What should i do
Your options are a little limited! Do you regularly run anti-spyware scans? That'd be my first suggestion...
Comment has been collapsed.
The free edition of Malwareytes Anti-Spyware is an excellent start. If you're only using windows defender, I'd be amazed if it doesn't find a significant number of threats - if you've been using the PC for a few years, probably hundreds.
Comment has been collapsed.
It says that my PC is clean
I tested many virus scanners,, most of them fail to identify Shortcut virus
while windows defender do [ even avast my past favorite antivirus ]
Comment has been collapsed.
Windows Defender has abysmal results in real-world protection tests. There are only a handful of barely-known antivirus programs that manage to be slightly worse.
Comment has been collapsed.
Maybe true, but its getting better and better
I'm standered user [ use pc more than 12 years ]
as i said, i only use original apps and programs, so i don't need professional AV and won't pay for them
thank you ♥
Comment has been collapsed.
Just saw your edit about the VPN. Be very careful with that. Especially if you're not paying for it, it's an enormous risk to use any secure sites through it...
Comment has been collapsed.
Its PrivateTunnel
i got data by their raffle system
And thank you for help
Comment has been collapsed.
I don't disagree with the WD point, but I've found Avast to be bloaty... :/
Comment has been collapsed.
Yup, I only keep FileSystem Shield + Web Shield activated. Those are the important ones.
Comment has been collapsed.
I use only Windows Defender, too. Shouldn´t be a problem if you don´t execute every file you get ;). No virus scanner can detect the newest threats, there is no 100% security. And antivirus software often has security problems itself :(
Something to read ;) http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html
Longer, about https-interception, which about 50% of AV-products use to scan https-traffic: https://jhalderm.com/pub/papers/interception-ndss17.pdf (TLDR: jump to conclusion)
Comment has been collapsed.
I used Avira some time ago (the free version), don´t want it back for several reasons. For me Windows Defender is enough, others may use whatever they like ;)
This, and frequent backups of important files. And I use uBlock Origin. Could use NoScript if I wanted more security... but without Javascript most sites won´t work. virustotal.com if I want to scan specific files. Oh, and deinstall (or at least set to Click-to-Play) Flash. And deactivate Java in browser.
Comment has been collapsed.
Interesting read that HTTPS Interception paper. ^^
Comment has been collapsed.
true 100%
Malwareytes couldn't find anything wrong with my PC
Comment has been collapsed.
I tested many virus scanners,, most of them fail to identify Shortcut virus
while windows defender do [ even avast my past favorite antivirus ]
Comment has been collapsed.
Definitely run a scan with the Malwarebytes as Ape suggested. You very well could have some form of malware on your PC or you could of been phished.
If your password doesn't have at least one upper and lowercase letter, at least one number and at least one symbol as well you might want to include these things. Also making it at least 10 characters is highly recommended.
Comment has been collapsed.
my password [ its strong ]
its 13 characters with symbols
Comment has been collapsed.
Seven characters would only take a few hours to crack. I use a password manager (PasswordSafe) to generate random passwords for every site, and use 16 character passwords for general sites and 24 characters for important things.
Comment has been collapsed.
Actually it could take less than a half hour, I stated the wrong number with 7. It should be at least 10 with the the things I mentioned. That's the minimum. But yes of course the more the better.
Comment has been collapsed.
Pay attention to browser plugins. Some of them ask for way too many permissions for their purpose.
Is using VPN is security risk?
Always.
Also if you log in to Steam from your phone, you could have a nosy app that sniffs your stuff.
Comment has been collapsed.
Pay attention to browser plugins. Some of them ask for way too many permissions for their purpose.
removed them all Now [[ I left only Enhanced Steam ]]
Is using VPN is security risk?
I use PrivateTunnel
Comment has been collapsed.
I use PrivateTunnel
It doesn't matter. It's not safe for sensitive data, unless you want to be the victim of a MITM attack for example.
Btw, always make sure to triple check the URL to be genuine and not a slightly missspelled version of the original one (for instance, you hopefully noticed the sss instead of ss in the word misspelled).
