| Yarr The Pirate! http://yarrthepirate.com/phpbb3/ |
|
| My WoW account was hacked! OMG http://yarrthepirate.com/phpbb3/viewtopic.php?f=26&t=11618 |
Page 1 of 2 |
| Author: | Yarr [ Mon Nov 19, 2007 5:37 pm ] |
| Post subject: | My WoW account was hacked! OMG |
And it sucks. I talked to a GM who said they could probably restore everything. Of course I was freaking out before and theres still a chance they wont beable to restore my account. This sucks. I had like 3k gold. |
|
| Author: | Kioto [ Mon Nov 19, 2007 5:46 pm ] |
| Post subject: | |
That sucks man. I don't know that exact feeling but i know it it sucks to have something that you worked hard taken away like that. |
|
| Author: | Arrowyn [ Mon Nov 19, 2007 8:10 pm ] |
| Post subject: | |
Aw bummer... I can give you some spare gold until then. Is that why you were in Dire Maul for hours? Or wait... can you log in or did they change the pword? |
|
| Author: | Jimbean [ Mon Nov 19, 2007 8:41 pm ] |
| Post subject: | |
that's what happens when you buy gil and pos h4x |
|
| Author: | Yarr [ Mon Nov 19, 2007 10:44 pm ] |
| Post subject: | |
yeah they killed me and left me in junk gear there arrowyn, but no worries, the GM said they shouldnt have a problem restoring my stuff once its looked into. They do some kind of investigation to make sure Im not faking i guess lol. |
|
| Author: | Dustdevil [ Tue Nov 20, 2007 1:02 am ] |
| Post subject: | |
get your shit stolen in WoW, you get proper customer service and your stuff back. get your shit stolen in FFXI, you get a pat on the head and stack of mithkabobs to start over with. anyway that sucks >< gotta watch those damn addons, fn keyloggers. |
|
| Author: | Ponuh [ Tue Nov 20, 2007 1:09 am ] |
| Post subject: | |
You never get hacked out of the blue lol. You either got a keylogger from a UI OR A GLIDER?! |
|
| Author: | Yarr [ Tue Nov 20, 2007 1:16 pm ] |
| Post subject: | |
Im assuming I got it from a UI mod. ALthough I only used titan bar, Bongos and all in one inventory. I also have Norton installed and Im not a retard. I never thought I would get hacked like this. |
|
| Author: | Balidorn [ Tue Nov 20, 2007 1:36 pm ] |
| Post subject: | |
I'd say it was a key logger... >.< sucks man. Gotta stop watchin so much pron... j/k but yeh that sucks bad =/ |
|
| Author: | Macabre [ Wed Nov 21, 2007 1:13 am ] |
| Post subject: | |
I had that happen to my account, and said screw it, gave me a reason to finnaly quit. I had those same mods yarr, and it ended up being a keylogger, couldn't pinpoint which mod it was though O, and it will take about 3 days, and you only get 3 complete account restores |
|
| Author: | Yarr [ Mon Nov 26, 2007 10:38 am ] |
| Post subject: | |
I have norton and it seems to think my system is clear. But I have a strange feeling this trojan isnt missing. Does anyone know of a good scanner for trojans? |
|
| Author: | Kioto [ Mon Nov 26, 2007 11:37 am ] |
| Post subject: | |
AVG, Spybot S&D, Lavasoft Ad-aware, CCleaner. Those alone should be enough to clean up most of not all infections. |
|
| Author: | Mikey [ Mon Nov 26, 2007 12:23 pm ] |
| Post subject: | |
Kioto wrote: AVG, Spybot S&D, Lavasoft Ad-aware, CCleaner.
Those alone should be enough to clean up most of not all infections. the key loggers they use arent common. Hence why its happening so often. They specifically target wow players.n |
|
| Author: | Yarr [ Mon Nov 26, 2007 1:12 pm ] |
| Post subject: | |
Yeah Im assuming the reason Norton isnt picking it up is because its a trojan specifically created for WoW. |
|
| Author: | Kioto [ Mon Nov 26, 2007 1:22 pm ] |
| Post subject: | |
Keyloggers have a detectable signature just like viruses do before installation. Yes some are still undetected but most are cought by the anti-virus. Some keyloggers are used as parental control thus not being detected by some anti-viruses but avg is fairly strict with privacy and still will report it being a threat. There are other advanced methods of discovery using programs such as HijackThis but that should be done after you've used the programs i listed. |
|
| Author: | Yarr [ Mon Nov 26, 2007 1:26 pm ] |
| Post subject: | |
I figured norton would get them, but I was ready to do a CWShredder and HijackThis after I got some feedback ;p. I normally dont use to many spyware removers. Im pretty good at cleaning my registry by hand. |
|
| Author: | Yarr [ Wed Nov 28, 2007 5:58 pm ] |
| Post subject: | |
So my computer still has this trojan on it. Im just going to reinstall windows to get rid of it, but I am stumped as to why I cant find it. Norton, AVG, Adaware, Spybot S&D, CCleaner and a bunch of other scanners that Blizzard had linked me too in an email. None of the scanners turned up anything on my computer. Even the spyware scanners are 100% clean. They only report a dataminer if I have any temp IE files. Im just so sick of reloading my computer. This has been the 5th time since I upgraded. |
|
| Author: | Kioto [ Wed Nov 28, 2007 6:34 pm ] |
| Post subject: | |
Just do me a favor then, HijackThis and post it here and we'll see if it's still active, it maybe so that only when you start the game (or load the plugin/mod) the logger loads, you might have to HijackThis it when wow is running. |
|
| Author: | Yarr [ Wed Nov 28, 2007 7:19 pm ] |
| Post subject: | |
I'll post the log, I already googled all the active exe and dll files and nothing out of the norm was running. I even used some program that blocked all incoming and outgoing network traffic until I approved it. Nothing came up when I logged into wow. Nothing other than my Nvidia drivers starting and the wow program itself. Something really strange is going on. |
|
| Author: | Yarr [ Thu Nov 29, 2007 7:10 am ] |
| Post subject: | |
Logfile of HijackThis v1.99.1 Scan saved at 7:04:29 AM, on 11/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yarrthepirate.com/v-web/bulletin/bb/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
| Author: | Yarr [ Thu Nov 29, 2007 7:11 am ] |
| Post subject: | |
that log is right after I opened WoW.exe and tried to log in. |
|
| Author: | Kioto [ Thu Nov 29, 2007 7:26 am ] |
| Post subject: | |
You got nothing unusual in that log. |
|
| Author: | Yarr [ Thu Nov 29, 2007 3:31 pm ] |
| Post subject: | |
I know, I havent found anything so far. I have yet to find a single thing that looked unusual. I couldnt have found it yet as far as I know the thing is still on my PC. Blizzard has closed my account and I have to now fax over tons of proof Im not the hacker. Its messed up. Im going to reload my computer today. |
|
| Author: | Kioto [ Thu Nov 29, 2007 4:17 pm ] |
| Post subject: | |
Is this on your new computer? If so did you install windows when you built it? |
|
| Author: | Yarr [ Thu Nov 29, 2007 6:25 pm ] |
| Post subject: | |
Yeah I installed windows myself. I always do this order for my installs. Windows Norton Windows updates Applications Games |
|
| Page 1 of 2 | All times are UTC - 5 hours |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|