1. Post #241
    Gold Member
    Snowshoe's Avatar
    August 2012
    2,007 Posts
    I have played with him. I have scanned my computer, no virus. Should I still format my computer and reinstall windows?
    To be safe, yes. He/They have remote access to a lot of stuff:
    [+]Remote Desktop, Remote Webcam, and Client Manager
    [+]Fast Reverse SOCKS 5 Proxy
    [+]System Wide Ring3 Rootkit (x86 Processes) With Process Watchdog
    [+]Advanced Process, File, and Startup Persistence
    [+]Powerful Heuristic-Based Bot Killer (Anti-Malware)
    [+]Blacklist Software and Processes. Luminosity removes them!
    [+]SmartLogger (Logs all Keystrokes, - Specify certain programs to record separately)
    [+]Download Manager - Resume/Pause/Cancel Transfers, Proper File Queue, Organized well
    [+]File Grabber - Search for file on client, and queue it for download. Can search certain process directories and much more!
    [+]Google Chrome, FireFox, IE, Opera, Safari, FileZila, and Win Serial Key Recovery
    [+]Outlook (all versions), Windows Mail, Thunderbird, Yahoo Mail, and more Recovery
    [+]File Guard - Guard Executable Files (Other RATs, keyloggers, etc) - Takes care of Undetection, Persistence, and Startup!
    [+]Easy-to-Use Crypto Currency Miner - Injects miner files.
    [+]Website Visitor - 4 View Methods - Mute Audio
    [+]Client Info - Manage and Grab Info Regarding Clients
    [+]Torrent Seeder
    [+]Extensive On-Join Commands | Client ID/Version/Client Name |
    [+]HTTP Control - Send Commands via Webpage Encrypted
    [+]Remote Scripting (HTML/VBS/BATCH)
    [+]Block installation and use of any specified software
    [+]Tons more features...And more being added!
    If you haven't checked already, see if there was a svchost.exe file in your Source SDK 2013 folder next to hl2.exe

    Turn on hidden files, it might be hidden as well.
    Reply With Quote Edit / Delete Windows 7 Firefox United States Show Events Agree Agree x 1 (list)

  2. Post #242
    Sugnod's Avatar
    March 2010
    47 Posts
    I have an svchost.exe file in my System 32 folder, said it was created in 2009, that's not it, is it?
    Reply With Quote Edit / Delete Windows 7 Chrome United States Show Events

  3. Post #243
    Gold Member
    Snowshoe's Avatar
    August 2012
    2,007 Posts
    I have an svchost.exe file in my System 32 folder, said it was created in 2009, that's not it, is it?
    No.
    Reply With Quote Edit / Delete Windows 7 Firefox United States Show Events Agree Agree x 1 (list)

  4. Post #244
    Prolonged exposure to my opinions can be mentally scarring or in some cases FATAL
    Dennab
    April 2011
    16,218 Posts
    I have an svchost.exe file in my System 32 folder, said it was created in 2009, that's not it, is it?
    If it matches the date of the compilation of the Windows 7 RTM build (July 13th) it's the one from Microsoft.
    Reply With Quote Edit / Delete Android Chrome Canada Show Events Agree Agree x 2 (list)

  5. Post #245
    CaptainDedede's Avatar
    March 2014
    289 Posts
    Don't seem to have the svchost with hidden files on as well, last one is from two months ago...despite this I have played on a match with tons of others and rubber was on there, shall I reset anything?
    Reply With Quote Edit / Delete Windows 8.1 Firefox United Kingdom Show Events

  6. Post #246
    Reply With Quote Edit / Delete Android Chrome Croatia Show Events Optimistic Optimistic x 2Informative Informative x 1 (list)

  7. Post #247
    Cpt. Cakes's Avatar
    November 2014
    986 Posts
    I've checked for the svchost.exe file, not there. It's not even where the virus normally installs itself.

    I've done 3 scans. Nothing came up.

    Pretty sure I played with RubberFruitFace on 1.9 actually, not 2.0

    My TF2 items are also not stolen.