Comment has been collapsed.
Thank you ,, i thought its secure
Do you encrypt the data that is going through the VPN connection?
Yes, PrivateTunnel encrypts your data transmissions with the 128-bit AES-GCM encryption standard
Comment has been collapsed.
Do you use the same, or a similar, password elsewhere? It's very unlikely that someone would brute-force your password, but if you're re-using it, and another site got hacked, well, that's probably how it got out.
Comment has been collapsed.
Mostly this
i just saw that https://www.steamgifts.com/discussion/938fy/
Thank you
Comment has been collapsed.
My password for steam is almost 1234 it's so simple.
But they'd have to have my phone to login so who cares.
I was just going to post it but i'd rather not have steamguard pop up with keys all day because idiots are trying.. >.> lol
If you're using that password for other things like banking/creditcards or for your email too I'd change that pretty quick.
Comment has been collapsed.
They don't have my phone
but how could they ask to send the code to my email?
and thank God that my email dosen't has the same password
Comment has been collapsed.
The option to ask for the Steam guard code to your email is for cases when you can't access your Steam guard on your phone anymore. Since you mentioned in your first post that the login included the correct password, they've got the access to do that request. Make sure the email address you're using on Steam has a unique password, I'd also recommend using 2-factor auth. on that email if you don't already have it enabled.
Comment has been collapsed.
if you used your pw on other sites too, maybe the cloudbleed incident also leaked your steampassword :)
always use different passwords for different stuff
:)
Comment has been collapsed.
its hard to remember all pw ,, but i started use different pw
thank you
Comment has been collapsed.
"Is using VPN is security risk?"
It is. Don't send any sensitive info over VPN.
Comment has been collapsed.
If it's a paid VPN the risk is extremely minimal. It would have to be a rogue employee or something. No chance a legit VPN company is going to steal from its own customers.
I get that it's not physically impossible, but some amount of trust is simply impossible to avoid.
Comment has been collapsed.
Its PrivateTunnel
i got data by their raffle system
Comment has been collapsed.
its paid one,, but yep i shouldn't send sensitive info [ but i have to for some reasons ]
Thank you
Comment has been collapsed.
Is using VPN is security risk?
Unless you are paying a nice sum for a trusted company for a secure VPN connection, then yes, it is. A pretty easy way to get some sensitive information, actually.
Russian groups deal in Steam accounts, either in abandoned or stolen/hacked ones. But in your case, I think they are just trying to steal your CS inventory, which is an even more common cybercrime related to Steam.
Or… well, it was actually you through that VPN. =D
Comment has been collapsed.
Its PrivateTunnel
i got data by their raffle system
could they steal it without my mobile?
Comment has been collapsed.
If you have Steam Guard on your mobile (or some PC emulation like WinAuth), then no.
(Well, technically, yes, but it would need more investment than your entire account's worth.)
Comment has been collapsed.
i used Steam Guard but steam send me code to my email,, Why?
and how could that do that XD [ i just want to know ]
Comment has been collapsed.
Do you have a 7-day trade lock on your account? Because then the attempted thief tried the authenticator removal which is presented at all login screens, and that automatically tries to fall back to the registered email. So I hope you have 2FA on your email account as well (most offer this security feature).
Comment has been collapsed.
Do you have a 7-day trade lock on your account?
i just tried,, and all is fine,, i can trade without hold
So I hope you have 2FA on your email account as well (most offer this security feature).
i wasn't , but my password wasn't the same in my email as steam
Comment has been collapsed.
Not at risk at all. Just make sure you have mobile autentification activated and change your password.😎 And NO vpn.!
Comment has been collapsed.
Always use secondary authentication options where possible. For steam mobile authentication for any new browser or device is highly recommended.
It is possible that this wasn't generated by steam but some fake fraud system that used steam address as sent from. There are frauds that can act like this and send you emails with links to change your password etc, which eventually will result in you giving them your email/username and password.
Comment has been collapsed.
I use mobile authentication,, but steam send me code to my email,, Why?
thank you
Comment has been collapsed.
yup, its from steam support
but steam send me code to my email,, Why?
my VPN is PrivateTunnel its good as i think
Comment has been collapsed.
