8c62d61de1cb133994c7ca5c794ea228

Originally posted by add -> bhudiismurf:

Just got this now when I have logged onto steam on my second account, it has opened a browser window outside of the game even before I have launched it and the JavaScript window has come up again???? FFS https://gyazo.com/8c62d61de1cb133994c7ca5c794ea228

because your computer is infected youll see it everywhere