Change your STEAM account password!

 

It's also possible that ONEDRIVE is causing this, please read:

Spoiler: Source: Grok KI

The issue you're describing—files in your D:\Downloads folder spontaneously creating numbered duplicates like filename (1).ext, filename (2).ext, etc.—is a common problem in Windows 11, and it's almost always caused by OneDrive sync conflicts. Here's why this happens and how to fix it:
Why This Happens

• By default, Windows 11 configures OneDrive to back up your Downloads folder (along with Desktop, Documents, etc.).
• If your actual Downloads folder is redirected to D:\Downloads (a custom location on a secondary drive), OneDrive still tries to sync it.
• When a file is saved/downloaded or slightly modified while OneDrive is syncing (or if sync gets interrupted), OneDrive detects a "conflict" and creates a duplicate with (1), (2), etc. to avoid overwriting data. This is OneDrive's built-in conflict resolution.
• It feels "random" because it depends on sync timing, network hiccups, or multiple devices accessing the same OneDrive account.
• This is not malware, a virus, or Windows itself copying files—it's OneDrive being overprotective.

How to Stop It

1. Turn off OneDrive backup for Downloads (quickest fix):
   • Right-click the OneDrive cloud icon in your taskbar (system tray) → Settings (gear icon).
   • Go to Sync and backup → Manage backup.
   • Toggle Downloads to Off.
   • Click Save changes. OneDrive will stop syncing this folder and ask if you want to keep files locally—choose Keep.
2. Pause or reset OneDrive if duplicates keep appearing:
   • Right-click OneDrive icon → Pause syncing → choose 2/8/24 hours.
   • Or fully reset: Press Win + R → type %localappdata%\Microsoft\OneDrive\onedrive.exe /reset → Enter.
   • Restart OneDrive afterward.
3. Clear OneDrive credentials (fixes cached sync issues):
   • Search for Credential Manager → Windows Credentials.
   • Under Generic Credentials, find OneDrive Cached Credential → Remove it.
   • Restart OneDrive and sign in again.
4. Optional: Move Downloads back to default location (if you don't need it on D:
   • Right-click Downloads in File Explorer → Properties → Location tab → Restore Default (moves it to C:\Users\YourName\Downloads).
   • This avoids custom-location sync quirks entirely.

Clean Up Existing Duplicates

• Sort D:\Downloads by name or date modified.
• Use a free duplicate finder like CCleaner (Tools → Duplicate Finder) or Duplicate Cleaner Free to scan and delete safely.
• Always review before deleting—keep the newest/modified version.

After these steps, the random duplicates should stop completely. If OneDrive isn't running or the folder isn't backed up, this behavior can't happen. If it persists (very rare), check for third-party sync tools (Google Drive, Dropbox) or run a quick malware scan with Windows Defender.

Let me know if you need screenshots or more details!

 

These days even an antivirus firewall and the latest updates are not enough you have zero days no click exploits drive by downloads someone who really knows about the matter will get in anyway!

 

Yes, I'll completely change all the passwords right now!It was just a matter of avoiding theft with two-factor authentication. As was the case with my email.

 

Absolutely, but not with a "virus". To the "invisible in 2025" comment, that isn't really the case. Many of the most stealthy malware now are still rootkits. They are not 100% stealthy, but can be pretty close. You would not see a rootkit doing any of what is described here. Creating bloat files? no. This one has my Foster detector pinging loudly.

 

I would love to test the file. Can you send me the link?

 

How do you know I'm looking for foster parents, did you hack me or what?

 

Spoiler: Alleged Steam Data Leak: What Gamers Need to Know

Alleged Steam Data Leak: What Gamers Need to Know

A hacker is reportedly trying to sell 89 million alleged Steam data records on the dark web. Here's what's behind this ominous message – and what gamers should know to properly secure their accounts.

SMS as a Security Vulnerability

This case highlights a well-known problem: Two-factor authentication via SMS is considered problematic by security experts. Text messages can be intercepted, redirected, or compromised in the transmission system – however, this isn't a problem specific to Steam, but rather a fundamental weakness of this method.

