Jump to content

tagan.adlightning.com Trojan

SamuelSmith
 Share

Recommended Posts

SamuelSmith

SamuelSmith

Posted
Posted

Hello, I'm new to this and not entirely sure what exactly I need to show or not, don't want to accidently leak out anything personal

Anyway, on the 22/6 apparently Malwarebytes noticed a Trojan with a domain of "Tagan.Adlightning.com" which was found in my steamwebhelper. Now I can't really remember if I went on anything suspicious but I doubt it as I usually just tend to keep in steam's site / youtube anyway. I had a few scans after on both Malwarebyte and Norton and both saying my pc's fine. I also tried Malware's adwcleaner and again, nothing suspicious came out

Not sure if anyone else has received this or not but I heard that sometimes the steam overlay could cause a false threat but I'm very cautious when I get things like these and just wants to know if anyone here has had an situation sort of similar like this.

 

 

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hi, @SamuelSmith      :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Is that showing on a website ( IP ) block notice message ?   and do you notice and make notes as to what programs are running on your machine at that time ?


We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Link to post
Share on other sites
SamuelSmith

SamuelSmith

Posted
  • Author
Posted
35 minutes ago, Maurice Naggar said:

Hi, @SamuelSmith      :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Is that showing on a website ( IP ) block notice message ?   and do you notice and make notes as to what programs are running on your machine at that time ?


We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Hello, thank you for getting back to me quickly, I hope I done this all correctly. and to your question, I believe so? I'm sadly not all familiar with the PC info / techs but it said a website was blocked with that name "Tagan.adlightning.com" etc.

mbst-grab-results.zip

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Thanks for sending the report.  A website block notice means that the web protection of Malwarebytes is keeping your pc safe.

You can click on the X control on that type notice-window when you see them.

.

By the way, you do not need to click on the Quote feature when you start a Reply to this case.

You and I are the only ones on this case.

.

The log information on the block event points to some part ( ?) of steamwebhelper on the D drive.

D:\Steam\\bin\cef\cef.win7x64\steamwebhelper.exe

Is that something you knowingly installed ?

There is no real good reason for a Steam game to actually try to contact "tagan.adlightning.com"

 

Can you please go to Virustotal website  ( which is a site that many security companies use to upload and check files for potential malware.  The site uses multiple search engines from several companies).

Go to the link https://www.virustotal.com/gui/home/upload

You will see Choose file button.   Click that as a first step.   You will then see a dialog grid from Windows.

On the white "File name" box  copy and paste in

D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

 

then click Open button.  It should then Upload a copy of that file.  That file will be analyzed.

Watch the progress.  It should take a short while.

After it has all completed, it will show a completed results page.

Please provide the link address to that results page on your next reply.

.

My current leaning is that that steamwebhelper ought to be deleted.

and

that you should check all Settings in Steam  to turn off all ads.

 

 

Link to post
Share on other sites
SamuelSmith

SamuelSmith

Posted
  • Author
Posted

Good Evening,

Here's the link, says everything is undetected:

https://www.virustotal.com/gui/file/ee74c213c9f289bee0b9aef0e71b63abf88285cd04bb7158a2c7e2eba957ad6b/detection

What I am aware is that with some games I play on steam (Team Fortress 2, Gmod, Mordhau, etc) there are custom servers which will have an ad before you can start playing on the server. I think they're harmless as the owners of the server uses them to pay for the server to keep going.

 

Other than that I don't think there are any other reasons for steam to do so

Link to post
Share on other sites
ZoeyS

ZoeyS

Posted
Posted

Hey SamuelSmith!

I work for Ad Lightning, the company that got flagged here. We reached out to Malwarebytes and they confirmed our flag was a mistake, and they fixed it. Unfortunately, until folks update their software, our URL will still be flagged.

We actually work to fight malware and bad ads. Our clients use us to stop those annoying "You've won an Amazon gift card!" redirects, and other malware stuffing. I'm guessing you're right, one of the custom servers you work with might have had an ad from a client of ours, so our script ran in Steam, and Malwarebytes flagged it and blamed Steam. Here's an article about us from GeekWire if you want to know we're legit!

Definitely don't delete your Steam web helper! You want that haha (I play TF2 as well :D)

Here's what Malwarebytes told us folks need to do in order to stop that flag:

Quote

If the customers are using our cloud program, cloud.malwarebytes.com, they will need to log in, then disable web protection on the policy that their endpoints are on, wait a few minutes, then re-enable web protection.

If they are using our business on-premise or our home consumer version then those should take effect automatically after obtaining updates.

Hope this helps! If you have any questions, feel free to email us!

Thanks,

Zoey

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

@SamuelSmith

Please be sure that your Malwarebytes for Windows program is all up to date.

Start Malwarebytes.   Then on the Dashboard screen, look to the right-side frame, scroll down to the section "System".

Click on blue-color "Current"

Be sure that the program is fully up to date.

Close the window.

See if the block notices go away.

Sincerely,

Maurice

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.