I had money stored in my paypal. I only have two cards. I didn't mind paying him as the situation is sorted :)

At the same time, the guy has essentially stole £10 off you and would have stolen your Steam account. I would recommend getting in touch with PayPal or reporting to the authorities because you are probably not the only victim of this guy.

I had money stored in my paypal. I only have two cards. I didn't mind paying him as the situation is sorted :)

But still, you are enabling that person to go after other people giving him the thought that since someone has paid him, everyone else he hacks will do so as well. Who knows, what you paid him could be going for further training of hacking skills and he will most likely keep your account name listed in some text file to try and do this again in the future.

If you spend most of your time gaming,
It's normal that youre gonna pay someone if you get your steam account back...

A lot of people just pay, get their account back and be done with it.

and this is why I don't play much of anything on Steam, including GTAV, I bought Retail and so glad I did.. not to say this couldn't happen to people on retail,  my personal experience with steam is, it sucks, many many trolls on the steam forums, just my opinion though.

Edited October 22, 201510 yr by Kal74

I've said it before and I'll say it again, no amount of anti-virus software, feature rich or not, will save you from your own stupidity.

People these days get too hung up on "omg I have the best anti-virus I'm 100% safe hahaha" because they still think a virus is a direct attack on your pc. The majority of viruses or malware that you get are from you letting it happen. Installing software, signing up to websites, clicking stupid links etc. Keyloggers wont transmit data through your firewall unless you actively say "yeah let it through!" (which for the record you do by clicking yes run this program).

Onto what @goigle said about better active features. Not true at all. A vast number of anti-virus software packages install themselves like viruses, they're a pain to remove and they bloat CPU useage in a lot of circumstances. I'm not saying all of them do this, but a lot of them do. Many of those active features are not always the best solution in the long run. I want anti-virus not a graph that shows me my CPU usage of different applications.

I prefer using lightweight simple options like MSE/Defender and Malwarebytes Premium together. I don't need a million active features, leave the keeping safe online down to me, if I fuck up, help me remove the fuck up. That's it.

 

At OP, glad you got your account back. Even if it did cost you. In future don't trust anything on the steam forums, the moderation is shit at best. And always check what you're doing before doing it. Slow down and take the time to look at things, don't just speed click through because you're impatient etc etc.

Regarding the scam report it to PayPal regardless of what you think will happen. It's better to raise concerns than to go "oh well It's all good nevermind". You might save a lot of people £10. I'm sure if someone had of alerted you to the scam because they fell for it before you went through with it you'd be happier than if they kept quiet.

Change all your passwords by other device like other computer in your home or your mobile phone, just for security reasons... And dont forget to format your personal computer.

 

You will not die for this reason, Im pretty sure you learned a new lesson :)

Edited October 22, 201510 yr by eldunkito

I've said it before and I'll say it again, no amount of anti-virus software, feature rich or not, will save you from your own stupidity.

People these days get too hung up on "omg I have the best anti-virus I'm 100% safe hahaha" because they still think a virus is a direct attack on your pc. The majority of viruses or malware that you get are from you letting it happen. Installing software, signing up to websites, clicking stupid links etc. Keyloggers wont transmit data through your firewall unless you actively say "yeah let it through!" (which for the record you do by clicking yes run this program).

Onto what @goigle said about better active features. Not true at all. A vast number of anti-virus software packages install themselves like viruses, they're a pain to remove and they bloat CPU useage in a lot of circumstances. I'm not saying all of them do this, but a lot of them do. Many of those active features are not always the best solution in the long run. I want anti-virus not a graph that shows me my CPU usage of different applications.

I prefer using lightweight simple options like MSE/Defender and Malwarebytes Premium together. I don't need a million active features, leave the keeping safe online down to me, if I fuck up, help me remove the fuck up. That's it.

 

At OP, glad you got your account back. Even if it did cost you. In future don't trust anything on the steam forums, the moderation is shit at best. And always check what you're doing before doing it. Slow down and take the time to look at things, don't just speed click through because you're impatient etc etc.

Regarding the scam report it to PayPal regardless of what you think will happen. It's better to raise concerns than to go "oh well It's all good nevermind". You might save a lot of people £10. I'm sure if someone had of alerted you to the scam because they fell for it before you went through with it you'd be happier than if they kept quiet.

Thanks, I did report it to actionfraud police, they said they will deal with the situation and try get that £10 back if not I really don't mind. I gave every detail to them and hopefully it will prevent future hacks like this. I couldn't remember the virus exe name as it went quick but I gave enough information. I am not a fan of anti-virus, it's a paint most of the times but sometimes they are right and I should of listened to it. 

I've said it before and I'll say it again, no amount of anti-virus software, feature rich or not, will save you from your own stupidity.  The majority of viruses or malware that you get are from you letting it happen. Installing software, signing up to websites, clicking stupid links etc. Keyloggers wont transmit data through your firewall unless you actively say "yeah let it through!" (which for the record you do by clicking yes run this program).

Onto what @goigle said about better active features. Not true at all. A vast number of anti-virus software packages install themselves like viruses, they're a pain to remove and they bloat CPU useage in a lot of circumstances. I'm not saying all of them do this, but a lot of them do. Many of those active features are not always the best solution in the long run. I want anti-virus not a graph that shows me my CPU usage of different applications.

I don't run any anti-virus software in Windows (beyond Microsoft's inbuild Windows Defender), Mac or Linux, and have yet to experience any issues. Mostly because I'm careful about the executables I download; run automated NAS backups of important files (sensitive files I don't keep locally); use a password manager; and use 2FA wherever I can.

