What is Trojan.Badur?
Trojan.Badur is a Trojan infection that can steal your Steam account login data. Using a bot, it forwards you a shortened bit.ly link containing a file that installs malware on your computer. While we consider it to be common sense to not click any links forwarded to you by unknown people who have just added you as a friend on gaming clients, some computer users still do it. At the moment, gaming enthusiasts should be especially careful unless they want to risk their accounts getting messed with Trojan.Badur. If you have been infected by this Trojan, remove it immediately.
How does Trojan.Badur work?
After you accept its friend request on Steam, the bot that is run by hackers responsible for Trojan.Badur tries to earn your trust by introducing itself as a friend from school or somewhere else. Then, it invites you to click on a shortened link that supposedly contains his photo. If you click the link, you will get redirected to a Google Drive page belonging to a user named “qwrth gqhe”.
A disguised Trojan.Badur file called IMG_211102014_17274511.scr will be downloaded to your computer. It is an executable screensaver file. While normally you could preview this file in Google Drive itself; in this case, “&confirm=no_antivirus” is added to the end of the Google Drive URL. This means that a pop-up will immediately ask you what you wish to do with the file. You can either Run it or Save it on your computer. You should close the window immediately; however, if you already downloaded it, take steps to delete it immediately. If your machine is set up to download and run *.scr files automatically, Trojan.Badur will be opened without notifying you. When this file is opened, a malware application that steals your Steam login credentials is installed on your computer. Removing it is of utmost priority.
Can I get infected by Trojan.Badur in some other way?
While Trojan.Badur is mainly spread when a bot adds you as a friend and provides you with a bit.ly link, it is also possible that you could be forwarded this URL from a friend. If this happens, it is more than likely that his account has been recently taken over by Trojan.Badur. A good safety measure in case of your friends linking you something would be to chat with them for a minute, to make sure it is not a bot at the other end of the line. Computer bots like the one that forwards Trojan.Badur links are not equipped for carrying out conversations with people. If it is a bot, contact your friend and advise him to remove Trojan.Badur.
What do I do after I got infected by Trojan.Badur?
When you download and execute Trojan.Badur, you should close your Steam client immediately and sift through the list of your processes in Task Manager. Look for temp.exe, wrrrrrrrrrrrr.exe, vv.exe, or a process with a randomly-generated name like 5864acv.exe, for example. End that process and scan your system with a world-class antimalware tool. When the scan is done and all threats are removed, reinstall your Steam client to make sure that there are no Trojan.Badur leftovers, and change your Steam account password. If you used the same password in other places, change it there as well.
tested removal of Trojan.Badur*100% FREE spyware scan and