Hacked accounts (Compare notes page)

Hmm well I had a look at Texmod with a couple of applications( A packet sniffer & an application that monitors API calls) it doesn't seem to be doing anything dodgey unless its gettin the GW.exe to do the dirty work which I doubt.

Theres got to be a common application people have downloaded or maybe they have signed up to a dodgey guild wars website/forum where the admin logs the account details hoping he will get lucky.

Some of them may be after gold but others i don't think are. Like i said earlier in a post, the hacker on my account used all my gold to buy z keys and then used em and left me with a couple brules and flasks. I think he may have not wanted to be transferring large sums of cash as it may looks suspicious so he used the cash and transfered the golds / tomes.

I just got a message from this same Monica today. Pop over to GURU to read the message and nothing is there. Mighty strange.

Inde already covered the PM email thing:

Inde, the board administrator, already posted that some accounts were created for spam PMs. Those account got deleted and with them all PMs sent from the accounts. The email notification you received was valid, just as the PMs were existent before the account deletion.

Nothing mighty strange here.

Also please read this before you start a pathetic attempt to blame Guru for the stolen accounts:

http://www.guildwarsguru.com/forum/s...&postcount=187


EDIT: Shakti was faster . Damn my copy and paste skills

I am going to quote a post I made in one of the "hacked" threads. Read it carefully, it provides wisdom that you guys need.

one more thing: Prolly best not to play gw on public computers, or computers that aren't your own, I know theres a portable gw version out there that you can play off your ipod, and I've used it a few times too (on pc's i know are secure).

edit : nice ratio Rahja ^^ nice to see ur making the world go round :P

Another question to add to your list:
Did you have your username and password stored in the command line of the shortcut?

Well after this I decide to change my password so I log into Play NC alright and it will not lt me change WTF? Tells me to contact support but that is such a problem cause you need some 4th seperate accont to do it and then blah! i am very angry with Anets costumer support!

Yes! I am having the EXACT same issue as you are! Their support is worthless as well, I have been forwarded to a "senior" technician. I had to give them all my personal info including my family recipe for german chocolate cake... WTF?

Blah. I'm getting that problem too. Absolutely infuriating, as I took a while to remember my PlayNC account name. There was practically victory fanfare when I remembered it, only to be shot down with 'There was a problem resetting your password. You may need to contact support.' upon an attempt to change my password.

One thing to add to Rahjas post, Do not rely upon your single virus scanner alone. I have found viruses in files that my virus scanner found safe. Check all downloaded files at www.virustotal.com. Your file(s) will be scanned by 32 different virus scanners which all have the latest updates!
VirusTotal is your friend!

I've had the same problem too!!! I've changed my password last week, no problem at all. worked instantly. Now, after having rwad about that lineage trojan, I did a thorough virus- and spyware scan yesterday to make sure my system was clean, and tried changing my password again, but now all of a sudden I can't change it! I've sent them a support ticket. Waiting for their responce.

What bothers me greatly about the playNC account site, is that once you have logged in with your playNC account password, you can simply change your guildwars account password without having to enter your current password first!!!
So anyone using some sort of keylogging tool only has to log your playNC account login and password, and then he can quite easily change your GW account password! He doesn't even need your old password! And the login email you use for GW is simply just SHOWN on the playNC account page.

So the security there is quite bad imo. With every account managing site of whatever application you always need to fill in your current account information before you can change anything. This doesn't seem to be the case on playNC. God I wish I hadn't linked my account, but the damn online store forced me to >

PlayNC and AneT: you seriously need to do something about that!!!

One big issue that I have with having to change your Password at the NC Soft website after using the online store, is that you no longer can use a strong password...IE #$% symbols etc, its just letters and numbers. After I discovered that NC Soft took control when I used the store, I wrote them telling them about the less secure passwords and it was just shrugged off.
It is also a major pain in the butt to change your GW password through their website.

allright, so they responded with a list of questions they need to verify in order to help me, which ino is a good thing. One of those questions is the physical address I used when I made my playNC account.

This might be the reason: I created the account at home, and now I'm trying to change my password at work. I have my own laptop here, and the server here is secured, and I don't use my laptop to play GW, so there shouldn't be a security risk, but perhaps playNC will only allow password changes from the same IP you created it with.
Then again, when I changed my login password last week, I also did that on my work laptop at work. So why shouldn't it work now all of a sudden... Sigh.

