Jump to content

Ads in Steam Store


Recommended Posts

So whenever I enter the store through my Steam client, an add pops up, and I can't click anywhere except the "X" button on the add to close it, and when I do so, it redirects me to the steam browser where it shows another add, and so on and so on whenever I click on something in the store. I've tried malwarebytes, avast antivirus, spybot,... but nothing seemed to help. I removed all extensions from my browsers, also uninstalled all suspicious programs. But the weird thing is, whenever I go to the steam store through my web browser (Chrome), there are no signs of adds whatsoever. Is there any solution to this problem? 

steamadds1.png

steamadds2.png

Link to post
Share on other sites

Hello Dekson and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image (may have changed to three (3) vertical dots.)
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your next reply...

Thank you,

Kevin...
Link to post
Share on other sites

Hello kevinf80! Thank you for your reply! Here are the attachments you asked for!

Malwarebytes log :

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2.12.2016.
Scan Time: 18:39
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.02.09
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Win 10

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327416
Time Elapsed: 42 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello Dekson,

Thanks for those logs, looks like a DNS issue. Also with this problem what you are experiencing with steam client issue maybe a secondary infection.... Continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary.

Tool can be downloaded here: http://www.sordum.org/downloads/?dns-jumper

Right click on Dnsjumper.exe and select "Run as Administrator" to start the tool, For XP just double click to run.
 
  • From the left hand pane select "Flush DNS"
  • From the main interface select the dropdown under "Choose a DNS Server"
  • From the list select either "Google Public DNS" or "Open DNS"
  • From the left hand pane select "Apply DNS"

When done re-boot your system....

Next,

Navigate to the following folder:

C:\Users\{your username}\AppData\Local\Steam\htmlcache

Delete all entries in that cache folder, do not delete the folder.... Re-boot your PC..

Restart Steam Client, is the ad popup gone....?

Thank you,

Kevin.....

 

Fixlist.txt

Edited by kevinf80
Link to post
Share on other sites

Hello Dekson,

Thank you for those kind words, very much appreciated.... The DNS issue may also have created other secondary infections, the rougue IP was linked to Russia so I would recommend we run another couple of scans to ensure your system is definitely clean...

Post the log from FRST fix, will be saved to the same folder as FRST (in your case the Desktop) "fixlog.txt"

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs in your reply....

Regards,

Kevin...

 

Link to post
Share on other sites

Hello kevinf80!

Thank you for helping  clean my system further! I just have one question, do you know how this virus got to my system? I mean I never downloaded something from a sketchy site, pretty careful when I download.  

Here is the Sophos Virus Removal Tool log : 

