Remove Steam Messages Virus (Malicious links in Steam chat to .SCR, .EXE files)

There is a new virus going around through Steam. If you get a message that says "You will exchange this thing?" or "Is this you in the photo?" or "WTF Dude?" with a link DON'T OPEN IT! Even though it may appear as a link to a screenshot it actually redirects to a password stealing Trojan horse (VirusTotal scan results /safe to open). It loads a malicious .src or .exe file and infects your computer. Here are a few scan results: Spyware.OnlineGames, Trojan.Crypt, Win32:Malware-gen, BehavesLike.Win32.Backdoor.fm. Detection ratio is still very low, just about 20% which means that only one anti-virus program out of five will detect this virus and block it. Here are a few examples of fake Steam messages you may get in Steam chat:

You will exchange this thing? screenshot-url.com/Screen_19521.png

WTF Dude? http://screen-pictures.com/img_012/

Here's a list of malicious links that were used previously or still in use:

Click to Enlarge Image

Have you stumbled across the term password stealing 'Trojan Horse' when reading about IT, malware or computers? If so and you're wondering what on earth this ancient Greek mythological beast has to do with modern technology then you've come to the right place! Strange as it may sound, the name does make sense – or at least it should in a few moments.

Feeling slightly confused. Apologies – keep reading and everything will become clear.

What is a modern Trojan Horse?

To understand more about today's Trojans and how they got their name we need to go back in time. You may recall being told the story about Helena of Troy and the Trojan Horse back in your youth. Remember the tale of how the Greeks and Trojans were at war and to con the Trojans into letting the Greek army into their walled city, the Greeks hid inside a huge wooden horse which they offered as a peace offering to the people of Troy. The Trojans accepted this rather bizarre (but kind of cool!) gift and wheeled the horse through their city gates. Of course, as soon as night fell, the Greeks climbed out, opened the gates to the rest of their army, and overcame Troy.

History lesson over and you're still asking what on earth does that have to do with my computer?! Well, just like the wooden horse of yore which was lethal, despite looking like it was a perfectly innocent gift, so too are modern Trojan Horses. For a Trojan Horse in the IT world is actually a piece of malware which has been designed to fool you into thinking it's something you need or want. In 2014, the Greek army is a (malicious) software developer - and we are the unsuspecting, or some may say naive, people of Troy. This Steam chat virus works exactly the same. You get a message with an offer to exchange something which is't very unusual on Steam and you think that it indeed might be a good thing but what you get is a virus. Notice how Screen_19521.png in the fake Steam message becomes a knife.exe when you open a malicious link. And you don't even have to run that file. It loads malicious code automatically.

What will Steam messages virus do to my computer?

We've established that today's password stealing Trojan Horses are an enemy in disguise but how do they pose a threat to your PC? Well, once you've installed this Trojan, thinking it was an innocent plugin, a game, or even exchange item, they can wreak havoc on your computer and systems. Their usual MO is to corrupt your data and files by over-writing parts of your hard drive. In this case, however, it will use your Steam account to spam other users with malicious links hoping that more and more computers will becomes a part of a huge botnet of infected machines controlled by cyber crooks.

Clearly, the hard part is knowing what you can and can't trust when you're downloading software, thanks to the Trojan's innocent guise. The developers of Steam chat viruses are incredibly resourceful when it comes to convincing you to download, click a button, or fill in a form containing personal data or bank details – meaning we need to be on our guard.

How do I defend myself against this Steam virus?

First line of defense, give your city walls an added layer of protection by installing a reputable anti-malware program on your computer. And once it's on there, run it regularly and keep it bang up to date.

You also need to be careful when opening links, attachments in emails or downloading software. If in doubt, don’t! Simple as that. To remove Steam messages virus from your computer, please follow the steps in the removal guide below. If you have questions, leave a down comment below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

---

Steam messages virus removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.

NOTE: If you are using Internet Explorer and can't download anti-malware software because "Your current security settings do not allow this file to be downloaded" then please reset IE security settings and try again.

2. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.



3. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.