    I use KeePass, a program that has the best password encryption.

    I think I might actually be affected, also I don't have a webcam.
    Reply With Quote Edit / Delete Windows 10 Edge United States Show Events

  8. Post #248
    Gold Member
    Snowshoe's Avatar
    August 2012
    2,007 Posts
    All it takes is someone to spray a malicious spray and everyone in the server is affected (if they have sprays on, and downloads turned on).

    Basically, if you played with TheRubberFruitFace, or possibly his friends, there is a possibility they sprayed something and thus a possibility you might be infected.

    I wouldn't take the chance, considering they have webcam access and see everything you're doing, have access to passwords, and will steal your Steam items (just like what happened to Yiffy). You might even get banned on FP or VAC banned.
    Reply With Quote Edit / Delete THIS BUG NEEDS FIXING, BUT I DONT KNOW WHAT CAUSES IT, SO SHUT UP AND STOP POSTING ABOUT IT. Thanks. United States Show Events

  9. Post #249
    Cpt. Cakes's Avatar
    November 2014
    986 Posts
    I have a windows image backup from when before I played with him, would that work instead of formatting my system and reinstalling windows?
    Reply With Quote Edit / Delete Windows 10 Edge United States Show Events

  10. Post #250

    July 2014
    52 Posts
    If you turn off the settings listed on here, you should be safe to keep playing TF2C for now, assuming you don't already have the virus.
    Reply With Quote Edit / Delete Windows 8.1 Chrome United States Show Events

  11. Post #251
    Cpt. Cakes's Avatar
    November 2014
    986 Posts
    If you turn off the settings listed on here, you should be safe to keep playing TF2C for now, assuming you don't already have the virus.
    Don't start up the game.
    Reply With Quote Edit / Delete Windows 10 Edge United States Show Events Agree Agree x 3Informative Informative x 1 (list)

  12. Post #252
    Gold Member
    -=NARH=-'s Avatar
    March 2011
    2,842 Posts
    As far as I know I haven't played with RubberFruitFace or his friends, but I did find the svchost file in my Source MP SDK directory which I removed and after 3 different scans from 3 different security programs my computer shows up with nothing

    Should I still reformat?
    Reply With Quote Edit / Delete Windows 7 Firefox Canada Show Events

  13. Post #253
    Gold Member
    danielmm8888's Avatar
    November 2010
    554 Posts
    Don't start up the game.
    Agreed. While these settings should make playing tf2c or other mods safe, there's been conflict reports by people on the HLDS mailing list that apparently these settings don't do anything.
    Reply With Quote Edit / Delete Android Chrome Croatia Show Events

  14. Post #254
    Gold Member
    Snowshoe's Avatar
    August 2012
    2,007 Posts
    As far as I know I haven't played with RubberFruitFace or his friends, but I did find the svchost file in my Source MP SDK directory which I removed and after 3 different scans from 3 different security programs my computer shows up with nothing

    Should I still reformat?
    I should let everyone know here that an anti-virus saying "not found" doesn't mean you aren't infected.

    If you have a svchost.exe file anywhere near your Source SDK folder then your computer definitely has been compromised. Deleting the file doesn't get rid of it, most intelligent things these days drop stuff in other folders and run in the background.

    Reformat.
    Reply With Quote Edit / Delete Windows 7 Firefox United States Show Events

  15. Post #255
    Cpt. Cakes's Avatar
    November 2014
    986 Posts
    As far as I know I haven't played with RubberFruitFace or his friends, but I did find the svchost file in my Source MP SDK directory which I removed and after 3 different scans from 3 different security programs my computer shows up with nothing

    Should I still reformat?
    Yes you should!

    Edited:

    I should let everyone know here that an anti-virus saying "not found" doesn't mean you aren't infected.

    If you have a svchost.exe file anywhere near your Source SDK folder then your computer definitely has been compromised. Deleting the file doesn't get rid of it, most intelligent things these days drop stuff in other folders and run in the background.

