杀戮尖塔吧 关注:190,046贴子:2,901,978
  • 10回复贴,共1

电脑下载了崩坠mod的玩家注意了(建议版主紧急加精)

取消只看楼主收藏回复

不管有没有更新过,建议全盘扫毒,本人这两天中招了,有一个steam帐号在前天被盗了,所幸的是帐号已经通过支付宝信息找回了。
如果扫毒后在C:/用户名/Appdata/Local/temp文件夹发现了木马文件,那么很不幸的,你很有可能中招了。
立即删除该特洛伊木马文件,同时修改所有在chrome、Edge、Firefox和Discord以及steam保存过的密码,不然该账号很有可能被黑客盗走。
如果你不幸被盗,也不要太着急,至少steam客服会依据你提供的证据为你找回。


IP属地:江西1楼2023-12-28 17:26回复
    以下提供steam密码找回的途径。
    首先立刻修改密码,如果修改密码成功,那么你可以直接省略后续,宣告密码保护战成功,但是如果密码修改失败,邮箱地址被篡改,也不要着急,还有其他办法。


    IP属地:江西2楼2023-12-28 17:44
    回复
      邮箱地址篡改steam一定会通过客服邮箱发送邮件给你原本的邮箱地址,打开你原本的邮箱,查看这一封邮件


      IP属地:江西3楼2023-12-28 17:56
      回复
        打开验证您的位置,单击无法访问邮箱地址

        通过连续的问答锁定steam帐号,然后打开以下邮件


        IP属地:江西4楼2023-12-28 17:59
        回复

          进入专用链接,通过一系列问答进入客服问答


          IP属地:江西5楼2023-12-28 18:02
          回复

            向其提供支付宝截图等依据并等待回复,回复会以邮件的方式发到邮箱里


            IP属地:江西6楼2023-12-28 18:04
            回复

              寻回成功,通过邮箱里的密码修改邮件即可寻回帐号。


              IP属地:江西8楼2023-12-28 18:05
              回复
                提示:steam客服回复一次通常需要一两天的时间,其次,如果经常提示无法确定你是否是机器人,请多尝试几次,或者使用移动端邮箱去进去该链接。


