My account got hijacked...

[NoSolutioN]

I was playing counter-strike: source. My friend messages me with a link and IT'S not one of those fake steam sites it was a link to his snowboard design he kept sending me all day. I click it and then my browser doesn't show up but then when i reclick it again i notice my steam gives me a message saying it's logged into another location. So i reconnect. Then i quickly go to settings to change my password but it's interrupted with the same message. It happens over and over and over till it stops. When it did, i go to settings to change my password but it says the original password is incorrect. I try more than 5 times making sure everything is right.

Then i go to my email and i get to steam notifications saying both my password AND e-mail has been changed. I quickly go to steam support to see if there's anything for me to do and i submit a ticket following the instructions about a Hi-jacked/stolen acccount. Still no reply from them, and it happened on Christmas Eve! How unlucky.

In the ticket i've put what happened and all i've attached to it was my gifted game "Counter-strike: Source" by e-mail (a screenshot). I hope that's enough for proof that it's my account. I've made a backup one and checked the steam community if my original account has ever been on and so far it hasn't since Christmas Eve. That i'm glad of.

Any tips on what to add for support or just wait it out? I'm very anxious and worried. I hope the hacker doesn't do anything bad because I have over 60+ friends on my steam friends list... hopefully he doesn't get me banned or anything.

It's been 2 days since the ticket...

 

[AciD]

It takes 3-5 days to get a response, note that it's Holiday time now...

 

[NoSolutioN]

yeah, that's what i was worried about... my friend told me about it too... Well christmas was yesterday so...

 

[Adabiviak]

So... what's your friend up to, anyway?

 

[PimpinPenguin]

So, was that friend that sent you that link a proper friend? Do you know him or ever played with him? Seems like he may just be a random guy sending out those links that look legit but aren't.
Unfortunately Valve are really slow with their support, and now with the Holidays you going to have to wait atleast a couple of weeks. Just keep an eye on your account as long as no one logs onto it your fine, but if they do then they may get you a VAC ban which can't be reversed.

 

[Link]

Chances are that the friends account was hijacked, so the hacker then uses it to spam everyone on the friends list, including you.

 

[NoSolutioN]

Ummm. I know him in real life, his account wasn't hacked he actually shared his account with me one time when I was starting out with steam . And he's sent me several snowboard designs, my other friend got sent the same link, nothing happened.

 

[Laivasse]

Regardless of whether it was the link or not that did it, unless your password was really weak or you told it to someone then there's good reason to suspect that your details got stolen, as opposed to guessed or whatever - which means you need to scan your comp thoroughly for trojans and keyloggers.

This link stuff sounds fishy as hell. However I guess it could just be coincidence that some guy stole your details and then logged in to your account just while you were about to click that link.

Are you sure your friend's account hasn't been hijacked? That is, has he been able to log in since your own account got stoled? Why is he sending you snowboard designs anyway, are they his designs or what? Is this something he would do normally? Even if you know him irl, are you sure he wouldn't scam you?

Figuring out exactly how this happened is the only way you can be sure of preventing it happening again, or for stuff other than Steam.

 

[NoSolutioN]

Regardless of whether it was the link or not that did it, unless your password was really weak or you told it to someone then there's good reason to suspect that your details got stolen, as opposed to guessed or whatever - which means you need to scan your comp thoroughly for trojans and keyloggers.

This link stuff sounds fishy as hell. However I guess it could just be coincidence that some guy stole your details and then logged in to your account just while you were about to click that link.

Are you sure your friend's account hasn't been hijacked? That is, has he been able to log in since your own account got stoled? Why is he sending you snowboard designs anyway, are they his designs or what? Is this something he would do normally? Even if you know him irl, are you sure he wouldn't scam you?

Figuring out exactly how this happened is the only way you can be sure of preventing it happening again, or for stuff other than Steam.

My password has * words and several numbers, it's only the same as my aim account. He was on when he sent me it and yes, he's been sending me alot of HIS snowboard designs and stuff. I even made a backup account and added him and he asked what happened and I said my account got hi-jacked. I have mIRC but deleted it due to this problem, how would you scan for keyloggers? I'm suspecting this could've been the problem. I've checked steam community and the good news is that the "hacker" hasn't gone on my account since the day it was stolen.

 

[Laivasse]

I would imagine that any decent AV or antispy prog would have an excellent chance of picking up a keylogger, if that is your problem. As such there are countless options. If it were me, and I didn't already own Kaspersky, I'd probably:
1) Start with the Kaspersky free online scan anyway. It doesn't clean anything it finds, but it will detect almost anything and highlight all the relevant files, which is more than half the battle. Either that or download the free 30 day trial (which will do everything the full version does AFAIK).
2) Scan with a couple of good, free antispyware progs. Everyone knows Spybot S&D, I've seen people recommend Helios Lite, and personally I've had success with SuperAntiSpyware.
3) Download a free AV like Avast or AVG, or even better, invest in a really decent paid-for AV like NOD32 or Kaspersky, to make triply sure you're clean and to ensure your future peace of mind.

If after all that I found nothing suspicious, I would perform a hopeless last ditch manual check of my system folders and startup entries - just to make sure there was nothing unfamiliar and blindingly obvious like 'PhreakWell Keylogger Suite 2007' or something installed. Then I'd start to worry that my password got found out some other way.

EDIT: forgot to mention that scanning in Safe Mode is a good idea.

 

[NoSolutioN]

I have trend micro PC-cillin Internet security which scans daily and everytime it scans nothings right, I'm not sure if also detects keyloggers but i also have Norton internet security. How can i check if a program scans for keyloggers? I'm pretty sure both of them do.

 

[Laivasse]

Both of them probably do, but there could be holes in their coverage. Norton isn't particularly great and I have no idea what PC-cillin is like. If there is probable cause to suspect something fishy on your comp, as in your case, then it never hurts to get second opinions from as many security progs as you can.

I used a legit keylogger once on my PC out of curiosity. It installed itself to an obscure location somewhere in the windows folder and it was possible to have it running so that there was nary a trace of its existence (which I guess is the whole point). It was easy to uninstall it, but only because I knew it was there and where it was. I have no idea what the policies of AV companies are towards commercially developed keyloggers like that one, since I would imagine it could cause legal complications if a well known company were to label another legitimate company's software as 'malicious'. Depending on how badly you think your PC might have been compromised, maybe you've got one of those. Who knows.

When it comes to scanning for keyloggers, which are essentially spyware, my guess is that you might get better detection from dedicated spyware progs as opposed to AV progs with spyware modules included. Considering all the programs I mentioned were free, you could do a lot worse than doing a one-off install and scan with a couple of the programs I mentioned in my number 2) step.

And even though you have Norton installed and it's a bad idea to have 2 AV's going at once, for the sake of being sure I would still try to get a scan done by Kaspersky or NOD32, since in my experience it is extremely hard to sneak anything under the radar of these progs. NOD32 even flagged PeerGuardian as dangerous once, because an Eset update server appeared on a PG blacklist (although this was a shortlived and stupid decision on Eset's part).

But as I say, if by then you've still found nothing, it's paranoia time.

 

[NoSolutioN]

Great news! I just got it back.... But now i'm experiencing another problem.... Isn't steam login information the same as Steam Community? It keeps saying that it's incorrect.