    Reformat.
    Hey, I have a system image backup from before I played with RubberFruitFace. Can I use that instead of reformatting my computer?
    Reply With Quote Edit / Delete Windows 10 Edge United States Show Events

  16. Post #256
    evilcake567's Avatar
    September 2015
    13 Posts
    I'm a computer idiot and never created an image backup.
    Is there still a way to reformat my hard drive without losing windows 8?
    Reply With Quote Edit / Delete Windows 8.1 Firefox Show Events

  17. Post #257
    Gold Member
    Trilby Harlow's Avatar
    January 2012
    2,185 Posts
    On another topic entirely, since cosmetics aren't ever going to be a thing, would touching up the playermodels ever be on the radar? Stuff like engie's 90+ degree edging on his gloves, pyro's lumpy head with unused edgeloops, medic's lensless glasses or other just generally lowpoly unpleasantness? 2007 was a long time ago, 2,400 triangles for a playermodel is sub cellphone game territory these days
    Reply With Quote Edit / Delete Windows 7 Firefox Canada Show Events

  18. Post #258
    Gold Member
    Snowshoe's Avatar
    August 2012
    2,007 Posts
    Yes you should!

    Edited:



    Hey, I have a system image backup from before I played with RubberFruitFace. Can I use that instead of reformatting my computer?
    If it's the windows 7 / windows 10 downgrade thing, I don't think it will help because that method preserves some stuff such as programs.

    If it's an actual disk image that overwrites everything on your hard drive- possibly. Depends if you were playing the TF2C beta at all during that period, the exploit could have happened then as well.

    Like NARH, you don't specifically have to play with RubberFruitFace to be infected. It could be anyone that knows of the exploit.

    On another topic entirely, since cosmetics aren't ever going to be a thing, would touching up the playermodels ever be on the radar? Stuff like engie's 90+ degree edging on his gloves, pyro's lumpy head with unused edgeloops, medic's lensless glasses or other just generally lowpoly unpleasantness? 2007 was a long time ago, 2,400 triangles for a playermodel is sub cellphone game territory these days
    Turn on HWM models.
    Reply With Quote Edit / Delete Windows 7 Firefox United States Show Events

  19. Post #259
    Gold Member
    Game Zombie's Avatar
    December 2009
    2,354 Posts
    On another topic entirely, since cosmetics aren't ever going to be a thing, would touching up the playermodels ever be on the radar? Stuff like engie's 90+ degree edging on his gloves, pyro's lumpy head with unused edgeloops, medic's lensless glasses or other just generally lowpoly unpleasantness? 2007 was a long time ago, 2,400 triangles for a playermodel is sub cellphone game territory these days
    Turn on HWM models.
    Reply With Quote Edit / Delete Windows 7 Chrome Canada Show Events Late Late x 1Zing Zing x 1 (list)

  20. Post #260
    Prolonged exposure to my opinions can be mentally scarring or in some cases FATAL
    Dennab
    April 2011
    16,218 Posts
    I'm a computer idiot and never created an image backup.
    Is there still a way to reformat my hard drive without losing windows 8?
    Use the reset function in PC Settings.

    Refresh may work since it'll obliterate Win32 apps but not WinRT apps. That said I wouldn't chance just refreshing and hoping it went away.
    Reply With Quote Edit / Delete Android Chrome Canada Show Events

  21. Post #261
    Gold Member
    -=NARH=-'s Avatar
    March 2011
    2,842 Posts
    So basically I gotta remove EVERYTHING on my computer, no chance of making a backup and reformatting?

    EDIT: Great. Tons of unfinished mods and other stuff gone all because of some fucking script kiddies
    Reply With Quote Edit / Delete Windows 7 Firefox Canada Show Events Friendly Friendly x 8Agree Agree x 2 (list)

  22. Post #262
    Cpt. Cakes's Avatar
    November 2014
    986 Posts
    The person who found the exploit said that it is not related to sprays, but to sound files.



    From https://www.reddit.com/r/Steam/comme...and_execution/

    Also, the image backup I made was from a time where TF2C wasn't even downloaded on my computer.

