Jump to content

Steamconnuity virus spreading!

Erik4boss
By Erik4boss
in Off Topic
 Share
Posted

Ok, I just put up a trade on csgolounge and a guy added me on steam saying this

 

ROX: hi

my friend want to trade with you
but he can't add you i don't know why :|
try you please to add him
steamconnnunity.com/id/VivianWei/
Cashcapacity.com: oh shit
Cashcapacity.com: virus
Cashcapacity.com: oh no
Cashcapacity.com: fuck
 

I went to the website, it looked just like steam, so I downloaded their file called steam_guard.exe and started it (not as administrator yet anyway) and then I went back to the site and noticed that the download was from an russian download page. I went fuck, fuck, fuck. 

 

Now, hope malwarebytes and AVG notices it, otherwise I'm screwed. (running CCleaner too).

 

So guys, make sure to not get fooled by this you too. Good I just backup-ed all my important stuff.

 

Taskmanager: Does anything look wierd here?

ywEhvTk.png

"If violence does not work, try more violence"

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Well shiz, thanks for the heads up.

 

In Russia Virus creates man.

Le Bastardo+ 

i7 4770k + OCUK Fathom HW labs Black Ice 240 rad + Mayhem's Gigachew orange + 16GB Avexir Core Orange 2133 + Gigachew GA-Z87X-OC + 2x Gigachew WF 780Ti SLi + SoundBlaster Z + 1TB Crucial M550 + 2TB Seagate Barracude 7200rpm + LG BDR/DVDR + Superflower Leadex 1KW Platinum + NZXT Switch 810 Gun Metal + Dell U2713H + Logitech G602 + Ducky DK-9008 Shine 3 MX Brown

Red Alert

FX 8320 AMD = Noctua NHU12P = 8GB Avexir Blitz 2000 = ASUS M5A99X EVO R2.0 = Sapphire Radeon R9 290 TRI-X = 1TB Hitachi Deskstar & 500GB Hitachi Deskstar = Samsung DVDR/CDR = SuperFlower Golden Green HX 550W 80 Plus Gold = Xigmatek Utguard = AOC 22" LED 1920x1080 = Logitech G110 = SteelSeries Sensei RAW
Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Nobody here is that stupid (at least I hope not)

Steam Guard is not an application, it is password verification.

 

The golden rule is ALWAYS CHECK URLS

 

Valve's domains are steampowered.com/steamcommunity.com all others are fraudulent.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

guys, check yo' url's.

"Probably Because I'm A Dangerous Sociopath With A Long History Of Violence"
 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted (edited)
  • Author

Nobody here is that stupid (at least I hope not)

 

Steam Guard is not an application, it is password verification.

I know it is not an application, but when the website says I'm on a new computer (which often happens on the real website too) and they are temp using an application I got fooled.

 

 

Your profile pic fits this well.

indeed.
Edited by Erik4boss

"If violence does not work, try more violence"

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Live and learn

 

 

Want some advice? Never accept a request from someone you haven't talked to via some forum or played with. If you accept random requests you might as well just post your account info on reddit because it won't be your account for long.

 

Want to be sure you got rid of anything you downloaded? Get Revo Uninstaller and to a full uninstall of Steam and all related files, then change your password for steam to something complicated.

-The Bellerophon- Obsidian 550D-i5-3570k@4.5Ghz -Asus Sabertooth Z77-16GB Corsair Dominator Platinum 1866Mhz-x2 EVGA GTX 760 Dual FTW 4GB-Creative Sound Blaster XF-i Titanium-OCZ Vertex Plus 120GB-Seagate Barracuda 2TB- https://linustechtips.com/main/topic/60154-the-not-really-a-build-log-build-log/ Twofold http://linustechtips.com/main/topic/121043-twofold-a-dual-itx-system/ How great is EVGA? http://linustechtips.com/main/topic/110662-evga-how-great-are-they/#entry1478299

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Nobody here is that stupid (at least I hope not)

Steam Guard is not an application, it is password verification.

 

The golden rule is ALWAYS CHECK URLS

 

Valve's domain is steampowered.com all others are fraudulent.

You edited that, and yes people here are that stupid. The fact that this thread exists is proof enough.