So no?
I genuinely found it funny to think the hacker could be himself. Nice thinking :P. And yes, it's possible.
Comment has been collapsed.
Friend who works in IT was telling me someone who called them in a panic, and it was this exactly. Pretty funny after the fact.
Comment has been collapsed.
This.
Had the same problem with other sites when I forgot to turn my vpn off^^
Comment has been collapsed.
No, because i choose the country that i want to use as vpn
Comment has been collapsed.
Use Steam Guard with confirmation emails if you don't want/can use the Steam Mobile Auth.
Comment has been collapsed.
was using [steam market float checker] removed now :)
thank you
Comment has been collapsed.
I would change passwords and I don't use VPN.
I use my paid versions of Eset Nod 32 AV and Malwarebytes, let them update in real time and to date I haven't had any trouble.
I also update my Windows, Firefox browser, Java and Adobe products regularly.
Comment has been collapsed.
PW changed
i started to think that this isn't my problem,,
My PC is clean [Malwarebytes&windows defender says thant]
its HB problem [ the same password for both accounts (stam&HB) ]
https://www.steamgifts.com/discussion/938fy/
fortunately my email has different PW
Thank You Very Much ♥♥♥
Comment has been collapsed.
Well, you just put a picture with your username, even if you have the best antivirus and the best operating system.... there is always something that fail~~
Comment has been collapsed.
there is always something that fail
i agree with you,, there is no bad AV ,, this is bad User
If you are good user any AV would help you ,, you can't trust AV alone
Thank you♥
Comment has been collapsed.
But seriously, remove the first pic, your username is there!
Comment has been collapsed.
Your words scientific, i think you are an IT right?
it's complicated for me
i use PrivateTunnel , is it good? any Suggestion for free or paid VPN?
And Thank You Very Much
Comment has been collapsed.
DO keep any records
i have no problem if they give the records to government or something else ,, i only don't want the hackers put their hands on it
Thank you for the links
Comment has been collapsed.
3) Need to bypass countrywide restrictions to access the internet (eg China)
i cant activate any steam code, or use Humble Bundle site without the VPN
Comment has been collapsed.
There was a profile javescript injection exploit recently (yes, another one). If you've viewed any profile pages in the last couple months they could have intercepted login information that way before the lockdown.
Comment has been collapsed.
recently too many scammers add me, and i checked there profiles with enhancedsteam
this may be a reason?
Thank You
Comment has been collapsed.
Mostly this
Thank God that my email PW is different♥
Comment has been collapsed.
Is using VPN is security risk?
No, cuz I use my company's VPN all the time :))
Comment has been collapsed.
In the first i thought that what would happen
fortunately i haven't lose anything YET
Thank you :)
Comment has been collapsed.
You can bet your monies, that your interwebs-traffic while using VPN got monitored/grubbed - by whomever.
Change your mail/applications pw, if you logged anywhere while using it (Thunderbird for example depending
on the mail-service it fetches it might send your pw/mail-name unprotected).
Knowing full and well the risk, i used some shitty free vpn once while paying with paypal inside a sandboxed browser
which i don't use for anything else > surprise/supplies ... someone with Pittsburgh IP logged into my PP account, he
didn't do anything (wuz a 50$ poorfag at the time) > changed pw on it, still not using 2FA because fuck it and PP is
as ridiculous that they will get your money back and screw over the seller "bcuz u got hack'd". /o/
Comment has been collapsed.
I have changed my PW , but i have to use VPN for some reasons
that's why i use PrivateTunnel, its good as i know, its not free and secure
but now im not sure,, maybe because of this https://www.steamgifts.com/discussion/938fy/
thank you
Comment has been collapsed.
Hello SteamGifts users.
While i was surfing the internet , i got email from steam
MY question is ,, How in THE WORD would someone know my password [ its strong ]
I use original win 10 with original apps [no cracks, batches ... ets] and windows defender always up to date
Is using VPN is security risk?
i changed my password but still scare
Comment has been collapsed.