Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Steam 'WTF DUDE?' .scr link - Have I been infected? Symptoms?


  • Please log in to reply
8 replies to this topic

#1 Yamatsukami

Yamatsukami

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 30 December 2014 - 10:25 PM

Just last night I received a message from a friend with the caption 'WTF DUDE?' and a link. Dumbly I opened it and chrome auto downloaded 'Image.scr'. I don't remember exactly whether or not I executed it but shortly after I found that my steam account had messaged everyone in my friends list the same message. I quickly located the file and deleted it, and emptied my bin, cleared all my cookies and history on my browser, etc. I then boot up my PC in safe mode, look for any of the listed .scr infections posted of the steam forums but found none. I can't completely recall anything strange going on either after that. I then restarted and scanned my computer with Malwarebytes, Superantispyware, and Avast. Only Supersantispyware found three threats which were cookies. It took action and still I can't completely seem to know whether or not i'm infected with the virus. Now I am here on this forum without experience in anything related to viruses, so I have no clue what i'm searching for. I'm dying to know, again, whether or not i'm infected.  :(

 

- Edit -

 

Any help would be much appreciated. Thank you. 

 

Windows 8.1 

 

Toshiba Satellite P755D


Edited by Yamatsukami, 30 December 2014 - 10:40 PM.


BC AdBot (Login to Remove)

 


m

#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 31 December 2014 - 01:03 AM

G'day Yamatsukami, and Welcome to BC

 

Read HERE...in Full

 

 

How to Watch Your Back so You Can Help Others Watch Theirs

  • Enable Steam Guard. Never disable it no matter what others say.
  • Use strong passwords with your Steam account. Never share it with anyone. Change it on a regular basis.
  • Make sure that the email tied to your Steam account has the two-factor authentication (2FA) feature enabled. Never share your password for it as well.
  • Familiarize yourself with terms related to Steam, such as SSFN, Steam Guard, and Steam Wallet, so that you know what they are, their purpose, and how they’re used.
  • Avoid clicking links sent over your way via Steam chat. If you can, take the time to verify them using free online tools at your disposal. Is the link shortened? Do what Joe did and use a site that reveals the true destination of the URL. Not familiar with the domain of the URL you received? Do a bit of research on it, or have a website scanner visit it first. VirusTotal and Sucuri Site Check are just some of the tools you can use for this.
  • In line with the point above, make sure to read correctly the Steam URL sent to you. The only acceptable ones should be store.steampowered.com and steamcommunity.com. This is very important, especially when you’re expected to log in to your account to do something with the page.
  • Resist the urge to add and accept every friend or group invite you receive. Having more Steam friends may be merrier, but being picky with who you befriend can also influence the amount of risk you may be exposing yourself to. From the number of posts I’ve seen online, it would seem that fraudsters, in general, tend to gravitate towards players who (1) frequently play popular multi-player games (TF2, CS, DOTA, etc.), (2) have a high Steam level, and (3) have hundreds of friends.
  • If you’re into trading, take the time to research about the items you have and their estimated value in the market.
  • Get to know and observe the players you add in your Friend’s list. Make your own rules on how you want other players to trade with you, and make this clear either in your profile or via Steam chat.

Mitigating Steps:

  • Go to Steam > Settings > Manage Steam Guard Account Security… and tick “Deauthorize all other computers now” to ensure that only your computer can access your account.
  • Change your Steam password in the event of an account hack.
  • Inform your friends about the hacking that happened to your account.
  • Submit a ticket to Steam Support to retell why and how you were scammed. Be honest and thorough if you can. There is no guarantee that they can help you with your case, however.

Valve, the company behind Steam, has yet to address majority of the threats on its gaming platform. While we wait, the community can only look after themselves and each other, helping as much as they can to keep everyone safe and the platform as threat-free as possible.


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT EXCLUSIVELY... NO DUAL BOOT, NO VIRTUAL MACHINE

 

 

 Failure is not an option. It comes bundled with your Microsoft product.

 

 

 


#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 31 December 2014 - 02:01 AM

Now that you have bleary eyes form reading and digesting all that....

 

Please download  MiniToolBox  to desktop to run it.
 Checkmark the following boxes:

    List content of Hosts
    Flush DNS
    Report IE Proxy Settings
    Reset IE Proxy Settings
    Report FF Proxy Settings
    Reset FF Proxy Settings
    List last 10 Event Viewer log
    List Installed Programs
    List Users, Partitions and Memory size

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)

 

 

 

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.


