Fatherpeteus

D'oh! Haha if only!!

I lol'ed at defragging 6TB in 3 seconds. Then I drooled a little. Only $17,000, eh?

Options are getting limited now - Let's give it a shot ~9:30 Monday night, shall we?

So great news (if you didn't already hear me spamming guild chat with my happy babblings yesterday) - Bliz has completed a very thorough item restore for me! I was greeted yesterday by ~1000 items/stacks of items in the mail of all my various toons, and afik everything is back! *Hugs Bright's sword and Father's trinkets* So I'm fully back in business and looking forward to moar raiding - Thanks again to everyone who offered their support and kind thoughts during this "time of loss"!

O....M....G....! Heck Stang, I'm as straight as they come, but even I can admit you've got a point!

I'm g2g Sat or Sun. Friday is out, and Monday I'd be available a little later, like 10ish

Here's a list from Wowhead of new items released in 3.1: http://ptr.wowhead.com/?items&filter=c...=1;crv=0#0+12+1 Of interest - Some new high-level leatherworking and BS patterns, a 32-slot herb bag, and a +81 spell power to *staff* enchant that could help to make a high-end 2h caster weapon measure up to MH + OH. Oh yeah, and tier 8 tokens, and some new high-level (i-level 226, like heroic KT or Malygos drops) badge gear from "Emblems of Conquest" (I guess we will get those in Ulduar).

I has update! So yesterday I got word that my characters were back on Skullcrusher. Payed my subscription back up, and looked over the damage. Oddly enough, I don't think I lost any (or much) gold - I guess Blizz caught their hacks and banned the account before they got around to transferring what they went to all that trouble for. So basically, they spent hours going through my bags, mail slots and banks (I'm a packrat!), vendored most stuff they could (my DK still had almost all his stuff, because the DK zone quest gear can't be vendored, but my rogue and hunter had pretty much nothing left but badge gear.)... And then ended up with pretty much nothing, for all their "work". In another spot of luck, my two geared 80s (Father and Bright) still had almost all of their (mainspec) gear still. I suppose the hacker was intending to either sell them, or use them to farm? Hard to say what they were thinking really - Father had all his healing gear except his T7 pants and trinkets (?) and Bright had all his tanking gear except his sword and boots (??) Barefoot pugilist tanking ftw! In another odd bit of the bad guys getting caught before they could finish raping my account, Bright still had two pairs of BoE boots from Naxx25 in his bags, for DPS and healing - Not sure about the DPS ones, but the healy boots are best in slot and sell for ~2500g. Still, they won't do me much good for tanking! So, I was off to work on getting my gear back. The Outfitter addon tells me what I'm missing, as it keeps track of the gear I had set up to use for my tanking set, dps set, etc. No way in heck would I have been able to remember every piece I had collected, even for my tankadin/gear collector, not to mention my other seven toons. So I filled a page with all of the missing gear for my various toons, and fired a GM ticket off (should have sent the ticket first, but no biggie.) A GM actually got back to me quite quickly (~45m), and told me how it works. He sent a request off to a specialist, who (in a couple of days) will review my current gear vs what I had last Thursday night, and mail me the missing stuff. Sounds like I may actually come out ahead (kindof) since I still have the shards from stuff they DEd with Father. I've lost a lot of semi-valuable stuff like stacks of food and green gems, but that's not a big deal. I wasn't sure if I would lose stuff I happened to gain between now and the restore (i.e. would my toons get rolled back), but apparently no, all they are going to do is some kind of comparison, then mail me everything I had then and don't have now. (Hopefully with gems and enchants intact, we'll see!) So after talking to the GM and mailing some misc stuff back to the toon it belonged with, I took my L58 DK and his intact quest gear to Outland and ground out a couple of levels, then went to bed. I expect I can find a passable tanking sword and boots for Bright (rep?) and get him back in the swing in time to tank for late-night Naxx tonight, so things are definitely heading in the right direction! Also, I am fairly confident I have the keylogger off my PC now... And I hope to be able to order an authenticator next week. Nothing like being robbed to motivate a person to step up the security, in life or in WoW! Thanks again to everyone who has been offering to help - It looks like I'm going to be OK after all! I may be up for a boot-farming heroic run this afternoon or something though!

