Hacked!

Sorry to hear your account got hacked. I was online around 6 am server time and saw mage online. I was like "hmm why are you online on this hour, this is odd" . I said "hi" but you didn't reply. Didn't know that your account are being hacked by someone at that time.

 

Hope they recover your toon soon so that you can come back and play with us.

 

 

Me too Andrie! And yeah Key, I'll have to keep you guys from dying another time :/ GL though!

 

(Still waiting for a response from Blizz - A phonemonkey would be like a dream come true at this point! They don't seem interested in anything other than email contact, and don't seem to answer the emails. Yet the hacker got Bright transferred to a new realm in a couple of hours?)

 

$25 in hand trumps the god-only-knows-what I've paid them over the past 4.5 years, I guess? O_o

 

One-time account restore sounds like a dream! Have to see what kind of shambles I get back first I suppose.

 

I'm going to go order an authenticator now, while I wait for Bliz to help!

 

----

Annnnd... They are sold out.

Edited February 28, 2009 by Fatherpeteus

40000? good lord.

Back in your cage, Monkey... and answer that phone while you're at it.

 

 

ooooooooooooooooooh

 

thanks ghosty =]

Wow pete sorry to hear that man. I hope blizzard helps you and you fix the Problem, they should put a time limit on the Transfers like you said.

Edited February 28, 2009 by Snarky

yikes that sucks you got hacked man. They got a restock of thoes blizz authenticators keychainy things and i got one this morning. Too many people i know have already been hacked >.<

Ok so I see the post there that says they have new ones in stock, so I head over to the blizzard store to grab one of these things since I don't ever want to have to deal with being hacked and loosing it all. It turns out, and I find this hard to understand, that while in the united states you can still purchase an authenticator for $6.50, apparently these ones simply can't be shipped to Canada, and they're sold out of the ones that come packed with that extra "cold protection."

*Grim-sounding lol*

 

I thought "Hmm - I'm shipping some other stuff to a US address across the border as we speak, maybe I can have an authenticator shipped there too!"

 

...And the Blizzard Store site is down. Sheesh!

 

Oh and still no response from Bliz beyond "This is an automated email to let you know we received your inquiry". Too busy providing super-fast response on realm transfers, I suppose?

 

----

Geeze - The Bliz store site came back up... I tried to order an authenticator and found out I needed to create a new account (either it's not the same as my game account, or the game account being closed)... And by the time I had created the account the damn things were sold out again.

 

WTF?!

Edited February 28, 2009 by Fatherpeteus

I've heard it can take some time to have your account returned and so on. So even though itll suck, try to be patient with it, I know there's been more hacking lately then normal, and everyone I've heard got hacked, has had stuff returned.

I'm going to go order an authenticator now, while I wait for Bliz to help!

 

----

Annnnd... They are sold out.

 

They still sold out atm. Both the canadian and US version.

And 2.5 days later, still not even an initial response from Bliz.

 

I wonder how long they keep the backup tapes for, for the possibility of the one-time restore thing?

Wasn't there someone in FP that got hacked a couple of times, and got atleast most of their stuff back afterwards?

I was hacked twice.

 

Since the hacker used a credit card, could you get the credit card info from Blizz since technically its on your account?

 

 

The billing person I was able to talk to mentioned that they (the "professional" WoW hackers) generally use stolen credit cards. Makes sense.

wow...

 

did she say whether your account will get rolled back?

No - She had no input into any of that stuff. Still waiting to hear anything from "Account management".

 

 

The only reason I called billing was to make sure I wouldn't get charged for the realm transfer, and apparently that isn't an issue - Those charges don't go onto the account with the monthly WoW fee, so the hacker would have had to pay for it with a different card. Unless they have my credit card info too, of course.

 

I still haven't found any virus on my PC, much less something that looks like a trojan or keylogger. Makes me nervous to log in to any of my banking stuff online! Losing control of my WoW account is one thing...

Edited March 2, 2009 by Fatherpeteus

jebus...

