How to remove Steam Messaging Virus

UkieGunZ

Honorable
Sep 8, 2013
1
0
10,510
Yesterday, I got this link from a friend and I clicked it without paying any attention and even stupidly clicked the adobe flash player button that supposedly would let me play the video or whatever. I'm on Windows 10, and as soon as I opened it, it immediately shut down. Nothing happened to my steam account or my inventory, so I thought Windows Defender was quick to shut down the virus before it spread.

However, I go afk for a bit and come back to my pc today only to find out that Steam is not even on (even though I left it on), and I sent the same message my friend sent me yesterday to my online friend. Thankfully, I was on my alternative steam account, so I only sent it to one person, and the only person that was online was my main account on steam mobile. I saw this message while I was out, so now I know that I have this virus.

I recently installed windows 10 a few days ago, so I'm considering just reinstalling my OS, but is there any way to get rid of this easily? I ran scans through Windows Defender and Malwarebytes, but nothing showed up.

I found some things in my task manager that looked a little bit odd:

q1Jkl.png

q1JGj.png

q1Jl3.png


I'm not sure about netsupportclient, but I don't remember it being there at all. Regarding the other startups, I believe I saw Etfxrt as a process, as well as some AutoScript process that I forgot to take a puush of. I tried to open file locations in order to delete them, but they lead me to empty folders in Roaming/. And when i tried going back into Roaming, the folders wouldn't show even though I have hidden items turned on.

Edit: think im just going to reinstall windows 10, no biggie
 
Solution
I do computer repairs for a living, and I can tell you that (depending on the exact type) this is a real issue to get rid of. In most cases I've seen, it ends up being a rootkit. If that's the case, you need to boot into safe mode and run an antivirus/antimalware program to remove it. I would personally recommend going to Malwarebytes website and downloading the Chameleon tool (under products->technician tools I believe), which will install malwarebytes under the radar (meaning rootkits wont prevent the installation). Should have no issues finding and removing it, but if that doesn't work you might need to do a fresh install (or restore point if you have it).

This is exactly why I have Hiren's on a USB and a few other USB's that I...

sublimeaces1968

Estimable
Jan 28, 2016
3
0
4,510
I also fell victim to this once. It was some skin hackers who do that for living. They will get one person then message their entire friends list and keep going and building their tree. I got my account back from steam support in my case they changed my email and password from my end with a rat then took my skins and messaged alllll of my friends. Sucks too because i used to be careful about this but it was from someone i trusted.

yes do a reinstall of windows and if its a rat you might even wanna think about a full reformat.
 

GeekSquadd

Commendable
Jul 20, 2016
2
0
1,510

In this unfortunate situation I highly recommend to just factory reset your PC. This may not be ideal but its your safest bet. The only other thing you could really do is run a bunch of anti-viruses or take it to a shop to get it worked on.

 

litegrace

Estimable
Feb 12, 2015
5
0
4,520
I do computer repairs for a living, and I can tell you that (depending on the exact type) this is a real issue to get rid of. In most cases I've seen, it ends up being a rootkit. If that's the case, you need to boot into safe mode and run an antivirus/antimalware program to remove it. I would personally recommend going to Malwarebytes website and downloading the Chameleon tool (under products->technician tools I believe), which will install malwarebytes under the radar (meaning rootkits wont prevent the installation). Should have no issues finding and removing it, but if that doesn't work you might need to do a fresh install (or restore point if you have it).

This is exactly why I have Hiren's on a USB and a few other USB's that I custom made with several antivirus programs and drive tools made to run portable like that (as deep infections like rootkits tend to deactivate antivirus and prevent new installation).
 
Solution