-The Bellerophon- Obsidian 550D-i5-3570k@4.5Ghz -Asus Sabertooth Z77-16GB Corsair Dominator Platinum 1866Mhz-x2 EVGA GTX 760 Dual FTW 4GB-Creative Sound Blaster XF-i Titanium-OCZ Vertex Plus 120GB-Seagate Barracuda 2TB- https://linustechtips.com/main/topic/60154-the-not-really-a-build-log-build-log/ Twofold http://linustechtips.com/main/topic/121043-twofold-a-dual-itx-system/ How great is EVGA? http://linustechtips.com/main/topic/110662-evga-how-great-are-they/#entry1478299

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Live and learn

 

 

Want some advice? Never accept a request from someone you haven't talked to via some forum or played with. If you accept random requests you might as well just post your account info on reddit because it won't be your account for long.

 

Want to be sure you got rid of anything you downloaded? Get Revo Uninstaller and to a full uninstall of Steam and all related files, then change your password for steam to something complicated.

 

dat ass

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Nobody here is that stupid (at least I hope not)

Steam Guard is not an application, it is password verification.

 

The golden rule is ALWAYS CHECK URLS

 

Valve's domain is steampowered.com all others are fraudulent.

nah, pretty sure it is http://steamcommunity.com/

"If violence does not work, try more violence"

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

You edited that, and yes people here are that stupid. The fact that this thread exists is proof enough.

 

I edit all the time, yeah I edited it.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

If it was through steam it should have said that you're leaving steam and going to a non-steam site. Surely that should have ticked that something was up with the link?

Aragorn (WS): 250D | 6800k | 840 Pro 512GB | Intel 530 480GB  | Asus X99-M WS | 64GB DDR4 | Corsair HX720i | GTX 1070 | Corsair H115i | Philips BDM4350UC 43" 3840x2160 IPS

Gimli (server):  Node 304 | G4560 | ADATA XPG SX8000 128GB | 2x 5TB WD Red | ASROCK H270M-ITX/AC  | 8GB DDR4 | Seasonic 400FL

 Omega (server):                 Fractal Arc Mini R2 | i3 4130 | 500GB Maxtor | 2TB WD Red : Raid 1 | 3TB Seagate Barracuda | 16GB RAM | Seasonic G-450w
Alpha (WS): 900D | 4770k | GTX 780  | 840 Pro 512GB  | GA-Z87X-OC | Corsair RM 850 | 24GB 2400mhz | Samsung S27B970D 2560x1440

                              ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

nah, pretty sure it is http://steamcommunity.com/

 

I'm the moron now lol yeah you're right I'm just so used to threads where people have been visiting a fake store that I autospam the store URL.

 

My apologies, I edited my post.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Best way to remain safe is not have account stuff open with Windows.

 

Start up stuff....

 

Also get used to the URL that the real damn thing belongs to, keep up to date with Malwarebytes and your chosen AV if you use one.

Le Bastardo+ 

i7 4770k + OCUK Fathom HW labs Black Ice 240 rad + Mayhem's Gigachew orange + 16GB Avexir Core Orange 2133 + Gigachew GA-Z87X-OC + 2x Gigachew WF 780Ti SLi + SoundBlaster Z + 1TB Crucial M550 + 2TB Seagate Barracude 7200rpm + LG BDR/DVDR + Superflower Leadex 1KW Platinum + NZXT Switch 810 Gun Metal + Dell U2713H + Logitech G602 + Ducky DK-9008 Shine 3 MX Brown

Red Alert

FX 8320 AMD = Noctua NHU12P = 8GB Avexir Blitz 2000 = ASUS M5A99X EVO R2.0 = Sapphire Radeon R9 290 TRI-X = 1TB Hitachi Deskstar & 500GB Hitachi Deskstar = Samsung DVDR/CDR = SuperFlower Golden Green HX 550W 80 Plus Gold = Xigmatek Utguard = AOC 22" LED 1920x1080 = Logitech G110 = SteelSeries Sensei RAW
Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Best way to remain safe is not have account stuff open with Windows.

 

Start up stuff....

 

Also get used to the URL that the real damn thing belongs to, keep up to date with Malwarebytes and your chosen AV if you use one.

I always have AVG and Malwarebytes on so I'm pretty dissapointed realizing that this virus is FUD, I'll upload it to virustotal for results

 

https://www.virustotal.com/en/file/a3a82c45ff962d5eb79c61f1471bc3becff73504c54cc1c114a9e2a35497e9b0/analysis/

 

Shit, I gotta get Kaspersky

"If violence does not work, try more violence"

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Its most likely just phishing so it will ask you to log in rather than being a rat or keylogger

5820k@3.8GHz| Corsair H100i |Gigabyte x99 SLI | Corsair 16GB | EVGA 780Ti SC ACX SLI x2 |240GB SSD120GB SSD 512GB SSD 2TB HDD | 3x ASUS VN247H 24" ( nVidia Surround)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Its most likely just phishing so it will ask you to log in rather than being a rat or keylogger

I'm expecting the worse, hooked up my laptop to change my passwords. I'm not stupid just because I did a stupid thing, hope my forum admin account is not hacked!

