What's new
By:
Filters
Roleplay UK

Join the UK's biggest roleplay community on FiveM and experience endless new roleplay opportunities!

Downloaded a Virus

Haywire

Haywire

Escaped Convict
Location
England
Hi..

So I entered a raffle on CSGO Prizes a few days ago and today I got added by a bot called CsgoPrizes telling me I had won the knife. It wanted me to click a link to get a code which seemed very fishy and after much hesitation I finally clicked on it. It downloaded something to my computer. Usually i'm way more careful but this was a sudden burst of stupidity.

Anyway, I instantly used my antivirus (bitdefender) to file shred the program and I made sure that it was completely removed from my PC. I then ran a full system scan which claimed that my PC was clean and I am in the process of changing my passwords. 

That being said, whilst playing Lords of the Fallen the game crashed and I was unable to close it down. This hasn't happened before so I had to force close my system and i'm now nervous about logging back into my steam.

So, does anyone know what I should do and if I should worry? Am I okay to log into steam? Thanks

 
I've been hit with a virus before, Like you, not thinking clearly, downloading something.  I logged into steam after I crashed and bam, a couple of days later got locked out of my account and lost all skins, luckily steam support got my stuff back within a couple of months.  

Before you login steam on the potentially infected machine, I'd run another scan and maybe try a few different antivirus scans, I've heard good things about malwarebytes.

If you want to be 100% sure, format all drives and reinstall windows.  

And if you are still worried about steam account, jump on another computer/ask someone you trust to let you login and change your password on their computer. If you're really worried about your steam account until you can get your password changed safely, you can lock your account manually. https://support.steampowered.com/kb_article.php?ref=6416-FHVM-3982

 
ojbristow said:
I've been hit with a virus before, Like you, not thinking clearly, downloading something.  I logged into steam after I crashed and bam, a couple of days later got locked out of my account and lost all skins, luckily steam support got my stuff back within a couple of months.  

Before you login steam on the potentially infected machine, I'd run another scan and maybe try a few different antivirus scans, I've heard good things about malwarebytes.

If you want to be 100% sure, format all drives and reinstall windows.  

And if you are still worried about steam account, jump on another computer/ask someone you trust to let you login and change your password on their computer. If you're really worried about your steam account until you can get your password changed safely, you can lock your account manually. https://support.steampowered.com/kb_article.php?ref=6416-FHVM-3982
Click to expand...
Thanks for the reply, I am running a scan with malware bites atm. 
What did you do after you downloaded the virus? Did you delete it or did you not know that had downloaded it? Thanks again

 
Haywire said:
Thanks for the reply, I am running a scan with malware bites atm. 
What did you do after you downloaded the virus? Did you delete it or did you not know that had downloaded it? Thanks again
Click to expand...
So, once I downloaded and ran the file, I got an error message (Can't remember what exactly it said - something about steam), pc froze up and started running slow.  Quickly unplugged all internet connections and rebooted, ran Malwarebytes (I didn't have any Antivirus installed - would never guess I'm an IT Tech xD).  

Everything seemed fine so logged into steam and checked everything and all seemed fine.   A day or two later I got an email saying a couple of items have been put up on the market for such a low price (RIP howl and knife xD) Quickly logged in at work to remove the listings and wanted to change my password, but you can't on the webbrowser and couldn't really install steam there.  By then, I got another email saying my Email Preferences have been changed and then couldn't access my account.  

I guess if I was more careful straight after (eg, reinstalled windows/more testing) I would probably have been fine.  

 
ojbristow said:
So, once I downloaded and ran the file, I got an error message (Can't remember what exactly it said - something about steam), pc froze up and started running slow.  Quickly unplugged all internet connections and rebooted, ran Malwarebytes (I didn't have any Antivirus installed - would never guess I'm an IT Tech xD).  

Everything seemed fine so logged into steam and checked everything and all seemed fine.   A day or two later I got an email saying a couple of items have been put up on the market for such a low price (RIP howl and knife xD) Quickly logged in at work to remove the listings and wanted to change my password, but you can't on the webbrowser and couldn't really install steam there.  By then, I got another email saying my Email Preferences have been changed and then couldn't access my account.  

I guess if I was more careful straight after (eg, reinstalled windows/more testing) I would probably have been fine.  
Click to expand...
Yeah..that sucks ;_;

I never actually ran the file that I downloaded because I saw it was a threat the moment it downloaded. Maybe that will work in my favour and neither my malware bites or antivirus is showing any flags but I will take some extra precautions just in case.

And hey, maybe this annoying mobile steam guard will actually come in handy now? xD 

 
Haywire said:
Yeah..that sucks ;_;

I never actually ran the file that I downloaded because I saw it was a threat the moment it downloaded. Maybe that will work in my favour and neither my malware bites or antivirus is showing any flags but I will take some extra precautions just in case.

And hey, maybe this annoying mobile steam guard will actually come in handy now? xD 
Click to expand...
Yea, you should be ok if you only downloaded it, just keep a very close eye on your PC and all online accounts over the next few days to be sure. 