Okay, so I'll respond to the mail I got back with the link provided in it. I click the link, and the playNC site pops up. It has my emailaddress already filled in and asks for my password.
A question arises: I'm 100% sure my playNC contact email is different from my GW-login email. So why did they mail their response to my GW-login email??? And what password do they need on this page that I'm looking at right now?
So I try my GW-pass to no avail. I try my playNC login password to no avail. I try some older passes to no avail. WHAT DO YOU NEED FROM ME???
And why do I have to log in with my gw-email? I normally log in with my playNC account name which is not an email address... So now I can't answer their response because I have no idea what to fill in here, even though I have all my account information. They're just asking me the wrong questions, confusing me.

I'm confused and frustrated. Have these idiots ever tried using their support themselves??

edit: okay, so I figured out they needed my "support" password (didn't know I had one), but okay, so I fill that in and respond to their reply to my ticket. I've asked them if there are issues with their website atm, and if I should just wait and try again in a few days... Let's keep out fingers crossed...

Ughh. Well I've not recieved a reply yet, but I'm damn sure I created my PlayNC account at home too, which is where I've been trying to change my password.

That does indeed sound frustrating, can't wait to go through it as well!

Edit: Oh, fantastic. Time to search for the bloody access keys.

Well, I'm hoping this is just a temporary issue with their website. I'll try to change my pass again tonight when I'm at home, and pray that it'll work there... Meanwhile I'm still waiting.

All this because some basta'ds find ways to get into your accounts. Sheesh. I'll be paranoid forever (or at least untill GW2 comes out and I can transfer all my achievements, but then I'll probably be paranoid about my GW2 account xD )

I believe it asked you to create an email account right after you sent the question? It did for me.

Otherwise, I found all my access keys (after logging back in to my PlayNC account to get other access keys), typed them out, double checked them and hit submit. Only to get forwarded to a page stating I didn't have permission to view the document. I hit back, and my response had been reset.

Ahahahaha.

.. /wrist

Oh, you've got to be kidding me. The first stuff I faltered over was due to my stupidity. However, they've now asked for a picture of my reciepts. That's ridiculous. Who keeps a reciept for over two years, for a game?

Not only that, but I've recieved each of these games as gifts, save for EotN. Bleh.

Yeah I know. Well, I tried doing the same at home, and I het the same damn error:
"Game Account Password Reset
There was a problem resetting your password. You may need to contact support."

Seriously dudes, get your site together! How am I supposed to regularly change my pw now???

Here's what I mailed them:

Although I kinda doubt they do...

and this is what you have to do at the website to change your pass:



You don't even need to fill in the old password!! So anyone who gets a hold of your playNC login/pass can change your GW account, and then your playNC login/pass! How unsafe is that!!! And changing your email for GW is impossible I think...

okay update: I recieved their reply, and guess what?:

DO THESE PEOPLE READ AT ALL!?!?!?! They changed my PlayNC password, while I specifically asked why I can't change my GuildWars account password via their site. OMG the MORONS!

edit 2:

Okay, so I send them another update reply:

I'm getting increasingly annoyed with these people... Reginaaaaa!!! help us pleaaaase!!!

edit 3:

Another reply:
They're thanking me for my patience xD They should be thankfull I don't live near them lol

Well I tried changeing my password on the computer that I made the account/bought from the online store and it worked. Still angry at Service.

Got this un my mail today:

And indeed it works fine now.
- Still annoyed about the way they don't read your problem and send replies that don't help at all.
- Still don't know what the problem was, and if it's permanently solved, or that I will have the same problem the next time I try to change my account password
- Still hate the fact that you don't have to fill in your OLD password before you can change it! That is seriously unsafe!!!

But I do have to admit they always stay friendly no matter how annoyed and sarcastic people get with them... :P

I hope the problem is solved for everyone now.

All right, here's my final correspondation with John:

John replied swiftly:

So I decided to give him my final argument and leave it at that:

I hope this will help in making things safer for everyone. Be vigilant!

Sjeng.

I hope this will be helpful.