                IP属地:江西9楼2023-12-28 18:10
                回复
                  以下是崩坠mod作者官方更新记录。
                  (Update 7:19 PM Eastern 12/27, 0020 UTC+0 12/28) - We just updated the game intentionally, switching to a fresh clean depot for future use. Do not be alarmed if you see an automatic update.
                  Hello everyone. I bring some unfortunate news today. Yesterday, Christmas Day, at roughly 12:30 PM Eastern time, we experienced a security breach. At roughly 1:20 PM (1820 UTC+0 on 25/12) , that breach allowed a malicious upload to overtake our game on Steam's library for a period of roughly one hour. Our steam and discord accounts were hijacked, and though the Steam accounts were able to be recovered late in the evening, we were limited in our ability to warn or communicate immediately following the breach. Fortunately, we were able to contain the actual breach much more quickly than the amount of time it took to recover the accounts. The important parts you need to know are:
                  -The breach window was roughly 1:30 PM-2:30 PM Eastern (1830-1930 UTC+0) on 12/25.
                  -Downfall is safe to launch once more, and has been since roughly 2:30-2:40 PM Eastern on 12/25 (1920 UTC+0 on 12/25).
                  -If you did not launch Downfall in the breach window, you're clear.
                  -If you got an automatic update for Downfall on 12/25 but did NOT launch, you're clear.
                  -If you launched Downfall via the Steam Workshop (meaning you actually launched Slay the Spire), you're clear.
                  -If you did launch Downfall on 12/25 and succeeded and everything looked normal, you're clear.
                  -If you did launch Downfall on 12/25 and saw a command-prompt like screen, that starting spitting out a bunch of text after about 10 seconds, you're in the clear. That was actually just the Java log which we usually keep hidden, but accidentally left visible when we restored the game.
                  -If you did launch Downfall on 12/25 and got a 'no .exe found' type of error, you're clear. That was us exploding the game to prevent anyone else from being affected.
                  -If you did launch Downfall on 12/25 during the breach window and got a Unity library installer popup, please continue to read. You may be also at risk.
                  The security breach allowed a malicious upload to replace the Downfall packaged game. If you were one who saw that Unity library popup, here is the information we have at this time involving the malware that may have affected you:
                  Most Antiviruses seem to have not stopped the malware specifically from executing, but do stop its payload from being sent across the internet. This means you aren't automatically damaged by the attack.
                  The payload it tries to scrape and generate involves passwords, specifically from your browsers, Discord, and a few other applications: Windows local login, Google Chrome, Yandex, Microsoft Edge, Mozilla Firefox, Brave, Vivaldi, Telegram, Discord, and files that might contain the word 'password' (if 'password' is in the filename).
                  If you saw the Unity popup or otherwise feel you may be breached, we recommend you changing important passwords, particularly ones that are not set up for 2FA (2-factor authentification). Any account that is set up for mobile 2FA should be immune. You should also be sure your live protection is active and run scans. Though, for full peace of mind, I personally am electing to reset and wipe all of my drives from my affected hardware.
                  The payload included the installation of a "WindowsBootManager as an application under my user's AppData folder. Also "Windows Boot Manager is a video game".
                  One user reported: In your users/[username]/AppData/Local/Temp folder, there will be several files the Trojan creates. One will be called epsilon-[username].zip, which contains everything the Trojan has stolen -- Discord info, autocomplete, saved passwords, network info, cookies, saved credit cards, steam info. WARNING: If you go investigating these files for yourself, to do so without being connected to the internet, just in case there is still some possibility of retriggering an event.
                  Another user reports: "It was under Local\microsoft\windows\0 for me. It said it was a video game, and from a name i didnt know. I checked on another computer on windows 11 and this file didnt exist. I deleted it and i had no problem restarting the computer afterward, but it was scary.
                  The other file was named unitylibmanager and was found under local\temp\ and i think this one was the original offender.
                  I also had a problem with Discord, can't say it was linked but it said the .exe was infected, so i deleted everything."
                  Also can confirm: "I found WindowsBootManager as an application under my user's AppData folder. Also "Windows Boot Manager is a video game" lmao. I deleted all of them manually."
                  (UPDATE 12.27.23 2:29 AM) Another user has reported: it looks like in my (user)/AppData/Roaming folder there is a folder named 'UnityLibManager' which was created at the time of all the other malicous folders/files and that was what windows defender detected ('UnityLibManager.exe')
                  We are still working with any affected users to gather and share as much data as we possibly can. We are also communicating with Valve on the nature and timing of the breach so they can also help from their end.
                  For those concerned about future breaches, we purged the affected hardware that was breached completely, a full hard drive wipe. We've also added additional security and are in the process of transferring ownership of Downfall to a dedicated Steam account that solely is responsible for uploading to it and is never used or logged in for any other purpose. As much as we like to think we're safe, the reality is that any account that is actively used (that is, logged into frequently) is always at risk to a malware attack, and in this case, Downfall was owned by an active account. When that active account become compromised, so did Downfall. The act of the account being logged in at all was all that was needed for the breach to happen in this case.
                  I can't apologize enough to the affected users. The thought that someone would hijack a free passion project for malicious intent is truly vile. If you are an affected user, please contact me either on steam, or Discord (mikemayhemdevthesecond), or email (michael.may@table9studio.com) and I will do everything I can to help. Downfall is nothing without its players and the joy surrounding it and I am appalled at the attack.
                  Thank you all for your understanding. I will continue to update as any more information comes my way.
                  -Michael Mayhem


                  IP属地:江西10楼2023-12-28 18:10
                  回复


                    IP属地:江西11楼2023-12-28 18:11
                    回复
                      以上就是我个人这次中招以及密码寻回的方式总结,一者是为了方便大众,二者为了对抗盗号黑客,三者也算是病友经验交流。如果有问题可以问我,我会随缘回复。


                      IP属地:江西12楼2023-12-28 18:13
                      回复