2016-12-03 12:55:42.194    Sophos Virus Removal Tool version 2.5.6
2016-12-03 12:55:42.194    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2016-12-03 12:55:42.194    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-12-03 12:55:42.194    Windows version 6.2 SP 0.0  build 9200 SM=0x100 PT=0x1 WOW64
2016-12-03 12:55:42.194    Checking for updates...
2016-12-03 12:55:42.286    Update progress: proxy server not available
2016-12-03 12:55:52.882    Option all = no
2016-12-03 12:55:52.882    Option recurse = yes
2016-12-03 12:55:52.893    Option archive = no
2016-12-03 12:55:52.893    Option service = yes
2016-12-03 12:55:52.893    Option confirm = yes
2016-12-03 12:55:52.893    Option sxl = yes
2016-12-03 12:55:52.893    Option max-data-age = 35
2016-12-03 12:55:52.893    Option vdl-logging = yes
2016-12-03 12:55:52.894    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-12-03 12:55:52.895    Machine ID:    ba0446f87ca14e398f814bf8e8a58202
2016-12-03 12:55:52.895    Component SVRTcli.exe version 2.5.6
2016-12-03 12:55:52.896    Component control.dll version 2.5.6
2016-12-03 12:55:52.896    Component SVRTservice.exe version 2.5.6
2016-12-03 12:55:52.896    Component engine\osdp.dll version 1.44.1.2270
2016-12-03 12:55:52.896    Component engine\veex.dll version 3.67.0.2270
2016-12-03 12:55:52.896    Component engine\savi.dll version 9.0.5.2270
2016-12-03 12:55:52.897    Component rkdisk.dll version 1.5.31.1
2016-12-03 12:55:52.897    Version info:    Product version    2.5.6
2016-12-03 12:55:52.897    Version info:    Detection engine    3.67.0
2016-12-03 12:55:52.897    Version info:    Detection data    5.32
2016-12-03 12:55:52.897    Version info:    Build date    10/4/2016
2016-12-03 12:55:52.897    Version info:    Data files added    439
2016-12-03 12:55:52.897    Version info:    Last successful update    (not yet updated)
2016-12-03 12:57:19.504    Downloading updates...
2016-12-03 12:57:19.504    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2016-12-03 12:57:19.504    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-12-03 12:57:19.504    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-12-03 12:57:19.504    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2016-12-03 12:57:19.504    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2016-12-03 12:57:19.504    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2016-12-03 12:57:19.504    Update progress: [I49502] sdds.data0910.xml: found supplement IDE533 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2016-12-03 12:57:19.504    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE533 LATEST path=
2016-12-03 12:57:19.504    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE533 LATEST path=
2016-12-03 12:57:19.504    Update progress: [I49502] sdds.data0910.xml: found supplement IDE534 LATEST path= baseVersion= [included from product IDE533 LATEST path=]
2016-12-03 12:57:19.504    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE534 LATEST path=
2016-12-03 12:57:19.504    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE534 LATEST path=
2016-12-03 12:57:19.504    Update progress: [I49502] sdds.data0910.xml: found supplement IDE535 LATEST path= baseVersion= [included from product IDE534 LATEST path=]
2016-12-03 12:57:19.504    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE535 LATEST path=
2016-12-03 12:57:19.504    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE535 LATEST path=
2016-12-03 12:57:19.504    Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product IDE535 LATEST path=]
2016-12-03 12:57:19.504    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path=
2016-12-03 12:57:19.504    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path=
2016-12-03 12:57:19.504    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-12-03 12:57:20.323    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2016-12-03 12:57:20.323    Update progress: [I19463] Product download size 151003858 bytes
2016-12-03 12:57:23.656    Update progress: [I19463] Syncing product IDE533 LATEST path=
2016-12-03 12:57:23.656    Update progress: [I19463] Product download size 2192549 bytes
2016-12-03 12:57:25.749    Update progress: [I19463] Syncing product IDE534 LATEST path=
2016-12-03 12:57:25.749    Update progress: [I19463] Product download size 2006903 bytes
2016-12-03 12:57:27.545    Update progress: [I19463] Syncing product IDE535 LATEST path=
2016-12-03 12:57:27.545    Update progress: [I19463] Product download size 1915695 bytes
2016-12-03 12:57:28.189    Update progress: [I19463] Syncing product IDE536 LATEST path=
2016-12-03 12:57:28.189    Update progress: [I19463] Product download size 378088 bytes
2016-12-03 12:57:28.402    Installing updates...
2016-12-03 12:57:29.009    Error level 1
2016-12-03 12:57:43.473    Update successful
2016-12-03 12:57:56.023    Option all = no
2016-12-03 12:57:56.023    Option recurse = yes
2016-12-03 12:57:56.023    Option archive = no
2016-12-03 12:57:56.023    Option service = yes
2016-12-03 12:57:56.023    Option confirm = yes
2016-12-03 12:57:56.023    Option sxl = yes
2016-12-03 12:57:56.025    Option max-data-age = 35
2016-12-03 12:57:56.025    Option vdl-logging = yes
2016-12-03 12:57:56.029    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-12-03 12:57:56.029    Machine ID:    ba0446f87ca14e398f814bf8e8a58202
2016-12-03 12:57:56.029    Component SVRTcli.exe version 2.5.6
2016-12-03 12:57:56.029    Component control.dll version 2.5.6
2016-12-03 12:57:56.030    Component SVRTservice.exe version 2.5.6
2016-12-03 12:57:56.030    Component engine\osdp.dll version 1.44.1.2270
2016-12-03 12:57:56.030    Component engine\veex.dll version 3.67.0.2270
2016-12-03 12:57:56.030    Component engine\savi.dll version 9.0.5.2270
2016-12-03 12:57:56.030    Component rkdisk.dll version 1.5.31.1
2016-12-03 12:57:56.031    Version info:    Product version    2.5.6
2016-12-03 12:57:56.031    Version info:    Detection engine    3.67.0
2016-12-03 12:57:56.031    Version info:    Detection data    5.32
2016-12-03 12:57:56.031    Version info:    Build date    10/4/2016
2016-12-03 12:57:56.031    Version info:    Data files added    439
2016-12-03 12:57:56.031    Version info:    Last successful update    12/3/2016 1:57:43 PM

2016-12-03 13:47:27.683    Could not open C:\hiberfil.sys
2016-12-03 14:02:19.929    >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files (x86)\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll
2016-12-03 14:04:40.249    Could not open C:\swapfile.sys
2016-12-03 14:04:41.058    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-12-03 14:04:41.059    Could not open C:\System Volume Information\{4279f80f-b956-11e6-b66b-305a3aee8ec9}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-12-03 14:05:30.126    Could not open C:\Users\Win 10\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-12-03 14:05:30.127    Could not open C:\Users\Win 10\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-12-03 14:20:09.555    Could not open C:\Windows\System32\config\BBI
2016-12-03 14:20:09.699    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-12-03 14:20:09.716    Could not open C:\Windows\System32\config\RegBack\SAM
2016-12-03 14:20:09.717    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-12-03 14:20:09.718    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-12-03 14:20:09.720    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-12-03 14:59:41.052    Could not open LOGICAL:0004:00000000
2016-12-03 14:59:41.052    Could not open E:\
2016-12-03 14:59:41.052    Could not open LOGICAL:0005:00000000
2016-12-03 14:59:41.052    Could not open F:\
2016-12-03 14:59:41.052    Could not open LOGICAL:0006:00000000
2016-12-03 14:59:41.052    Could not open G:\
2016-12-03 14:59:41.052    Could not open LOGICAL:0007:00000000
2016-12-03 14:59:41.053    Could not open H:\
2016-12-03 14:59:41.215    The following items will be cleaned up:
2016-12-03 14:59:41.215    Mal/VMProtBad-A
 

AdwCleaner[C0].txt

Link to post
Share on other sites

Its really hard to say where the DNS changer infection came from, poisoned websites, emails and email attachments, those may even look legitimate.. P2P, router attacks...could be many diffrenet ways...

I`d recommend you change all passwords used on your system, also router password. keep all software and security updated etc.. be very carefull of any free software that maybe offered. it is often piggybacked with unwanted extras..

if no more issues or concerns we can clean up..

Uninstall Sophos AV via programs and Features..

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.