Toon Hacking/Account Stealing/Keylogging Consolidated Thread

[Basta]

OK, so I've downloaded and ran the scan from Webroot....



Trepan - It was a password that could have been collected earlier. But today I come in from work and attempt to log in only to discover that I have no access to account. Neither of them.


I only access forums from this computer and my sons. I have remote access to his and pretty much have the same standards applied there as I do here. He's an Admin for his Counter STrike SErver and takes phishing, key-loggers and other hacks very serious. His machine checks clean also.

I agree that there are many opportunities to collect this information, and I cannot recall where I might have logged in from another's computer.

There was another post up above from another character from Guk....are there other servers involved. I wonder what he and I might have in common. Just wondering....


I call SoE and we go through the verify process and the secret questions and passwords are chnaged again. In the process before calling Soe I did attempt to have passwords emailed to me. I was told that I had already used that function in the last 24 hours. NOT. While talking to Customer Support we verified the current email address and it was still set to mine. I can only assume that whoever did this the first time had the original passwords and I guess logged into the station account and changed email address to one they use, and then again back to mine. ??? Who knows.

Either way I now have access to both accounts again, passwords changed from Soe provided after resetting them....to a random generated Alpha Numeric one. One that I probably will not even be able to remember.

As the screen shot shows, a lot of cookies, all with a low risk factor and no virsus.

[Petgroup]

I am at a loss for words. If Webroot and TrendMicro aren't finding anything, it seems like its a problem with SoE or someone bought there account and the site that sold it is ganking them all back.

Don't believe me?

Heres a snip of a PM to me. I will not say who it's from but its relevant.

Quote:

Originally Posted by Anonymous

I had just bought a new account with a completly different user name and password which was also stolen and was never shared.

[axuis]

yep account buying selling does go on every ones aware of that the problem atm its not just that from what basta has written the same deals happen to 3 people in our guild last week

1 log in was naked petioned soe by time they responded his password was changed so he was hacked twice in 12 hrs so i no idea how this being done

almost same thing that basta had and was at big bend naked as well other was in ts other in greystone

the only thing people been talking about is the in game browser could be responisble if its got a trojan in that im not a web person so any one any ideas if this could be happening with that browser is it possbile to hide a trojan or something with in that?

[Troutbum]

The trojan I found after I got hacked was Win32.Trojandownloader.Zlob. It apparently attempts to secretly download and run other files from remote web sites and shows fake error messages. "Zlob copies itself to the Windows folder and changes startup and search pages of Internet Explorer." I have no idea where I got it or whether it was involved in the hacking, but I found it right after I got nailed.

[Starbuck]

...I blame Hastely.

[axuis]

one of the guys i spoke to had his account hacked twice in 2 weeks is having rough time with soe atm they saying you should of changed pass word more etc but he changed his password 3 x in a week obviously i dont know what the passwords are (he is a relation to me this person not some radom guildie) so i know he changed it 3x in a week but still they got through

cant see why soe given him a hard time over this tbh not as though he got up 1 day had a brain melt sold all his stuff then asked for it back

imo if you can provide all information soe ask for your account then whats the problem

they are asking for activation code on the original box he bought now he had it like me from launch so thats what 4 years ago now he given that to them 5 x last week still they saying they looking into it more deepth now what more can you do when you give them everything including the 1st activation code no way some hackers got that info

at loss to what to do now been a week no joy they keep going back and forth between gm and customer services and the forum hes put in to get his account back is like 2 pages long now any suggestions to what to say to them to hurry this up ?

he can transfer toons off to a 3rd account his wifes but until they give him his stuff back hes not going to do it encase it causes more problems

[Basta]

Quote:

Originally Posted by Petgroup

I am at a loss for words. If Webroot and TrendMicro aren't finding anything, it seems like its a problem with SoE or someone bought there account and the site that sold it is ganking them all back.

Don't believe me?

Heres a snip of a PM to me. I will not say who it's from but its relevant.

No bought account here. I started with an original account that both my son and I played. When we ran out of character slots I had my main toon moved to a new account and my son retained the original account.

While it may have been a bought account for some I can assure you that these two accounts have been mine from conception.

[Grum Brug]

Quote:

Originally Posted by Petgroup

I am at a loss for words. If Webroot and TrendMicro aren't finding anything, it seems like its a problem with SoE or someone bought there account and the site that sold it is ganking them all back.

Don't believe me?

Heres a snip of a PM to me. I will not say who it's from but its relevant.

Are you seriously stupid nuff to think that webroot will find 100% of the viruses and loggers out there? Cause thats pretty dumb. Heres a quote from PC MAGAZINE April 08. SDAV 5.5 found and removed all but one of the samples- that's better than Webroot AntiVirus with Antispyware and Firewall did. In fact, SDAV 5.5 cleaned an infected system better than any other suit except for Panda Internet Security 2008. Keep rite on going ahead with your idea that Webroot is the end all be all Epic of computer protection you god damn moron. And fuck off with your BS anon make believe quotes.

[Basta]

OK - Spyware Doctor



But that still does not answer the question of where these hacked accounts are coming from. One guy tells us to post screen shots of Web Root and we do. Now he says that it's a bought account. NOT!

The end result of my dilemma :

After a considerable investigation we were able to track down all the coin which was removed from your account. As such I was able to restore all your effected characters to the most recent saves prior to 23:00 pacific on 3/22, which is when the theft began. You should be aware that your account was hijacked by plat farmers who stripped your characters to fill orders for other players. Your account information was most likely obtained from a keylogger or trojan downloaded to your system from certain websites or possibly third party programs you may be using. I strongly suggest you update your anti-virus and change your password.

We have also seen that these individuals are using password recovery to change your password which means they may have access to your email as well. I may be best to change any passwords you have used on your computer recently if you have not already done so. Thank you for your patience and cooperation. If you have any other issues we may be able to address in the future, please contact us at your convenience. We wish you good luck and safe journey in the lands of Norrath!

But....not a single program that I have used has been able o find a virus, Trojan or key logger on either my PC or my son's. Yes, Adware Advertising and Tracking Cookies, but nothing else. My anti-virus as well as my son's is up to date. Even the 11 yo daughter who shares the computer with him told me today that every time she logs on her account she runs webroot and only gets cookies. If I've got an 11 yo who runs a new scan every time she logs on I'd like to think that there is some sense of importance there.

There is more to this than some are willing to admit and it's not about us (expletive adjective) stupid people who share out info with others.

Oh! Third party programs.....I do have to admit to using Fetish Nightfall's UI vs. the EQ2 original. That is until toady. But that is the ONLY 3rd party program that has ever come close to my PC or EQ account.

[axuis]

basta my friend ran nod 32 adware web root spy bot and found nothing as well he got same responce from sony about being hacked as you did thats prob a automated message from soe any ways

not much else you can do other than put up a good fire wall i guess we swaped to comodo

Comodo™ Free Firewall Software Download# link there if any ones interested

but we are at a loss to

every one assumes you get hacked you bought your account or shared your info which not always the case

and you download 3rd party programs etc but my mates are in same boat as you are bast and no matter what you do nothing is found

im woundering if its a common website that eq2 players go to say eq2i or something or maybe the in game browser

may be its at soe end and they not telling any one can you imagine the money they lose if they amit they been hacked