1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

Malware

Discussion in 'SteamRep General Discussion' started by ScammrFinder, Jan 4, 2017.

  1. ScammrFinder

    ScammrFinder New User

    Messages:
    14
    Steam:
    STEAM_0:0:147258297
    Hi. Im not sure if you would call this a scam, but I was added by someone to trade skins, and he gives me a link (dont go to the link). I first resist because I know i've never been to the site. I start to say make it a gyazo. I give him a couple minutes and he does not reply. I begin to be curious and click the link witch then my anti-virus pops up with some Malware sort of thing. Im not sure what to do, but this is f✿✿✿ed up!

    Can you guys tell me what to do?

    Also look in the screenshots. If you're a dare devil and don't believe me, Go to the site (I DO NOT RECOMMEND THIS)

    Thanks!

    Images: https://gyazo.com/17f653c76633321a882975f3f7b8e998 https://gyazo.com/e2ce5501683a2304e30bebac05365aa1 .

    His steam profile: http://steamcommunity.com/profiles/76561198088770951/
    ScammrFinder, Jan 4, 2017
    #1
  2. Nebras

    Nebras New User

    Messages:
    249
    Steam:
    STEAM_0:0:92811415
    appears to be a phishing/RAT attempt, SR does not investigate these
    Nebras, Jan 4, 2017
    #2
  3. ScammrFinder

    ScammrFinder New User

    Messages:
    14
    Steam:
    STEAM_0:0:147258297
    Forgot to mention, not sure if this is clean or not, but it silently downloaded a .txt file

    (appears to be the source)

    Attached Files:

    ScammrFinder, Jan 4, 2017
    #3
  4. Nebras

    Nebras New User

    Messages:
    249
    Steam:
    STEAM_0:0:92811415
    I don't believe it's supposed to download this file, as it appears to be just a trade offer window, especially that your anti virus detected it, you sure this was downloaded from the same link?
    it appears to only have a malicious .scr file.
    Nebras, Jan 4, 2017
    #4
  5. ScammrFinder

    ScammrFinder New User

    Messages:
    14
    Steam:
    STEAM_0:0:147258297
    it was put in a tmp folder, can you tell me what that means?
    ScammrFinder, Jan 4, 2017
    #5
  6. Nebras

    Nebras New User

    Messages:
    249
    Steam:
    STEAM_0:0:92811415
    I only took a quick look on the txt so this may be wrong, it is like opening a trade offer wibdow with someone and saving the source.

    nothing you need to worry about, that website is malicious and you shouldn't trust it, you can't report that on SR because SR does not investigate phishing/malware.
    The user who sent you the link may not necesserily be responsible for it, as he might have fallen for it and it's that script sending messages to you.

    If any other files were downloaded from that site, I suggest you run a full scan on your PC.
    Nebras, Jan 4, 2017
    #6
  7. idiot weasel

    idiot weasel New User

    Messages:
    4
    Steam:
    STEAM_0:0:87911311
    A scan using Malwarebytes is advisable since MWB scans registry keys and removes anything left over by some viruses, it also picks up ransomware and other malicious type programs.
    idiot weasel, Jan 25, 2017
    #7
  8. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    Not entirely true. https://www.malwarebytes.com/products/ You'll probably want "AdwCleaner" from them too. what that does is not (entirely) covered in the base product Malwarebytes.
    SilentReaper(SR), Jan 26, 2017
    #8