Do you know what Trojan.Badur is?
Trojan.Badur is a Trojan horse. It works by employing a Steam gaming platform bot that adds people as friends and sends a shortened link, which contains a malware program disguised as a screensaver file. When opened, it creates a backdoor that allows a malicious program to enter your system. It steals your Steam login data and takes over the account. If this situation feels familiar to you, we are here to explain how Trojan.Badur works and how to remove it.
Trojan.Badur infects your system when you accept a friend request from an unknown person. After you accept this bot as a friend, a chat pop-up immediately comes up. This “person” introduces himself as a real-life friend and gives you a bit.ly link to a photo. Being wary of shortened links could literally save you a lot of trouble later on, because dealing with Steam customer support to restore any stolen items could take a long time.
When you click the shortened link, you are redirected to Google Drive, where the file, IMG_211102014_17274511.scr, is hosted. Since “&confirm=no_antivirus” is added to the Google Drive URL, you are presented with the option of running or saving the file on your computer immediately. If you click Run, the malware that hacks your Steam account will load. In this case, you should close your Steam client and remove Trojan.Badur together with any other malicious files immediately. Otherwise, if you choose to save the file on your computer, delete it along with Trojan.Badur immediately and scan your system with a malware removal program.
You could still get infected by Trojan.Badur even if you do not accept friend requests from unknown Steam users. If Trojan.Badur hacks your friend’s account, the bot responsible will take control of his client and start spamming everyone on the friends list with the shortened links. If you click this link, you will also be infected. Before clicking any links, it would be a good safety measure to try and chat with your friend. If the person doesn’t respond, we would advise not clicking anything, as it could be a bot.
You might think that Trojan.Badur is not much to worry about, but Trojans are generally a type of malware that often acts as a backdoor, allowing its controller to carry out various actions on the infected computer. The type of harm you could come to depends entirely on what the Trojan is programmed to do. It could format your hard drives, help the controller to watch your screen remotely, log your keystrokes, record your webcam footage, or just take over your system and control it remotely from the other side of the world. Trojans are serious business; you should not take a lax outlook concerning your security.
If you suspect that you have been infected by Trojan.Badur, exit the Steam client first. Then, go to the Task Manager and look for suspicious processes, like wrrrrrrrrrrrr.exe, vv.exe, or any unfamiliar process files. Select them and click End Process. Now, download a trustworthy malware removal tool, scan your system and remove Trojan.Badur. To absolutely make sure that your Steam account is safe, reinstall the client and change your password. Don’t forget to change your password regularly.
In non-techie terms:
Trojan.Badur is a Trojan horse that installs a malware application, which steals your Steam account data. It is distributed when a Steam account that is run by a bot introduces himself as your friend and links you to a shortened URL which takes you to an executable .scr file. If you run this file, the malware is installed and your account gets hacked.