And yes, hopefully steam will do something useful for once with their steam guard app :D

And btw, good luck if you ever need to contact steam support. I sent them a ticket on October 19th 2015 and I got a reply yesterday, January 18th 2016...

I know if it took me that long at work to even reply once to a ticket, I'd be packing my bags looking for a new job xD

 
Lel, such scrub <3

On a serious note... if you need any help with scans / manual checks send a message ;)

- Marc

 
Definitely run Spybot after getting your machine running with Mbam.

Run the scanners on full scans (individually) again and again, until you get a clean sweep X2 in a row. If you have one that won't go put the details up here and we can have a hunt round for removal tools.

 
lionel said:
Definitely run Spybot after getting your machine running with Mbam.

Run the scanners on full scans (individually) again and again, until you get a clean sweep X2 in a row. If you have one that won't go put the details up here and we can have a hunt round for removal tools.
Click to expand...
I have run multiple scans through bitdefender, malware bites and spybot and none of them have shown any flags. I also have bitdefender running on it's highest security settings to prevent keyloggers and other malicious attempts on my computer along with malware bites realtime.

I think due to the fact I never run the .exe and shredded it the moment I downloaded it kept me safe but i'll continue running on high alert for the next few weeks to be sure :D
Thanks a lot for all the help !

 
We all do silly things. User in work downloaded Cryptolocker and encrypted not just their machine, but a WHOLE fileserver. 

As the others said, so long as you didnt run the app you should hopefully be alright. You could always look in taskmgr/msconfig as well for any weird looking processes like ksdhgkdrhg43t.exe or something like that.

 
Zeito said:
We all do silly things. User in work downloaded Cryptolocker and encrypted not just their machine, but a WHOLE fileserver. 
Click to expand...
My sister did that LAWL !!! was funny, but not my problem because I don't work there

 
Last edited by a moderator:
Depending on how the malware works, no anti-malware may be able to detect it if running as a live machine. I recommend restarting the computer into safe mode and running the scan there. Malwarebytes is what I would recommend.

As a means of protecting your accounts, use 2 factor authentication and set it up while in safe mode. Safe mode will only allow whitelisted apps on startup so as long as you don't trigger the malware to start it should be safe(r). 2FA basically instead of just a username and password, you need another means of authentication which is on another device, making it exponentially harder to actually login to an account as it requires more compromises:

https://support.steampowered.com/kb_article.php?ref=4440-RTUI-9218

Once 2FA is setup, require it every time and never tick the box about trusting a device, as they could use your own machine in the background to do it so it should be required for every login.

Another recommendation for this is using a good password manager. I prefer to use LastPass as it offers a lot of custom options like 2FA and geo restrictions on login, as well as blocking Tor logins. LastPass can generate a unique and long password for each individual site you use and thus in the event of one site being compromised, the rest should be ok.

Other general advice is enable SmartScreen and UAC - yes they can seem pointless (and they aren't the most effective solutions), but they might offer a final line of defense when all else fails. If you want to crack it up a notch, use your computer only as a regular user and have a separate account for admin privileges, this again makes it harder for malware to take deep root.

Ping me if you need any more help :)

 
@Vaffla all good advice especially safe mode as scanners can be locked out of processes although this is only apparent in heavy duty bugs, not the script kiddie crap, probably should of included that though, Many thanks !!!!

but ....

I disagree about LastPass, for example https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

This is scary reading, especially considering for the entire post they understandably downplay the issue as much as possible !!!

 
Last edited by a moderator:
@lionelYeah the LastPass breach is in of itself would be something to panic about, but again it relies on a few assumptions. The breach didn't leak the actual password containers, just the login hashes of a few accounts. LastPass stores their passes using PBKDF2-SHA256 rounds, 5000 on the server and a customisable amount on the user side, plus per-user salts, making it extremely slow to actually brute force the hash list that any attacker could get a hold of. Now if you have a 12 character password using a lowercase, uppercase, number and symbol, even if the attacker could guess at 100 trillion times per second (this is beyond even nation-state attackers at 5,000 rounds on SHA256), it would still take them 174 years to crack the hash. So the strong crypto trumps the attack. Not to mention 2FA would yet again prevent the attack working even if they could crack the hash.

If the password containers were breached then yes, that would be of even more concern, but still couldn't be cracked without knowing the password. So using a strong master password and using 2FA will defeat all but the most determined and well-resourced attacker, and at that point it is likely if they did have the resources to launch that sort of attack to get you, there would be better ways to do it.

All in all, that is why the breach didn't concern me. Strong crypto with user-side only decryption means even if they are breached it is non-trivial to get to the container content, which by the time it would take an attacker to do, you should have changed all the passwords anyway.

Edit: A few years ago it may have been heavy duty to find persistent malware, but not anymore. Exploits are fairly cheap these days. I've seen a handful of malware samples latching into device firmware, but these are usually targeted attacks and not something an average Joe should worry about.

 
Last edited by a moderator:
unfortunately due to people consistently using passwords like 123456, it has got a-lot easier to crash hashes :(

 
You must log in or register to reply here.
Back
Top