I was hacked a week ago, and it was a Trojan Keylogger. However, I have quite a few anti-virus and anti-spyware applications installed on my computer. They are the following: NOD32, Spyware Doctor (Invalid registry, so I couldn't get an update), Adaware, and some other antivirus programs like AV and such. None of them managed to find the keylogger. With this said, I was able to find the virus after uninstalling and reinstalling Spyware Doctor, and it somehow gave me a valid registry state. So some of you may want to reconsider about trusting some programs.

Following up, I would like to share my discovery on how I found out that I have been hacked. I was disconnected four times in one day. Despite the fact that one out of the four was a server crash, my internet was stable, and so, I suspected it to be something malicious. Here's the key point of the issue: these disconnects were all error 7's. After doing some researches with a second computer, I was able to identify the following:

Legit disconnection when you are located in an outpost: You will go back to your character screen, you will be able to log back right away.

The other disconnection when someone has logged onto your account while you were in an outpost: You will go back to your character screen, but you will need to provide your password again, then you will be able to log back on.

Legit disconnection when you were in an explorable area: You will be asked if you want to reconnect to the server, assuming your internet is stable and working, you will be able to do so.

The other disconnection when you are in an explorable area: You will be asked if you want to reconnect to the server, assuming your internet is stable and working, you will not be able to do so, and you will receive a network error.

Here's a problem I have identified: when someone logs onto your character screen, only your buddylist will go offline, and of course, you will be asked to retype your password and such. Problem is, as far as my researches go, this is the same as a legit network issue with the buddylist.

Upto this point, by getting error 7's, I had doubts that there were actually any hackers. May I ask what in the world happened to those error 35's we were supposed to get if someone logs onto our account while we are on it?

Let's look into something more serious: the location of the virus. First of all, I have installed Firefox onto my computer for school purposes, and the moment when I found out that I didn't really need it, I didn't use it. That was about January of this year. I often do clean ups of my IE temporary files, and I have even tried a few programs that terminate my temporary files. The virus was located within a temporary folder of Firefox, and I guess all the terminations I had was not able to reach it.

As for the people who believe that they will be safe if they stop playing the game, I'm going to show you this.
http://www.guildwarsguru.com/forum/s...php?t=10277088
Just an addition to this thread, my friend reset his password before he quits.

Another point I would like to make is that hackers don't just randomly distribute keyloggers all over the places; can you imagine the logs they have to read if they had done that? In related to this, the only Guild Wars-related pages I visited the official Guild Wars website, Guru, GWonline, and the two wikipedia pages. Not trying to offend the mods here, but I still suspect I may have gotten the keylogger from one of the previous mentioned sites. In fact, this will be my last post here on Guru, and I'm going to format my computer just to be safe. If anyone wishes to contact me ingame to discuss this topic, my ingame name is the same as the forum name I have here.

Lastly, I'm not going to blame anyone or anything for this incident; after all, I do intend to go to various sites to see if I will get a virus. After getting the virus, I'm always interested to see if I'm able to kill it. Nonetheless, from this incident, I realized how much my account meant to me, and how much fun I had on it. I guess when you reach this age, things will just become dull, and you will only be happy when you look back into your memories. Certainly, I will not allow anyone to torment these memories. Relevant to this, I can see that there are people who share the same perspective as me; this was the reason to why I made this post, despite I have to go through a day of format and updates.

Also, when the hacker noticed I was online before he or she logged on, the hacker logged off imediately. In the whole incident, nothing was stolen. It is rather suspecious to what exactly was the hacker intending to do with my account.

hey did we ever get that 'update' on the 'meeting' of the 'exploit' from miss regina???? (she mentioned in the closed thread about the hacked accounts....she said she would get us information as soon as she had some....well that was what over a week ago?).....

Hey, sorry for the necro res on this thing, but I think I just got hacked.
I left for two weeks to go on a family vacation, and when I come back, all my ectos, gold, zkeys, jadeite shards (lol whut?) and probably a few weapons/materials that I forgot I had was all gone, also I think he did something back in the guild cause I guess it got me kicked from it haha. I havent answered any false emails or anything, and the only person who knows my password is my real life best friends who wouldnt do something like this. The only thing I can think of, is that I am linked to the PlayNC account thing when i registered to it to lodge a support ticked about the xunlai house a while ago.
So, I don't know if the hacker is back or not, but you may want to be careful.

