http://ffxi.allakhazam.com/forum.html?f ... 389;page=1

It's also being discussed on BG and other forums.

Supposedly this the keylogger coming from FFXIAH.

Trojan Type: Agent.GDA

System32 files:
C:\Windows\System32\rsbo.exe
C:\Windows\System32\kb1ss1p.dll
C:\Windows\System32\kb1ss1p.sys

Registry Key: {ED0ACB58-556F-21DA-DDFE-6D20F3F611BB}

It's a RMT operation. People have seen their friends compromised characters trading everything to mules called Moonbank or Sunbank, this has been confirmed over multiple servers.

_________________

thanks for info now I know what to look for.

_________________
PS3 Friend list name: Pantherxx Wii code 1629-0463-4657-0263 (revised 9/28/07) Steam ID - Pantherxx010 62BLU 75PLD Reactived 7/5/10 I dare you Click this!

i dled some fucking adware while trying to check out the bme pain olympics video and no matter what I do I can't get rid of it. I've ran adaware, virusscan, completely uninstalled and reinstalled explorer.. my only other option is to do a complete factory reset, but I don't really feel like backing up all my illegally downloaded programs and media. boo

_________________

I have some spyware on my desktop that has a bunch of Japanese looking symbols. I've had it for a while and can't get rid of it either.

_________________

Have you guys tried the AVG-S&D combo? CClean(all boxes checked) before running both AVG and S&D really helps... So many things you guys can do to remove it it's not even funny. Always immunizing & constantly having resident (from S&D) turned on really helps, specially if you log any personal information online (banks, cc, etc..)

_________________

Kioto do you have a link where I can DL S&D? I used to have it before my HD crashed but can't find a good site for it.

_________________
[In Yarr we trust.]

I sure do.
http://www.safer-networking.org/en/download/index.html

_________________

Ouch. Guess this is RMT's backlash for all the mass bannings. As much as it boils my blood reading about people getting their accounts jacked and sold off, SE's award winning bullet proof policies with regards to compromised accounts makes me even more furious. I want to stab someone, preferably those RMT bastards, but only after I stab the SE employee(or empolyees) that came up with the current oh so awesome policies on compromised accounts.

_________________

Cool thanks Kioto! I downloaded it. I only use Norton at the moment. I'll give this a shot.

_________________

I find its sometimes easy to get spyware off if you run a quick check right at start up before they can get initialized. Lavasoft's AdAware is a good program too.

And yeah, I hope I don't get my account stolen.

dude i had all those gay trojan files but i got rid of them, with delete key+system restore to before the shit was added. Im so lucky lol

_________________

This deleted a ton of shit Norton didn't find. All that torrent downloading probably loaded me up pretty good.

_________________

Most of the finds are cookies, but if you start seeing folders & files then your computer needs to be cleaned up nicely.

_________________

It's not the employees that come up with that crap. It's the higher ups. Believe it or not, most of their so-called "clauses" in the user agreement wouldn't even stand up in court if you challenged them that far. It's there to scare people into believing that there is no course of action against them when in fact there is.

I've personally dealt with their special brand of customer service lol. Took me close to 5 hours to reverse a bullshit suspension. It's guilty until proven innocent haha.

_________________

That's how any court system is Ulgo.

More importantly though: Does anyone know if these files are originally hidden? I looked to see if I had them and I'm not sure if I had my hidden files shown or not.

_________________
[In Yarr we trust.]

if you can find and open your system32 folder, then most of the files inside are also able to be seen.

system32 starts out hidden on new computers so to see it means that the folders and files have been set to un-hidden.

_________________
"all men die, and no brave man lets death frighten him from his desires"

Or you have manually selected to see hidden files & folders under the "view" tab in the folder options inside the control panel. There you can also select to see protected systems files (which i recommend if you're looking for a file inside the windows folder)

_________________

Anyone check the list on BG for which people lost their accounts, Twig is on there. Kinda surprised to see that since he's always been decently infamous.

_________________

Hopefully these people do themselves a favor and quit MMOs altogether after this.

_________________
Eternus Ifrit Server Atariii LS member
75 BRD with a bunch of subjobs

When I said SE employees, I meant those numbnuts suit head fat cats and not the people on the frontlines who have to face our ire every time something goes wrong - should of clarified that.

I wouldn't doubt all of their ToS clauses wouldn't stand up in court, but they'd probably just tie you up in court till you give up.

And yeah, their special brand of customer service is off the charts, it's on that remarkable of a level. I still enjoy the game (I know, that may be hard to believe, even after all this time), but the shitastic customer service leaves a rather strong bitter taste in my mouth.



Did you change your password and such just to be safe?

_________________

Does anyone know if ffxiah.com knows about this and if they've removed the banners in question?

_________________
[In Yarr we trust.]

There is a thread in their forums I assume they've removed the banners if it really was the cause.

Did you change your password and such just to be safe?[/quote]

yeah i did immediately after the restore. Cant find any of the bad files now which is good, but i can't be 100% sure im totally safe...

FYI this has also spread to Somepage, do not visit that site.

_________________

When Allakhazam gets hit I'm gonna be so bored.