All of this malcode came inter-connected → https://sitecheck.sucuri.net/results/sd-steam.info
redirecting to: htxp://forlumineontor.com/afu.php?zoneid=2655877
Redirects:
Redirects to -http://smartlink.name/trafficback.html see: → https://www.virustotal.com/gui/url/deb020c438ded2d82b86b787d802decc5f9f2df171259779fbc2ec5b051784b5/details
Redirects to inal URL = hxtp://forlumineontor.com/afu.php?zoneid=2655877
Automatically remove, then make use of Malwarebytes.
No how to manually uninstall sd-steaminfo.[/b] (info source: Alex Nightwatcher)
Step A → H.
A. Check all shortcuts of your browsers on your desktop, taskbar and in the Start menu.
Right click on your shortcut and change it’s properties.
You can see SD-STEAM INFO at the end of shortcut target (command line).
Remove it and save changes.
In addition, check this command line for fake browser’s trick.
For example, if a shortcut points to Google Chrome, it must have the path:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.
Fake browser may be: …\Appdata\Roaming\HPReyos\ReyosStarter3.exe etc.
Also the file name may be: “chromium.exe” instead of chrome.exe.
B. Investigate the list of installed programs and uninstall all unknown recently installed programs.
C. Open Task Manager and close all processes, related to SD-STEAM INFO in their description.
Discover the directories where such processes start. Search for random or strange file names.
D. Inspect the Windows services. Press Win+R, type in: services.msc and press OK.
Disable the services with random names or contains SD-STEAM INFO in it’s name or description.
E. After that press Win+R, type in: taskschd.msc and press OK to open Windows Task Scheduler.
F. Delete any task related to SD-STEAM INFO. Disable unknown tasks with random names.
G. Clear the Windows registry from SD-STEAM INFO virus.
Press Win+R, type in: regedit.exe and press OK.
Find and delete all keys/values contains SD-STEAM INFO.
H. STEP 7: Remove SD-STEAM INFO from Google Chrome. (e.g. Extensions - also in developer mode).
Delete malicious extensions from Google Chrome:
Open Google Chrome, click on the Menu (three vertical dots at the top-right corner)
and select More tools > Extensions.
In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cookies and other browser data:
- Click on the Menu (three horizontal dots at the top-right of the browser window),
and select Privacy & security.
- Under Clear browsing data, pick Choose what to clear.
- Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.
Clear cache and web data from Chrome:
Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Change your homepage:
Click menu and choose Settings.
Look for a suspicious site in the On startup section.
Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome:
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
2.In the Settings, scroll down and click Advanced.
3.Scroll down and locate Reset and clean up section.
4.Now click Restore settings to their original defaults.
- Confirm with Reset settings.
if you miss any of these steps and only one part of pup-virus remains – it will come back again immediately or after reboot.
pol