 

who's your internet through, rogers, bell, or cogeco?

Cogeco. They provide a virus/spyware scanner that didn't find anything but a few tracking cookies. Ad-Ware, Spybot and Norton Anti-Virus have also come up empty.

 

In case someone was actually opening a connection to my PC, I've released and renewed my IP address and flushed the DNS cache at the suggestion of Bliz's list of "Things to do when yer hacked". Scrubbing tools wise Bliz wasn't very helpful though - It was more or less "You should scan for viruses".

Edited March 2, 2009 by Fatherpeteus

Cogeco. They provide a virus/spyware scanner that didn't find anything but a few tracking cookies. Ad-Ware, Spybot and Norton Anti-Virus have also come up empty.

 

In case someone was actually opening a connection to my PC, I've released and renewed my IP address and flushed the DNS cache at the suggestion of Bliz's list of "Things to do when yer hacked". Scrubbing tools wise Bliz wasn't very helpful though - It was more or less "You should scan for viruses".

 

Honestly, you're scaring me to get wow authenticators. Maybe Blizz is hijacking everyone's accounts so we buy one!

 

If you need any gold or anything, I'm gonna make a pool for you so you can buy leet AH gears.

 

Below are the program names there web links and a brief description about what they do as well as a personal opinion.

 

CCleaner

http://www.ccleaner.com

 

This program helps clean up some of the mess that we make just from going online and browsing the internet. It cleans old internet files, temporary file left behind by third party programs, and old registry entries. I recommend just using this program once a week because it is far more efficient then windows disk cleanup that comes with windows.

 

ZoneAlarm

http://www.zonelabs.com

 

The way this program works is it adds more security than windows firewall can provide. It monitors incoming and outgoing information and stops hackers dead in their tracks usually. The program also will provide you with alerts and threat notifications. The only downside with this program is you have to add other computers on your home network onto your trusted zones and this can be difficult for those who are not computer savvy.

 

A-Squared

http://www.emsisoft.com/en/software/free

 

This program scan your computer for Trojans, key loggers, spy ware, pop ups, virus's. You name it this program find it on your computer 90% of the time. This program comes very highly recommended from me and all of my roommates who use it. It is a terrific program for it not costing you money. Just don't forget to update it does not do it automatically.

 

AVG Free Edition

http://free.grisoft.com

 

I cant speak anymore highly about this program or the company. This particular anti virus program is on par and surpasses most costly counterparts. It also works with windows and gets automatic updates every so soften. This program is truly gold and i recommend it to anyone I would much rather have AVG free edition then Norton Anti-Virus any day.

 

Blacklight

http://www.f-secure.com/blacklight

 

Blacklight is a malware scanner on steroids this program searches form there website into your computer and removes and rootkits, maleware, spyware and keyloggers. This is most effective then other programs because it help block some of the ways the malware keeps infiltrating your system. I recommend this once a week.

 

second, I use several things:

 

1. Mozilla Firefox with the noscript addon

2. zone alarm

3. fully updated virus scan (symantec or AVG)

4. Spybot Search & Destroy

 

 

PREVENTION:

firefox with noscript will block almost every attempt at installing keyloggers without you knowing about it

Zone Alarm will block every attempt to send data from your PC to the internet , and asks for your permission first

DETECTION/REMOVAL:

virus scan will often alert you if malicious code has been encountered on the internet

Spybot will clean most internet gunk from your computer

Edited March 2, 2009 by Powerstripe

Those were some good ideas Powerstripe!

 

A-squared has come upon "trojan-pws.win32.wow.qt!IK" in a Cosmos (an old addon I used a couple of years ago, iirc) folder in WoW and in a couple of system files. No info about that one on the net, but the file name is certainly suspicious, eh?

 

Also got: Please submit "C:\Program Files\AIM95\Sysfiles\WxBug.EXE" to the analysis team for further investigation.

 

Aha - And a known keylogger called "Spycapture 1.4" that I didn't notice immediately because it was flagged as only Medium risk.

