Jump to content

Steam shows outbound trojan to IP on port 27036

Go to solution Solved by AdvancedSetup,

Recommended Posts


As title states. Yesterday when I opened steam Malwarebytes stated that it blocked trojan. I did not think anything of it. But when it happened again toady I started to get worried.


I read that there is so called steam.exe coin miner virus but but no process use more than few precent of the resources. Steam in particular uses only few % of CPU and 0% of GPU. Unlike stated that it should use about 70%. I also read that it is false positive. But I rather would be sure.


I have attached FRST logs and extract from malwarebytes history.   Lastly I scanned steam.exe individually and it showed no threat.

Thank you in advance

FRST.txt Addition.txt Export.txt

Link to post
Share on other sites

  • Root Admin

That IP is blocked due to an Emotet threat

Please run the following @Octavia1001


Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well


Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article



I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 



Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

Thank you


Link to post
Share on other sites


Sorry for the long response I did not expect for he scan to take this long.

While the computer was scanning just before I went to sleep it showed that I had 5 infected files. The folder that is mentioned in the log file has never been opened, and can be easily deleted if necessary but I have not as to not impede your investigation.

Also the computer decided that it must absolutely update now and I have attached the new FRST and addition files aswell.

Addition.txt FRST.txt msert.log

Link to post
Share on other sites

  • Root Admin
  • Solution

That IP block turns out to be a False Positive after retesting. Please open Malwarebytes, go to Settings, General and check for updates. This should no longer be detected.

However, the Microsoft scanner finds a threat in one of your saved files that you should consider deleting or at least uploading the file to https://virustotal.com and have them scan it too to make sure.


Full Scan Results:
Threat Detected: Trojan:Win32/Rundas!plock, partially removed.
  Operation failed. Action: Remove, Result: 0x800700DF. Please use a full antivirus product ! !
    file://F:\Downloads\Call of Duty Black Ops 2 SP-MP-ZM_LAN-repack ^^nosTEAM^^\Call-of-Duty-Black-Ops-2_nosTEAM.part1.exe->(RarSfx)->Call of Duty Black Ops 2\buddha.dll
        SigSeq: 0x0000166733FA04EB
    containerfile://F:\Downloads\Call of Duty Black Ops 2 SP-MP-ZM_LAN-repack ^^nosTEAM^^\Call-of-Duty-Black-Ops-2_nosTEAM.part1.exe




Link to post
Share on other sites

  • Root Admin

You're quite welcome.

Take care and have a great day.



Here are some recommendations to help keep you and your computer safe.

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin


Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes


Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.