Didn't anticipate demand, I suppose. Somewhere in China, an electronics manufacturer is probably getting a big order for a couple million more authenticator tokens. Ironically (?), given the whole "Chinese farmer" thing being the origin of the problem.

Hey Powerstripe - Who did you need to talk to to get your account restored? In-game GM, email to the Account Admin people, or... ?

Exactly Ajax. Has anyone seen a "Chinese gold farmer" actually farming gold in Northrend? Seems like they have found that simply stealing it takes a lot less time. (Hence the discounted rates, I suppose.) ---- Thanks so much to everyone who has volunteered to "take up a collection" or contribute to help me out! I profoundly hope that a full restore will be possible though. (Even if GMs were feeling helpful about restoring all my individual bits of gear - Man, that would take a long time!) Fingers crossed! ---- Authenticators still unavailable. I wonder what they are going for from scalpers on eBay? (checked - the ones closing tonight were going for $25-38) ---- Latest scan seems clean of the keyloggers though! Going through the process I've learned a lot about keyloggers and the even more malicious "rootkits" though. Worth a read of the info about those in Wikipedia, if you have any interest in IT (or even securing your own PC)!

I received a volley of emails late last night indicating that they had re-activated my account (with a new password - lol) and were in the process of moving three of my toons back to Skullcrusher. I was only notified of one move, but apparently they transferred Brightpetra, Fatherpeteus and my L71 rogue... Most likely because (afik) you can only move 10k gold off-server per L80 toon. My poor toons were gold mules. : / I tried to log in, and found that I need to pay before I can connect and view the carnage... Probably shouldn't have done it anyway because I still haven't been able to dislodge the keylogger from the Command.com file. I'm still searching for helpful ideas on that front. Unfortunately I don't own an XP CD - This PC was built in an IT shop when XP first came out. : / --- On further googling, it looks like the "Spyware 1.4" keylogger wasn't active (it's supposed to create some files and install itself to autorun via the registry) or was cleaned earlier by NAV or w/e. A-squared deleted the "wow.pws" trojan... So maybe I'm actually clean now!

It's in the Command.com system file in the root of the Windows directory - Not anything to do with WoW (although who knows where it came from, and when!) I can't just delete it, because it's always in use by windows. IIRC, I need to boot to a floppy in dos mode, and overwrite it... I don't have a floppy handy with a pristine copy of Command.com though. : / I'm runing XP SP2, and Spybot bugs me routinely when something tries to update the registry or download spyware - I've only had that feature enabled for the past several months though.

Those were some good ideas Powerstripe! A-squared has come upon "trojan-pws.win32.wow.qt!IK" in a Cosmos (an old addon I used a couple of years ago, iirc) folder in WoW and in a couple of system files. No info about that one on the net, but the file name is certainly suspicious, eh? Also got: Please submit "C:\Program Files\AIM95\Sysfiles\WxBug.EXE" to the analysis team for further investigation. Aha - And a known keylogger called "Spycapture 1.4" that I didn't notice immediately because it was flagged as only Medium risk. That one is embedded in C:\Windows\Command, so I can't delete it. My "cleaning up user PCs" kung fu is rusty - What should I do to obtain a pristine Command.com file, and overwrite the existing one? Make a boot disk on a clean PC, boot to dos on mine, and Copy A:\ ...? I shouldn't be losing any configuration information by doing that, should I?

Cogeco. They provide a virus/spyware scanner that didn't find anything but a few tracking cookies. Ad-Ware, Spybot and Norton Anti-Virus have also come up empty. In case someone was actually opening a connection to my PC, I've released and renewed my IP address and flushed the DNS cache at the suggestion of Bliz's list of "Things to do when yer hacked". Scrubbing tools wise Bliz wasn't very helpful though - It was more or less "You should scan for viruses".