That one is embedded in C:\Windows\Command, so I can't delete it. My "cleaning up user PCs" kung fu is rusty - What should I do to obtain a pristine Command.com file, and overwrite the existing one? Make a boot disk on a clean PC, boot to dos on mine, and Copy A:\ ...? I shouldn't be losing any configuration information by doing that, should I?

trojan-pws.win32.wow.qt!IK

 

'pws' sure looks like passwords to me, lol

 

you SHOULDN'T lose any config data, but if the malicious file is in an old wow file, I would suggest to chuck out your entire addons folder and rebuild it. Do not use the curse client from curse-gaming, it attacked my PC with spyware.

 

In all seriousness, I would almost recommend a restore. My PC is security galore so I can help you out with a few programs that will lock up your registry and auto-denies things from trying to install onto your PC without your notice, while also giving you the choice to add things to your registry with a prompt. It is not annoying, but I get a pop-up from it once a day if that. Only if I'm installing something.

 

Which OS are you running?

 

 

trojan-pws.win32.wow.qt!IK

 

'pws' sure looks like passwords to me, lol

 

you SHOULDN'T lose any config data, but if the malicious file is in an old wow file, I would suggest to chuck out your entire addons folder and rebuild it.

It's in the Command.com system file in the root of the Windows directory - Not anything to do with WoW (although who knows where it came from, and when!) I can't just delete it, because it's always in use by windows. IIRC, I need to boot to a floppy in dos mode, and overwrite it... I don't have a floppy handy with a pristine copy of Command.com though. : /

 

I'm runing XP SP2, and Spybot bugs me routinely when something tries to update the registry or download spyware - I've only had that feature enabled for the past several months though.

Edited March 3, 2009 by Fatherpeteus

I'm at a loss then.

 

Do you have a restore partition on your HDD or your Windows XP disc?

I don't believe Blizzard would just mess around with people's accounts because they would lose customers. I saw one thing about a restore in a present post. If you can, I'd highly recommend you to do this.

 

When I had my warlock, I traded it to some random guy in Iowa for his undead mage. As soon as the trade went threw he transferred the warlock onto a different server. Some time later, I was getting weird message constantly on the mage so I decided to take back my warlock. When I took back my warlock I called Blizzard and explained to them I was recently hacked, I have absolutely no clue what happened and stated that "nobody" had my account info. -winkwink- The guy on the phone just told me to send a ticket in for a GM and explain what happened. I did so and the explained to the GM what happened. He looked into this and moved me back to Skullcrusher.

 

Point being is you should get everything back with simply doing what I did, getting your account back and then ticketing a GM.

 

Also, you might ask... What's my evidence, what will back me up? Well, with games in the world today, they track ALL of your log ins. You don't directly see that but they do track it. That's why I got my account back, Since I'm a Canadian and the guy who had my account and moved me off the server was in Iowa, They fulfilled what I asked for.

 

In the end, you should be fine, although it shit does hit the fan. I'll help you out if you need some.

I received a volley of emails late last night indicating that they had re-activated my account (with a new password - lol) and were in the process of moving three of my toons back to Skullcrusher. I was only notified of one move, but apparently they transferred Brightpetra, Fatherpeteus and my L71 rogue... Most likely because (afik) you can only move 10k gold off-server per L80 toon. My poor toons were gold mules. : /

 

I tried to log in, and found that I need to pay before I can connect and view the carnage... Probably shouldn't have done it anyway because I still haven't been able to dislodge the keylogger from the Command.com file. I'm still searching for helpful ideas on that front. Unfortunately I don't own an XP CD - This PC was built in an IT shop when XP first came out. : /

 

---

On further googling, it looks like the "Spyware 1.4" keylogger wasn't active (it's supposed to create some files and install itself to autorun via the registry) or was cleaned earlier by NAV or w/e. A-squared deleted the "wow.pws" trojan... So maybe I'm actually clean now!

Edited March 3, 2009 by Fatherpeteus