Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, November 19, 2014

Remove Steam Messages Virus (Malicious links in Steam chat to .SCR, .EXE files)

Tell your friends:
There is a new virus going around through Steam. If you get a message that says "You will exchange this thing?" or "Is this you in the photo?" or "WTF Dude?" with a link DON'T OPEN IT! Even though it may appear as a link to a screenshot it actually redirects to a password stealing Trojan horse (VirusTotal scan results /safe to open). It loads a malicious .src or .exe file and infects your computer. Here are a few scan results: Spyware.OnlineGames, Trojan.Crypt, Win32:Malware-gen, Detection ratio is still very low, just about 20% which means that only one anti-virus program out of five will detect this virus and block it. Here are a few examples of fake Steam messages you may get in Steam chat:

You will exchange this thing?

WTF Dude?

Here's a list of malicious links that were used previously or still in use:

Click to Enlarge Image
Have you stumbled across the term password stealing 'Trojan Horse' when reading about IT, malware or computers? If so and you're wondering what on earth this ancient Greek mythological beast has to do with modern technology then you've come to the right place! Strange as it may sound, the name does make sense – or at least it should in a few moments.

Feeling slightly confused. Apologies – keep reading and everything will become clear.

What is a modern Trojan Horse?

To understand more about today's Trojans and how they got their name we need to go back in time. You may recall being told the story about Helena of Troy and the Trojan Horse back in your youth. Remember the tale of how the Greeks and Trojans were at war and to con the Trojans into letting the Greek army into their walled city, the Greeks hid inside a huge wooden horse which they offered as a peace offering to the people of Troy. The Trojans accepted this rather bizarre (but kind of cool!) gift and wheeled the horse through their city gates. Of course, as soon as night fell, the Greeks climbed out, opened the gates to the rest of their army, and overcame Troy.

History lesson over and you're still asking what on earth does that have to do with my computer?! Well, just like the wooden horse of yore which was lethal, despite looking like it was a perfectly innocent gift, so too are modern Trojan Horses. For a Trojan Horse in the IT world is actually a piece of malware which has been designed to fool you into thinking it's something you need or want. In 2014, the Greek army is a (malicious) software developer - and we are the unsuspecting, or some may say naive, people of Troy. This Steam chat virus works exactly the same. You get a message with an offer to exchange something which is't very unusual on Steam and you think that it indeed might be a good thing but what you get is a virus. Notice how Screen_19521.png in the fake Steam message becomes a knife.exe when you open a malicious link. And you don't even have to run that file. It loads malicious code automatically.

What will Steam messages virus do to my computer?

We've established that today's password stealing Trojan Horses are an enemy in disguise but how do they pose a threat to your PC? Well, once you've installed this Trojan, thinking it was an innocent plugin, a game, or even exchange item, they can wreak havoc on your computer and systems. Their usual MO is to corrupt your data and files by over-writing parts of your hard drive. In this case, however, it will use your Steam account to spam other users with malicious links hoping that more and more computers will becomes a part of a huge botnet of infected machines controlled by cyber crooks.

Clearly, the hard part is knowing what you can and can't trust when you're downloading software, thanks to the Trojan's innocent guise. The developers of Steam chat viruses are incredibly resourceful when it comes to convincing you to download, click a button, or fill in a form containing personal data or bank details – meaning we need to be on our guard.

How do I defend myself against this Steam virus?

First line of defense, give your city walls an added layer of protection by installing a reputable anti-malware program on your computer. And once it's on there, run it regularly and keep it bang up to date.

You also need to be careful when opening links, attachments in emails or downloading software. If in doubt, don’t! Simple as that. To remove Steam messages virus from your computer, please follow the steps in the removal guide below. If you have questions, leave a down comment below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur,

Steam messages virus removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.

NOTE: If you are using Internet Explorer and can't download anti-malware software because "Your current security settings do not allow this file to be downloaded" then please reset IE security settings and try again.

2. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.

3. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.


Anonymous said...

Dude I hope this will work,I got this neew virus in my steam mesage box and I don't know what to do anymore...

Anonymous said...

ive accidently got the virus and sent a message to all friends. however these anti-viruses in the post seem outdated as nothing has seem to find anything wrong on the comuter

Anonymous said...

I have this problem right now. I've searched it up, and apparently it can access my steam inventory. It also forces me to comment on other people's profiles with the link to the virus. I'm afraid I could get banned so I'm running two anti-virus programs at once. Norton has found 2 viruses, but they may not be the one I'm looking for.

Anonymous said...

It stole me items from 2 of my games , dont download or open for any reason

Joe Burgess said...

This virus had gotten out of control in the Train Simulator Community. As the majority of the community are only on Steam for the simulator most of them don't have experience outside of that. They don't have experience with hackers or phishers and how they 'play the game' so they just click the link and assume everything is fine. Man this virus is just going to keep spreading.

Anonymous said...

Do you know what this specific trojan does? Are there other security steps I should take after removing it? (and how can I be sure it's been successfully removed?) Thanks in advance.

Anonymous said...

I've decided to uninstall/reinstall steam. Including my games. We'll see how it goes, I'll comment if there are further incidents after this expunge.

Ruben Java said...

Avast seemed to Block the file.. Also Chrome Did Blocked the file.. Soo Im okay ^_^

Anonymous said...

i got that thing in my steam T_T
i dont what i'm gave to do know, icannt open the steam and my steam pic is changed
please somebody tell me what im have to do right now!!