    It's an actual disk image, I have one hard drive that only has it on there. Folder named "WindowsImageBackup"

    So, I will use that.
    Reply With Quote Edit / Delete THIS BUG NEEDS FIXING, BUT I DONT KNOW WHAT CAUSES IT, SO SHUT UP AND STOP POSTING ABOUT IT. Thanks. United States Show Events Informative Informative x 1 (list)

  23. Post #263
    Gold Member
    Snowshoe's Avatar
    August 2012
    2,007 Posts
    I guess "soundsprays" then.

    MeeM Virus?
    Reply With Quote Edit / Delete Windows 7 Firefox United States Show Events Agree Agree x 2 (list)

  24. Post #264
    PhoenixLuigi's Avatar
    August 2015
    30 Posts
    I spent over $150 on steam so I might not play until the patch. :/ Fuck TheRubberFruitFace.
    Reply With Quote Edit / Delete THIS BUG NEEDS FIXING, BUT I DONT KNOW WHAT CAUSES IT, SO SHUT UP AND STOP POSTING ABOUT IT. Thanks. United States Show Events Agree Agree x 4Informative Informative x 1 (list)

  25. Post #265
    Gold Member
    Trilby Harlow's Avatar
    January 2012
    2,185 Posts
    Turn on HWM models.
    no i know about HWM, they fix some things, like collars and adding super high detail hands, but in some places they're untouched



    as an example, Scout's hat, headset and statchel band are still pretty chunky on the HWM models too, i'm talking complete touchups
    Reply With Quote Edit / Delete Windows 7 Firefox Canada Show Events

  26. Post #266
    PhoenixLuigi's Avatar
    August 2015
    30 Posts
    no i know about HWM, they fix some things, like collars and adding super high detail hands, but in some places they're untouched



    as an example, Scout's hat, headset and statchel band are still pretty chunky on the HWM models too, i'm talking complete touchups
    Oh god his face lookin fine.
    Reply With Quote Edit / Delete THIS BUG NEEDS FIXING, BUT I DONT KNOW WHAT CAUSES IT, SO SHUT UP AND STOP POSTING ABOUT IT. Thanks. United States Show Events Agree Agree x 2Funny Funny x 2Dumb Dumb x 1 (list)

  27. Post #267
    evilcake567's Avatar
    September 2015
    13 Posts
    "Some files are missing. Your windows installation or recovery method will provide these files"

    Am I fucked, or am I fucked.
    Reply With Quote Edit / Delete Windows 8.1 Firefox Show Events

  28. Post #268
    Gold Member
    Game Zombie's Avatar
    December 2009
    2,354 Posts
    no i know about HWM, they fix some things, like collars and adding super high detail hands, but in some places they're untouched



    as an example, Scout's hat, headset and statchel band are still pretty chunky on the HWM models too, i'm talking complete touchups

    Considering proper sources for the HWM models are a bitch to get there will always be parts of the model that look a bit blocky
    Reply With Quote Edit / Delete Windows 7 Chrome Canada Show Events Winner Winner x 8 (list)

  29. Post #269
    PhoenixLuigi's Avatar
    August 2015
    30 Posts
    "Some files are missing. Your windows installation or recovery method will provide these files"

    Am I fucked, or am I fucked.
    It was that moment Cake knew, he fucked up.
    Reply With Quote Edit / Delete THIS BUG NEEDS FIXING, BUT I DONT KNOW WHAT CAUSES IT, SO SHUT UP AND STOP POSTING ABOUT IT. Thanks. United States Show Events Dumb Dumb x 9Agree Agree x 1Funny Funny x 1 (list)

  30. Post #270
    Tacosmell's Avatar
    April 2012
    100 Posts
    Make sure you guys don't have the map dm_dustbowl, it comes with a wav that infects you.

