Left 4 Dead 2

Left 4 Dead 2

1,019 ratings
New Steam Virus Going Around
By Clawzz
There's a new virus going around Steam. If you don't know about it I'd suggest you read this.
   
Award
Favorite
Favorited
Unfavorite
The Basics.
What is it?

Essentially it edits things, creates a new file, installs a rootkit and connects to: "u.kanobu.ru". I dont know at which port, but they aren't hosting a website. Though, there is a webserver running.
The installed file then monitors two buttons (VK_LBUTTON and VK_CONTROL), probably left mouse button and ctrl.
Here[anubis.iseclab.org] is a report that shows everything within it's files/ what it changes and adds.

Why?

Most likely to take items from your inventory and just in general ♥♥♥♥ with your account.

How do I get it?

You'll get a message from a friend saying something like "Lol dude check this drop out [Link]" Or something like "Hahaha check out this screenshot [Link]"
Here's an example from one of my friends -Now blocked-


How to avoid?

Do not click the link. If it's a close friend, show them this guide or warn them.

What can i do if i got the link?

Change passwords, run a full virus scan (I prefer AVG), Email Steam Support.

Can I help other people avoid it?
Yep. Pretty easy to do it too.

How do I do it?

Tell your friend. Make them aware of the problem. Send them this guide. Anything like that will help.

Can we stop it?

Maybe. But in the meantime we can slow it down.

What to do with this guide

Thumbs up.
Let your friends know.
Put it on your favorite guide.
Place it as anouncement.

Make people aware in any way.
[EDITED, NEW] Stuff I could find within this virus.
Alright, After days of digging around I found a server that all this links back to. The host seems to be Kanobu.ru, which is a gaming news type of website. The creators are most likely using that site as a file host for it.
As for the IP that uploaded the files, it's located in an Amsterdan, Netherlands neighborhood.
The IP that I've traced is 91.220.133.1, Go ahead and check these things out yourself.

Also, When you click on a type of the links, it'll ask to install something from what I know.
It'll say it's a .scr file, but it's really a .exe file. If you happen to get it downloaded, don't run it. If you do, Read what to do it this guide. If you got in downloaded but didn't run it, I would still deauthorize Steam from other PCs, change you password, and run a virus scan just to be safe. (Again, I use AVG, Seems to work the best for free.)
Outro
This guide isn't for personal gain or anything like that. I just want to help people avoid this.

[NEW] Sorry, I honestly can't keep up with all the questions. This guide gets around 50 new comments per day and figuring out answer to them takes up alot of time. I'll still help if you PM me, but questions that you put in the comments most likely won't be answered

Try to show as much people you can of this guide, it'll do good.

If you're wondering about why there are so many tags, it's to try to get as many people aware of this.

EDIT Due to this guide becoming as popular as it is, ONLY ADD ME BECAUSE OF THIS GUIDE IF IT'S AN IMPORTANT QUESTION Otherwise, I opened my profile's comment section to public, so put your thanks etc. in there. :P

278 Comments
Filliam Apr 4, 2022 @ 8:38pm 
It's such an outdated guide though. You'd benefit from making a new one.
Clawzz  [author] Apr 4, 2022 @ 8:16pm 
what a weird thing to ask.
no.
Filliam Apr 4, 2022 @ 6:27pm 
Would you delete this guide?
Filliam May 25, 2021 @ 10:36pm 
Will you ever delete this guide?
Clawzz  [author] Aug 12, 2017 @ 3:47pm 
@T↑tanu§
get avira, i use it and its gr8. uses barely any pc and keeps ya pc safe
T↑†αñü§ Aug 11, 2017 @ 11:51pm 
well I don't know but whenever my com starts to lag I normally download avg and scan then delete it because I don't really think avg is that kind to help u clean your com for free but yea avg works also create back ups often because if avg cannot clear it a reset would be prefered I've factory reset my com 3 times alr ;-;
Baznoc™ Dec 29, 2014 @ 7:12pm 
Awesome guide, don't get click happy!:sm:
phucnum Dec 2, 2014 @ 8:44am 
Hello guys I hate to invade on this thread but if anyone could go here and report this guy for scamming it would be much appreciated. He scammed my knife and he deserves to be trade banned.
https://steamcommunity.com/id/andyp504
TanookiSuit3 Dec 1, 2014 @ 8:54am 
@Deanzynut
You should probably not click that, it looks like an IP Grabber website.
DEAN (NOT SELLING ANYITHNG) Nov 28, 2014 @ 10:05pm 
Not the image link the image that is in the link