But by far the best advice is never to run an executable you don't trust.  If you have any doubt, don't run it.  If you still want to run it, try executing it in a VM or with a program like Sandboxie.  You can then see what that executable actually does.  If it's been bundled or packed (i.e. with other executables that spread across your filesystem and then execute) or if it does more than it says it will do, then this will become apparent. Sandboxie is available free and tools like the Buster Analyzer addon can provide some information about what that file really does (file changes and registry changes), before you decide to run it for real. Bear in mind that even this is not fulproof, as some packed executables can detect Sandboxie and cease to run.  A VM is the safest option, although Sandboxie can be very helpful.

Virustotal is a useful indicator, but even if a file hits 0/50, that does not make it safe.  Hackers often use sites like VirusTotal (in fact, especially VirusTotal) as a benchmark for their infected files.  Almost any script kiddie can run an infected file through a packer and brings its detection rate into the low figures.  Add a few junk bytes and a little hex offset editing later, you'll have what they call a 'FUD' (fully undetectable) executable.  With some less well-known packers it's possible to take a file that scores 50/50 on VirusTotal, and three clicks (or 10 seconds) later the hacker has a packed file that hits 0/50, ready for them to spread across the internet.

1) Don't use predictable passwords. Ideally use a password manager like LastPass, 1Password, KeePass, etc., and ensure it's set up with Two-Factor Authentication (2FA). A password manager ensures you're not typing passwords in all the time (vulnerable to keyloggers) and even if a hacker grabs your master-password, without access to your phone (2FA) they're not going to be able to make any use of it.  The master password should be a random mixed-case alphanumeric string with special characters. Do not use the master password for anything else.

2) Use 2FA wherever possible (Authy is good). Steam Guard provides a form of 2FA, as do many websites nowadays.  It's especially important for things like your email account, as if a hacker can access your email, they can reset passwords to the various online accounts you use.

3) Use SSL (https://) on all websites that support it. The HTTPS Everywhere Addon is available for most major browsers.  This is especially important for a laptop using public WiFi (to prevent cookie stealing).

4) Removing Adobe Flash is also a good move, although it's still (inexplicably) required for certain websites (BBC iPlayer, for example). Browser addons like NoScript can at least allow you to disable flash as a default, so that you can then allow only trusted websites to run it.

5) Backup important files regularly

6) Again, do not run executables of unknown origin.  If you really cannot resist the urge, check it out on VirusTotal, run it through Sandboxie and look for any suspicious file creation, and/or run it in a VM.  If in doubt, don't run it for real.

Thanks, I did report it to actionfraud police, they said they will deal with the situation and try get that £10 back if not I really don't mind. I gave every detail to them and hopefully it will prevent future hacks like this. I couldn't remember the virus exe name as it went quick but I gave enough information. I am not a fan of anti-virus, it's a paint most of the times but sometimes they are right and I should of listened to it. 

Happy or otherwise, you have been the victim of a crime.  I doubt it will amount to much, though.  ActionFraud are, in my experience, generally reassuring, though sadly rarely effective in cases of this kind.  With the rise of web extortion and ransomware, alongside the transnational nature of many of these crimes, they have a lot to deal with. Still, they tend to pursue those who are easier to catch and it sounds as though your perpetrator is not too sophisticated.  The file was apparently easily detected and out of all the potential means of online payment (digital currencies like Bitcoin, Litecoin, etc), the idiot chose PayPal to receive a payment?!  Probably a kid trying out a RAT.  With any luck they'll catch the little blighter and give him a stern talking to.

Onto what

@goigle

 said about better active features. Not true at all. A vast number of anti-virus software packages install themselves like viruses, they're a pain to remove and they bloat CPU useage in a lot of circumstances. I'm not saying all of them do this, but a lot of them do. Many of those active features are not always the best solution in the long run. I want anti-virus not a graph that shows me my CPU usage of different applications.

I prefer using lightweight simple options like MSE/Defender and Malwarebytes Premium together. I don't need a million active features, leave the keeping safe online down to me, if I fuck up, help me remove the fuck up. That's it.

My advice was specifically pointed at OP. Avast has active features that include sandboxing and runtime analysis which would help people that are still learning when to not open files. Avast also doesn't use much CPU at all in my experience (I've never noticed it go over 10% and it is usually less than 1%). You can also turn off any of the active features you do not need. Sure, YOU may not need all of the active features, but until he gets more experience with online safety the active features will provide a nice cushion so he doesn't have to deal with things like this and he can learn without major cost.

Even then, there are exploits online that are hard to notice before the damage is done and if you are a victim of some 0days it is by no means due to stupidity. Sure, your setup can help you remove any lingering infection, but sometimes it's nice to not have to deal with the hassle (especially if somehow hackers get your bank details). Also, many people do not have the money to spend on premium antimalware.

Virustotal is a useful indicator, but even if a file hits 0/50, that does not make it safe.  Hackers often use sites like VirusTotal (in fact, especially VirusTotal) as a benchmark for their infected files.  Almost any script kiddie can run an infected file through a packer and brings its detection rate into the low figures.  Add a few junk bytes and a little hex offset editing later, you'll have what they call a 'FUD' (fully undetectable) executable.  With some less well-known packers it's possible to take a file that scores 50/50 on VirusTotal, and three clicks (or 10 seconds) later the hacker has a packed file that hits 0/50, ready for them to spread across the internet.

Hackers typically won't use VirusTotal because of the fact that they distribute files to antivirus vendors, they'll use other sites though like you said

Edited October 22, 201510 yr by goigle