This could explain the actual origin of the data. Not from a direct attack on Steam, but possibly from a leak in the SMS delivery system.

Official Statement from Valve

Steam operator Valve has emphasized in a statement that no Steam systems were attacked. In a blog post (external link), the company writes: "The leaked data is not suitable for linking the phone numbers to a specific Steam account, password information, payment information, or other personal data."

Twilio, the alleged third-party provider of the SMS codes, also denied a security incident. The exact nature of the leak thus remains unclear—the data may have originated from an intermediary service provider.

Source: /www.br.de/nachrichten/netzwelt/angebliches-steam-datenleck-was-gamer-jetzt-wissen-muessen,UlGctRv

Guardio’s Brand Phishing Report for Q1 2025 is here:
https://guard.io/blog/most-imitated-brands-phishing-scams-q1-2025

 

The only guarantee is FULL BACKUPS.

Spoiler: My experience / take...

That said, as a hobbyist who likes to try everything, I have installed many thousands of cracked plugins and software from both Sister site & friendly site, SoftArchive, and from a trusted poster in the newsgroups (a.b.s.u, etc) back in the day, and even a few from RuTracker (ones that were NOT brand new, and that have substantial comments)
I ran 3 different main computers over around 10 different iterations (with evolving hardware sets) of Win XP, Win7 & Win10 (and now Win11) since late 1990s, and have never had any virus on my computers, and only once on one of 4 business computers we had running.

That was on a Vista machine used by a salesman who i believe was interacting with some sketchy exciting sites...
i burned quite a bit of time submitting reports, etc before finally just reinstalling everything.
As usual, no loss of any user data, as NOTHING IMPORTANT WAS EVER ALLOWED TO REMAIN ON THE OS DRIVE!!

I have never used anything but Windows built-in antivirus, (except for that one mishap, in which I tried a few things).
I exclude all drives except my OS drive from being monitored because I know where everything comes from that goes onto other drives.
I now exclude most of the OS drive from being scanned as well, because I know what locations are not involved with downloading and potentially executing actions.

I DO allow the user download folder & appdata folders to be scanned, because a lot of activity (browsing data, temp files,etc) gets processed. Those are the places most likely to be vulnerable, but of course one can just let defender scan everything always to be safe.
Then one only needs to exclude any folders that might contain triggering files, and disable active monitoring while running keygens,etc.

Always use drives other than the OS drive for personal items whenever possible.
You may change the location of user folders to other drives as you like...
But even better, SYMLINKING ensures that folders don't get lost, & that also allows one to simply reinstall an OS and recreate the symlinks as needed.... But why even do that?

Just RESTORE the recent backup that everyone most certainly has (right?) ... particularly those who are giving advice on how to avoid problems.

 

99.8% of my plugins came from sis site.

But occaaasionally, I've grabbed a torrent of a file that disappeared from the sister site. So it could be one bad fish in a sea of healthy swimmers that wrecked it for you.

(For ex., I had to get Scaler 2.9 from another site after hating Scaler version 3.)

 

No no, that would be way too concrete. What the OP states is "hey something from a backery somewhere could probably taste bad..."....

 

Most troubleshooting steps involve going back one step at a time. It's easy to point at one source, especially if it is not on the list of globally trusted software. Now that is said...

If you can honestly say you have not had one web browser advertisement window pop-up that nobody really wants and have installed nothing before or since that is not from a trusted installer, the it is still just a 'perhaps'. Clicking a suspect link in any browser without dedicated protection software is like flipping a coin as to whether you may or may not get something horrible in your system. If you have experienced none of the negatives in the above, and did a system restore prior to then then roll it back (likely not by the sound of it).
Otherwise, I do suggest backstepping and working out which sites you go to other than just one that might possibly also be the culprit.

