ALERT: Steam Accounts Phished

[KillerZebra]

Some of our admins and members have gotten their accounts hacked and are now sending out links to everyone on their friends list containing a link to dropbox and a message "explain these pictures".

This link contains a zipped file with 2 .scr-files, which are executable and will install one or more trojans on your computer.

We will never add someone and send them a link to download something.

We advise you to not open the .rar-file. If you do, you will risk your account getting hacked. Please ignore the Steam Message.

Remember, Skial will never send you a link to download something. You should not trust an admin, or anyone, with a link where you should download a file.

This phishing attempt is not secluded to Skial, it has been seen all over Steam. This is just a friendly warning from Skial.


If you already fell for this phishing attempt, please do the following.
1. Disconnect from the internet
2. Run a virus scan (I suggest Malwarebytes)
3. Navigate here C:\Users\<account>\AppData\Roaming\DClogs and delete it.

I believe this is where the hack hides, I am not 100%.​

4. Change your password to Steam, and your email.
5. Contact Valve

 

[Talow]

Thank you for the sticky in general.

 

[SarcasticWisdom]

If you do download it but dont open the rar or the .scr files are you still infected?

 

[Antamania]

If you do download it but dont open the rar or the .scr files are you still infected?

You should be ok. Delete it, run a virus scan, and change your pw to be safe though.

 

[KillerZebra]

Most likely not. But I would do steps 1,2,3 just in case. If you virus scanner comes back with something, do step 4.

 

[SarcasticWisdom]

Most likely not. But I would do steps 1,2,3 just in case. If you virus scanner comes back with something, do step 4.

Did scan and didn't have that folder so I'm assuming I'm good, changing my password as this posts


and if i do get hacked, the most valuable thing in my inv is worth a key or two
step up ur game hackers

 

[KillerZebra]

You should be fine.

I got hacked yesterday. But I was still logged into my account, So i reacted in time to save it. (i hope) I logged out last night and i successfully logged in today.

What happened was I changed my password, but It wouldn't let me log into my steam account online. (ex. steam community from browser). When I typed in my password, it said invalid. I deleted the C:\Users\<account>\AppData\Roaming\DClogs and suddenly I could log in again. With the password I used before. That is why I think the trojan hides out there. But It might of just of been a coincidence.

Someone else who got phished said he had that location and deleted it. While someone who didn't get phished didn't have it. Another reason why i think it lives there.

 

[Toxik]

Quick question, can your account get hacked even if you didn't click any suspicious link?

 

[KillerZebra]

Well yeah but the person would really need to know what they are doing. I doubt someone who could do that would waste their time on Steam accounts

 

[[YDEK] fi$hy k!tty]

I got this last night from Soapy :\

Rue and Sarcasm helped me sort it out, and it looks like I still have my account. Malwarebytes found stuff in folders similar to what Zeebs said, and while they're all gone now, I hope I'm not being followed around by a keylogger or some kind of remote access thing D:

 

[111111]

I got this last night from Soapy :\

Rue and Sarcasm helped me sort it out, and it looks like I still have my account. Malwarebytes found stuff in folders similar to what Zeebs said, and while they're all gone now, I hope I'm not being followed around by a keylogger or some kind of remote access thing D:

That's exactly what I'm fearful of. Anyone know if it be possible for a keylogger or something similar to be implanted and remain undetected in some fashion?

 

[FireGame]

Yeah, I saw this too... and unfortunately dl'ed it. My comp couldn't figure out how to open it though, will it still be a problem? (I'm running a scan either way, and I'll be changing my steam pw when it's done...)

 

[Drum]

I would recommend using

That's exactly what I'm fearful of. Anyone know if it be possible for a keylogger or something similar to be implanted and remain undetected in some fashion?

You can do a boot-time scan if you want. Malwarebytes + Spybot S&D should pick up pretty much everything, unless you have something far more serious.

Yeah, I saw this too... and unfortunately dl'ed it. My comp couldn't figure out how to open it though, will it still be a problem? (I'm running a scan either way, and I'll be changing my steam pw when it's done...)

You should be changing every single password anyways due to Heartbleed.

 

[[Interrogator]]

Wow I'm just a little surprised at how many people around here fell for this

 

[Pengy]

Wow I'm just a little surprised at how many people around here fell for this

It's honestly a force of habit. Whenever I see any kind of link, I always have to physically pause and not click on it, because it's just so natural for me to open something right away. That's why the box that says you're going to a potential threat is alwasy nice to have on. DL'ing things is a whole other thing though.

 

[Genocide]

You can download detailed instructions on how to remove this virus from your PC as well as simple malware removal tool here [unsafe link removed]

WARNING!! DO NOT FOLLOW LINK FROM MITTENS!!!

It is incredibly suspicious that he posted the same exact thing 3 times.
This is most likely another attempt at phishing more accounts.

 

[chuckwagon]

http://urluncoverpro.com/?url=http://is.gd/qgWp5e

 

[Genocide]

Oh woops this is the actual link that you can click on: [Link removed for safety]

Why does your link text there not match the destination of your link?

 

[chuckwagon]

<a class="externalLink ProxyLink" data-proxy-href="proxy.php?link=http%3A%2F%2Fxrl.us%2Fsafetoclick&hash=4419b881d55000b288e8a9950133c7fc" target="_blank" href="http://xrl.us/safetoclick"></a>

 

[mittens]

Why does your link text there not match the destination of your link?

It's safe to click.

When the popup appears just hit "Accept" then when it asks to run as a system administrator click "Yes."

Then the program will run through and clear out any malicious software.