Please DO NOT reboot, until you Complete the NEXT STEP

 

 

Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

You may need to exit Malwarebytes if you have it installed on your PC.

 

 

 

 

Download  AdwCleaner  by Xplode and save to your Desktop.
    Double-click on AdwCleaner.exe to run the tool.
     (* Vista/Windows 7/8 users right-click and select Run As Administrator.)
    Click on the Scan button (only once)
    AdwCleaner will begin...be patient as the scan may take some time to complete.
    After the scan has finished, click on the Report button only once for accuracy.
    A report (AdwCleanerR0.txt) will open in Notepad for your review.
    Check the listed removals and see if you are OK with them.
    If you have questions, post the Report log back here.....if not, then please proceed to the next step

 Next

    Click on the Clean button only once for accuracy
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
    After rebooting, a log report (AdwCleanerS0].txt) will open automatically.
    Copy and Paste the contents of that log in your next reply.

Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.

If any of the other items prove to be wanted later, they can be reinstalled as original (see below)
- To restore an item that has been deleted  : Open the program again,
- Go to Tools (top left) > Quarantine Manager > check what you want restored > then click on Restore.

 

 

Run ESET Online Scanner.

  • For Internet Explorer users only, hold down Control  (Ctrl) and click on This Link to open ESET OnlineScan in a new window.
  • Click the ESET Online button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu. to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives Do Not Check Remove Threats"
  • Click Advanced settings and select the following:
    Scan potentially unwanted applications
     Scan for potentially unsafe applications
     Enable Anti-Stealth technology
  • ESET will then download
    updates for itself, install itself, and begin scanning your computer.
  • Please be patient as this will take some time (2 hours is not unusual for a first scan).
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT EXCLUSIVELY... NO DUAL BOOT, NO VIRTUAL MACHINE

 

 

 Failure is not an option. It comes bundled with your Microsoft product.

 

 

 


#4 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,695 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:07:28 PM

Posted 31 December 2014 - 03:29 AM


 

Just last night I received a message from a friend with the caption 'WTF DUDE?' and a link. Dumbly I opened it and chrome auto downloaded 'Image.scr'. I don't remember exactly whether or not I executed it but shortly after I found that my steam account had messaged everyone in my friends list the same

 

 

Hi condo.

And Hi :welcome:  to BC Yamatsukami

 

Sorry for jumping in here, I would like to draw your attention to this post.

Steam messages screen.scr VIRUS DO NOT OPEN THESE posted by  zingo156


http://www.bleepingcomputer.com/forums/t/556723/steam-messages-screenscr-virus-do-not-open-these/

 

Please note I am only pointing to a post that may be important to this thread.


Edited by NickAu, 31 December 2014 - 04:15 AM.


#5 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 31 December 2014 - 03:32 AM

Thanks for your input Nick, always appreciated. !


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT EXCLUSIVELY... NO DUAL BOOT, NO VIRTUAL MACHINE

 

 

 Failure is not an option. It comes bundled with your Microsoft product.

 

 

 


#6 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,695 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:07:28 PM

Posted 31 December 2014 - 03:35 AM

You are welcome.

 

Maybe Yamatsukami would be so kind as to upload the file to virustotal and post the results. Scan

 

Happy new Year to both of you.

 

Nick.

 

DO NOT OPEN IT


Edited by NickAu, 31 December 2014 - 03:39 AM.


#7 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 31 December 2014 - 03:59 AM

From his opening statement..." . I don't remember exactly whether or not I executed it but....."....sometime later tonight may well tell the tale !


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT EXCLUSIVELY... NO DUAL BOOT, NO VIRTUAL MACHINE

 

 

 Failure is not an option. It comes bundled with your Microsoft product.

 

 

 


#8 zingo156

zingo156

  • BC Advisor
  • 3,333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 AM

Posted 31 December 2014 - 08:54 AM

FYI: The op was for certain infected if his steam messaged his friends: "I don't remember exactly whether or not I executed it but shortly after I found that my steam account had messaged everyone in my friends list the same message.

 

Definitely follow instructions posted above for scanning this computer.


Edited by zingo156, 31 December 2014 - 11:44 AM.

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:28 AM

Posted 31 December 2014 - 11:21 AM

Please run the tools listed in Post 3....
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users