    The wav is called weapon_nailgun, btw.
    Reply With Quote Edit / Delete Windows 10 Firefox United States Show Events Useful Useful x 4 (list)

  31. Post #271
    PhoenixLuigi's Avatar
    August 2015
    30 Posts
    Make sure you guys don't have the map dm_dustbowl, it comes with a wav that infects you.
    I almost played that map. ._.
    Reply With Quote Edit / Delete THIS BUG NEEDS FIXING, BUT I DONT KNOW WHAT CAUSES IT, SO SHUT UP AND STOP POSTING ABOUT IT. Thanks. United States Show Events Informative Informative x 1 (list)

  32. Post #272
    Gold Member
    danielmm8888's Avatar
    November 2010
    554 Posts
    Check whether you have one of the following files.
    maps/dm_dustbowl

    Or a weapon_nailgun.wav in your sound files
    Reply With Quote Edit / Delete Android Chrome Croatia Show Events Informative Informative x 2Friendly Friendly x 1Useful Useful x 1 (list)

  33. Post #273
    Gold Member
    chipsnapper2's Avatar
    August 2012
    3,353 Posts
    I'm a computer idiot and never created an image backup.
    Is there still a way to reformat my hard drive without losing windows 8?
    8/10 users can reset and lose everything
    Reply With Quote Edit / Delete Mac Chrome United States Show Events

  34. Post #274
    PhoenixLuigi's Avatar
    August 2015
    30 Posts
    Check whether you have one of the following files.
    maps/dm_dustbowl

    Or a weapon_nailgun.wav in your sound files
    19 Threats blocked? Ok then ._.
    Reply With Quote Edit / Delete THIS BUG NEEDS FIXING, BUT I DONT KNOW WHAT CAUSES IT, SO SHUT UP AND STOP POSTING ABOUT IT. Thanks. United States Show Events Dumb Dumb x 1 (list)

  35. Post #275
    Deathgrunt's Avatar
    February 2010
    1,494 Posts
    I don't seem to have the svchost.exe or the map dustbowl and my anti virus haven't reported anything as well.

    But I'm not too sure if I have or have not played with any the reported users, in that clase should I still reformat?
    Reply With Quote Edit / Delete Windows 8.1 Chrome United States Show Events Agree Agree x 2 (list)

  36. Post #276
    I really don't want to have to reformat, I have too much shit. I ran all of the proper anti-virus software (including the one that is supposed to detect it) and it didn't see anything, after scanning every single file on my computer. And nothing of mine has been stolen yet, AND nobody has attempted to use my account.

    If I've been this thorough, is it still possible that the virus could've slipped through the cracks, and I'll be fucked if I don't format?
    Reply With Quote Edit / Delete Windows 8.1 Chrome United States Show Events Agree Agree x 3 (list)

  37. Post #277
    evilcake567's Avatar
    September 2015
    13 Posts
    just read it, am idiot.
    But one question, can the virus infect the windows 8 installation cd
    Reply With Quote Edit / Delete Windows 8.1 Firefox Show Events

  38. Post #278
    Gold Member
    Snowshoe's Avatar
    August 2012
    2,007 Posts
    Dustbowl not even once.
    Reply With Quote Edit / Delete Windows 7 Firefox United States Show Events Agree Agree x 3 (list)

  39. Post #279
    Prolonged exposure to my opinions can be mentally scarring or in some cases FATAL
    Dennab
    April 2011
    16,218 Posts
    just read it, am idiot.
    But one question, can the virus infect the windows 8 installation cd
    If you don't have trust in the recovery partition make a recovery USB stick from a clean machine or boot from install media if you got Win8 with a disc.
    Reply With Quote Edit / Delete Android Chrome Canada Show Events

  40. Post #280
    evilcake567's Avatar
    September 2015
    13 Posts
    If you don't have trust in the recovery partition make a recovery USB stick from a clean machine or boot from install media if you got Win8 with a disc.
    yes I still have the disk, so just use that as my recovery media thing

    edit: another dumb computer iliterate question, but can this infect my usb mouse and keyboard or headphones.
    Reply With Quote Edit / Delete Windows 8.1 Firefox Show Events Funny Funny x 3Disagree Disagree x 1 (list)