Jump to content

SteamWebHelper.exe Infected with Adware (linkbucks.com)


Danc95

Recommended Posts

Hello there,

Yesterday I was on my computer using steam and was playing a game, when I went into web browser and then went onto you tube I had accidentally click on a ad that pops up when you are watching a video of any sorts and when I went to go cross off it, the map was loading on the game so my I was a bit delayed and must of clicked on the ad, long story short I now I have  link bucks ad come up on steam web browser and not my desktop search engines like chrome and explorer I have already formatted and reset my SSD with the OS and my HDD , however once I had reinstalled everything the adware still arise. 

However I did manage to locate what the problem was with your package malware-bytes,when running the  game I quickly hit Shift +tab and opened the steam web browser and then ran the scan when the linkbucks.com tab came up it was detected and blocked however it still comes back every time I join the server of the game I am playing. My question is that is it possible if I can ever remove this adware from steamweb browser since I have used McAfee premium and Malware-bytes but still no luck. Anyone with any expertise would be really appreciated. Oh  I also turned on scan for rootkits as well.

 

Thanks

Link to post
Share on other sites

I Found this on one of the logs....

# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-12-03.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-08-2018
# Duration: 00:00:11
# OS:       Windows 10 Pro
# Scanned:  32298
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Ask Jeeves       <<<<<<<<<<< this is what came up on the threats detected and said was removed

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

Link to post
Share on other sites

This was a log from Malwarebytes as the time it detected the adware when I was using the steam web browser, each time it's a different IP and domain.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 08/12/2018
Protection Event Time: 11:52
Log File: bda11f9e-fadf-11e8-a04c-d8cb8aa024b2.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.8223
Licence: Trial

-System Information-
OS: Windows 10 (Build 17763.134)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Hijack
Domain: lucklayed.info
IP Address: 143.204.181.57
Port: [49897]
Type: Outbound
File: D:\Program Files (x86)\bin\cef\cef.win7x64\steamwebhelper.exe

 

(end)

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions
---

Note to Mortisanti
You are not allowed to post in topics other than your own.
https://forums.malwarebytes.com/topic/12264-groups-authorized-to-help-with-malware-removal-logs/


 

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.