"If violence does not work, try more violence"

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Nobody here is that stupid (at least I hope not)

Steam Guard is not an application, it is password verification.

 

The golden rule is ALWAYS CHECK URLS

 

Valve's domains are steampowered.com/steamcommunity.com all others are fraudulent.

also every real valve or steam site had the Valveidentity badge in font of the url in the url bar

[spoiler=My Beast Rig Damocles]Case: Coolermaster Storm Stryker Motherboard: Asus x79 deluxe CPU: Intel I7 4960x @3.6GHz (soon to be oc) RAM: Kingston HyperX 64GB @2400MHz GPU: Nvidia Geforce GTX 770 (Gigabyte) @4GB PSU: Corsair RM1000 Fully modular CPUCooler: Corsair H100i Watercooling Storage: Seagate 2TB SV35.6 SATA 6GB/s 7200RPM 64MB 3.5"   x2  Sound: Creative Soundblaster ZxR sound card

This is my old pc which I am reamending to be a media server or a nas. Motherboard: Generic fujitsu CPU: Intel pentium G640 @2.8 GHz RAM: 4GB generic fujitsu memory PSU:  CPUCooler: Stock intel cpu cooler Storage:  Fujitsu MHZ2120BH @120GB, Soon to have a HDD for more storage. 

_ASSASSIN_ Jerakl 
 
Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

oh my god lol dude

Took a look deeper, turns out some shit went to new Zealand. 

Looking at you mister Ninja jk.

"If violence does not work, try more violence"

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

anyone remember the aim virus that would send a link to a "photo" that was a virus that would send out links to the "photo" to everyone on the buddy list lol

Keyboard build log
Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

anyone remember the aim virus that would send a link to a "photo" that was a virus that would send out links to the "photo" to everyone on the buddy list lol

on skype, "I saw a really nice picture of you on the internet, see it here (download link)" or something like that.

"If violence does not work, try more violence"

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I know that some people use Cyrillic letters in URLs to fool people into thinking that it's the real website. This isn't the case here though.

CPU: i7 2600 @ 4.2GHz  COOLING: NZXT Kraken X31 RAM: 4x2GB Corsair XMS3 @ 1600MHz MOBO: Gigabyte Z68-UD3-XP GPU: XFX R9 280X Double Dissipation SSD #1: 120GB OCZ Vertex 2  SSD #2: 240GB Corsair Force 3 HDD #1: 1TB Seagate Barracuda 7200RPM PSU: Silverstone Strider Plus 600W CASE: NZXT H230
CPU: Intel Core 2 Quad Q9550 @ 2.83GHz COOLING: Cooler Master Eclipse RAM: 4x1GB Corsair XMS2 @ 800MHz MOBO: XFX nForce 780i 3-Way SLi GPU: 2x ASUS GTX 560 DirectCU in SLi HDD #1: 1TB Seagate Barracuda 7200RPM PSU: TBA CASE: Antec 300
Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I always have AVG and Malwarebytes on so I'm pretty dissapointed realizing that this virus is FUD, I'll upload it to virustotal for results

 

https://www.virustotal.com/en/file/a3a82c45ff962d5eb79c61f1471bc3becff73504c54cc1c114a9e2a35497e9b0/analysis/

 

Shit, I gotta get Kaspersky

AVG sucks balls, avast all the way.

Spoiler

CPU: R5 1600 @ 4.2 GHz; GPU: Asus STRIX & Gigabyte g1 GTX 1070 SLI; RAM: 16 GB Corsair vengeance 3200 MHz ; Mobo: Asrock Taichi x470; SSD: 512 gb Samsung 950 Pro Storage: 5x Seagate 2TB drives; 1x 2TB WD PurplePSU: 700 Watt Huntkey; Peripherals: Acer S277HK 4K Monitor; Logitech G502 gaming mouse; Corsair K95 Mechanical keyboard; 5.1 Logitech x530 sound system

 01000010 01101001 01101110 01100001 01110010 01111001 00100000 01100100 01101111 01100101 01110011 01101110 00100111 01110100 00100000 01101101 01100001 01101011 01100101 00100000 01111001 01101111 01110101 00100000 01110000 01110010 01101111 00101110

 

 

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Off Topic

×