 

This is really strange. Why should a virus create copies of files? Viruses may encrypt them. Or use your PC for something else (DDOS attacks, mining). Or steal your info. Sometimes duplicate files with numbers (1), (2) etc. appears when the are problems with downloading. A program that downloads them cannot save them and then it creates another copy. But why should a virus do it?

I don't want to calm you down completely. May be, it makes sense to scan your PC with special utilities? I mean DrWeb CureIt! (free), HitmanPro (you may use demo), ESET Online Scanner (free), Malwarebytes (free) etc. These are not antiviruses which control your PC in realtime, they just scan it and can be used with a usual antivirus.

 

It is likely that ONE DRIVE is causing this behavior:

Spoiler: Source: Grok KI

The issue you're describing—files in your D:\Downloads folder spontaneously creating numbered duplicates like filename (1).ext, filename (2).ext, etc.—is a common problem in Windows 11, and it's almost always caused by OneDrive sync conflicts. Here's why this happens and how to fix it:
Why This Happens

• By default, Windows 11 configures OneDrive to back up your Downloads folder (along with Desktop, Documents, etc.).
• If your actual Downloads folder is redirected to D:\Downloads (a custom location on a secondary drive), OneDrive still tries to sync it.
• When a file is saved/downloaded or slightly modified while OneDrive is syncing (or if sync gets interrupted), OneDrive detects a "conflict" and creates a duplicate with (1), (2), etc. to avoid overwriting data. This is OneDrive's built-in conflict resolution.
• It feels "random" because it depends on sync timing, network hiccups, or multiple devices accessing the same OneDrive account.
• This is not malware, a virus, or Windows itself copying files—it's OneDrive being overprotective.

How to Stop It

1. Turn off OneDrive backup for Downloads (quickest fix):
   • Right-click the OneDrive cloud icon in your taskbar (system tray) → Settings (gear icon).
   • Go to Sync and backup → Manage backup.
   • Toggle Downloads to Off.
   • Click Save changes. OneDrive will stop syncing this folder and ask if you want to keep files locally—choose Keep.
2. Pause or reset OneDrive if duplicates keep appearing:
   • Right-click OneDrive icon → Pause syncing → choose 2/8/24 hours.
   • Or fully reset: Press Win + R → type %localappdata%\Microsoft\OneDrive\onedrive.exe /reset → Enter.
   • Restart OneDrive afterward.
3. Clear OneDrive credentials (fixes cached sync issues):
   • Search for Credential Manager → Windows Credentials.
   • Under Generic Credentials, find OneDrive Cached Credential → Remove it.
   • Restart OneDrive and sign in again.
4. Optional: Move Downloads back to default location (if you don't need it on D:
   • Right-click Downloads in File Explorer → Properties → Location tab → Restore Default (moves it to C:\Users\YourName\Downloads).
   • This avoids custom-location sync quirks entirely.

Clean Up Existing Duplicates

• Sort D:\Downloads by name or date modified.
• Use a free duplicate finder like CCleaner (Tools → Duplicate Finder) or Duplicate Cleaner Free to scan and delete safely.
• Always review before deleting—keep the newest/modified version.

After these steps, the random duplicates should stop completely. If OneDrive isn't running or the folder isn't backed up, this behavior can't happen. If it persists (very rare), check for third-party sync tools (Google Drive, Dropbox) or run a quick malware scan with Windows Defender.

 

What files were DL'd? Which win version was installed? Using OEM iso for the build or optimized iso? Be advised that OEM windows is not to be trusted online. Unless you as the user lock it down so that it's not constantly contacting the mothership, collecting & transmitting personal info, and applying "updates", it will exhibit strange behavior which is neither wanted or appreciated.

As far as AN is concerned, that dog ain't gonna hunt. Unless you can come up with some file names, your virus claims are somewhat in limbo. Did you bother to check the comments for what ever it is you grabbed from there? IF (big if) there actually was a virus in something you got from there, it most certainly would be commented upon. Furthermore it would not be allowed to remain as a download there. AN is not in the business of keeping truly virus laden files.