No - She had no input into any of that stuff. Still waiting to hear anything from "Account management". The only reason I called billing was to make sure I wouldn't get charged for the realm transfer, and apparently that isn't an issue - Those charges don't go onto the account with the monthly WoW fee, so the hacker would have had to pay for it with a different card. Unless they have my credit card info too, of course. I still haven't found any virus on my PC, much less something that looks like a trojan or keylogger. Makes me nervous to log in to any of my banking stuff online! Losing control of my WoW account is one thing...

The billing person I was able to talk to mentioned that they (the "professional" WoW hackers) generally use stolen credit cards. Makes sense.

And 2.5 days later, still not even an initial response from Bliz. I wonder how long they keep the backup tapes for, for the possibility of the one-time restore thing?

zomg Gratz! (You're still a young'un - Can't catch me!)

*Grim-sounding lol* I thought "Hmm - I'm shipping some other stuff to a US address across the border as we speak, maybe I can have an authenticator shipped there too!" ...And the Blizzard Store site is down. Sheesh! Oh and still no response from Bliz beyond "This is an automated email to let you know we received your inquiry". Too busy providing super-fast response on realm transfers, I suppose? ---- Geeze - The Bliz store site came back up... I tried to order an authenticator and found out I needed to create a new account (either it's not the same as my game account, or the game account being closed)... And by the time I had created the account the damn things were sold out again. WTF?!

Gold!

Me too Andrie! And yeah Key, I'll have to keep you guys from dying another time :/ GL though! (Still waiting for a response from Blizz - A phonemonkey would be like a dream come true at this point! They don't seem interested in anything other than email contact, and don't seem to answer the emails. Yet the hacker got Bright transferred to a new realm in a couple of hours?) $25 in hand trumps the god-only-knows-what I've paid them over the past 4.5 years, I guess? O_o One-time account restore sounds like a dream! Have to see what kind of shambles I get back first I suppose. I'm going to go order an authenticator now, while I wait for Bliz to help! ---- Annnnd... They are sold out.

Thanks for the kind thoughts Memphis! *hugs* Yeah, I logged off a little before 4am server iirc, so if someone was in the guild list at 5 it was the hacker, busily cleaning out my stuff. Too bad you didn't say hi at the time! (How's your Mandarin?) O_o ---- Blog update - I've loaded a new (to me) virus/spyware scanner from my internet provider called "F-Secure", and so far it's found 8 spyware instances that Spybot missed earlier this afternoon. Who knows if any of them is the culprit - I'm not sure if I would recognize a keylogger when I see it. ---- Follow-up - All eight were tracking cookies, that don't look like keyloggers. So now I don't know if I'm still being logged or not!

Just talked to a dude from my internet provider, and he said "small world, my bank got cleaned out two days ago by someone who stole my credit card number at a small gas station in Toronto!" Yep... A small, and hostile world. --- Now I'm just blogging, but wtf else is a guy to do? Just tried to look up my toons on Armory (actually I can't get armory to load, but looked through http://be.imba.hu/ ("Be Imba" - A cool optimization site). None of my toons can be found. I don't know if that's because the account was closed (probably), or if they were all deleted out of spite. QQ

...And of course they charge you a premium rate for that (what is it, an additional $6 per month?) And it only protects you from having your password changed - The thief could still have stolen all my gold and vendored all my gear, and simply mailed it all to their L1 gold spammer account. I probably would have woken up to the same mess I have now - Just out the extra $6 per month. Huh. I stand corrected... If I knew it was a $6.50 one-time fee I would have done it long ago! Meh... Too late now, to help with this mess. Just got off the phone with a billing person who was fairly helpful - She mentioned that the charge for the realm transfer "is not connected to the regular monthly account fee billing", so it's probably on the thief's credit card rather than the one I have on file (so at least they aren't billing me for being robbed.) The other interesting bit of advice was to change my email password stat, because typically the thief will have gotten access to my email first (via their keylogger) so that they can make password changes and such, that send authentication info to the email account. And of course, I need to check my bank accounts and such (actually I'm hesitant to do so from this PC right now - I may be safe from someone dipping into my real money only because I haven't logged in to my on-line banking recently!)