Sorry to say this, but this might be the reason why.

I had an account that got hacked a couple years ago by gold sellers and A-Net closed the account. There was nothing I could do to get it re-opened. Made me leave GW for a while.

I just got hacked yesterday and lost two of my characters. I don't understand how on earth this happened when I triple scanned my computer using three different anti viruses and then I scanned today and found nothing. Not a keylogger, nothing. No one knows my info, not even my husband. I filed a support ticket just wanting to know if they can track who did it, I don't care that I don't get my stuff back, even though I just blew 80k on vabbian armor for my dervish that is now deleted. (I know I will not get my stuff back.)

I just want answers. You know what I got? I got the typical "Oh you're a dumb person, you must have given out your info or gotten a keylogger durr durr" response. That's not what I asked support, stop treating your customers like they are a bunch of 8 year olds. They even said in the response that they KNEW their servers are secure. How are you secure when someone can just log into your account while you're on it and boot you off? I think they really need to change this.

I could have sworn i had bout 150 plat in storage after i sold some item. Logged back on a day later and I had only bout 13 plat in storage >.< WTH!!!

if it was hacked, then the hacker would probably steal ALL your platinum, not leaving the last 13.

Erm... are the people being hacked signing up to the Xunlai tournament house...? This is on the GW website, and totally open to sniffing with HTTP being plain text... and here you submit account info... and perhaps people putting in their game passwords, despite being told not to...?

Anyone working in IT/Software Support who ever makes this statement should be fired on the spot because they are idiots.

There is one rule anyone in IT or support should know, "A compentant hacker/s will always win, period." Your only chance is to slow them down long enough to trace them.

Going to take a short walk, need to cool off now.

But you cant submit the same password for the xunlai house as your password for your gw account

Not entirely true. What they should remember is: the amount of protection should roughly be proportional to the asset value. You don't protect the NSA's and Anet's server with the same assumptions, because breaches have very different consequences in both cases

And sometimes hackers simply loose because the cost of the attack is not worth it (a GW account has a lesser value than a WoW one). And the cost of tracing a hacker can be prohibitively high (that's why it doesn't happen more often, technically it's quite easy, if international links didn't cost so much).

1: Where you online when you got hacked? if so what happend, where were you?
No.

2: Do you use textmod? If you do, where did you download it from?
Yes, from GuildWiki.

3: Are you on American or other servers at the time? (And when you loged in what was your location? (Server/Outpost)
European, EE1 Great Temple of Balthazar.

4: Do you have your account linked to play NC or use the online store?
Linked to PlayNC only, never used the store. I didn't know it was linked to PlayNC until I got hacked though

yes ive been hacked, multiple times

1mill+ hacked.

must of made his day.

they're baaacckk....

now that its summer I guess the hackers that didnt get caught in that 'unknown' update are at it again------

I've said it before, I'll say it again: Generic anti-malware software does not protect against application-specific hacks.

The real question here is, how did the trojan get there? These things cannot just appear, even if targeted at GW specifically, they cannot install themselves without any of those anti-virus applications warning the user about it.

But once it's installed, these applications will no longer detect them.

Also another thing to add to this survey: Which IM software do you use? MSN Messenger is notorious for being malware magnet, and should be first thing disabled by any user worried about security.

Please explain how it is a Malware Magnet? Are you talking from the side of accepting files from people or an exploit in the program itself?

My hack story will make you laugh, cus im retarded:

Ingame: no

I was in Ascalon int. dis 1 (older than 3 months though), and i was selling some high-end goods. Some random guy pm'd me a link through a skill template, i went to it. Downloaded a keylogger >.> . Luckily i was selling a sword for my friend that time, and didn't have it, however i did lose about 1000k in (vabbian + 15k) armors across my accounts.

I did however log into their Guild hall, as they invited me into the guild (silly russians >.> ), took a snapshot of the guild roster before it kicked me off .

I put all the officers / leader on friends list, none of them logged in again... I suppose my report + picture worked (ty anet for drawing my name outta the hat, as the person you do decide to help )


Just a guess: Guru highend is basically a giant list of people to be hacked. I did have that sword advertised here, so it is probably likely they saw me either on guru, or ingame (although the guy who pm'd me wasnt in the map? ).

Hope this helps!