Warning

ktadie

ktadie

Wilds Pathfinder

Join Date: Jul 2005

Grotto dis1

Scars Meadows

R/N

22 Jul 2005 at 09:48 - 1
there has been a keylogger here in the forum,
the thread was called dmg calculater witch
gives you a link to some hacking place
where they find your pass, and changes it.
my friend didnt know that, so he went in and now
he cant get into his account, it says that his
pass is wrong. We are mad about this especialy him,
he just saved up 100k (witch is alot for us

so if there comes a thread about a DAMAGE CALCULATER
do not download or go to the link,
I REPEAT DO NOT GO TO THE THREAD!

Synthos

Synthos

Lion's Arch Merchant

Join Date: Mar 2005

22 Jul 2005 at 09:53 - 2
Yeah.. and dont take antibiotics when taking birth control. makes bad things happen.

Omega_2005

Omega_2005

Krytan Explorer

Join Date: May 2005

UK, or is it? *confused*

A/Rt

22 Jul 2005 at 09:54 - 3
/acknowledged

Also ban the spammer who posted it in the first place, as that is breaking both the EULA on Guild Wars and this Forum.

Creature of Legend

Ascalonian Squire

Join Date: Jul 2005

Japan

No Clue

E/Me

22 Jul 2005 at 09:54 - 4
Thanks for the heads up but the best thing to say is dont link period. If that is the only one on here I'd be surprised. Stay away from links and such and you'll be fine.

DONT DOWNLOAD ANYTHING FROM NON-OFFICAL GAME SIGHTS YOU DO NOT FULLY TRUST!

Kamatsu

Kamatsu

Moderator

Join Date: May 2005

Australia

22 Jul 2005 at 09:58 - 5
If your friend really has had his password changed he can get his account back (and shouldn't be too hard).

Load up the GW client, you see the link for "Forgot Your Password?" that is under the password section? Tell him to click that and then enter the e-mail he used to sign up for that account and his password should be e-mailed to him if that was indeed the e-mail address he used to create the account.

so not all is lost! He should be able to get access back to his account by doing that.

But 1st of all he should delete that program and then run a few anti-spyware programs (Ad-Aware, Spyboy Search & Destroy, Spyware Doctor, Microsoft Anti-spyware to name a few) to ensure that his system is clean of any other spyware, malware, keyloggers, etc.

(btw, this is one BIG reason to never buy an account on ebay.. you pay the money, change the password.. and they just "Forgot Your Password?".. and bang you don't have access to it anymore.. which means they have made money and lost nothing!)

ktadie

ktadie

Wilds Pathfinder

Join Date: Jul 2005

Grotto dis1

Scars Meadows

R/N

22 Jul 2005 at 10:02 - 6
hmm ill tell him that when he gets back from holiday (left this morning)

Nightsorrow

Krytan Explorer

Join Date: Jun 2005

Servants of Fortuna

N/

22 Jul 2005 at 10:05 - 7
Hmm, iirc, there's a way to change the e-mail address that the account is linked to - at least there has been on previous games using this system - so they keylogger may have changed which e-mail address the new password is sent to.

Omega_2005

Omega_2005

Krytan Explorer

Join Date: May 2005

UK, or is it? *confused*

A/Rt

22 Jul 2005 at 10:05 - 8
he may phone you, so write this down and tell him not to do anything stupid with his computer! We're always here to help!

Synthos

Synthos

Lion's Arch Merchant

Join Date: Mar 2005

22 Jul 2005 at 10:16 - 9


Its not like you havent been warned.

ktadie

ktadie

Wilds Pathfinder

Join Date: Jul 2005

Grotto dis1

Scars Meadows

R/N

22 Jul 2005 at 10:38 - 10
i know stupid of my friend, but then link was a guildwarsguru link.. but if you just held the mouse over, it showd that it was somthing else

Numa Pompilius

Numa Pompilius

Grotto Attendant

Join Date: May 2005

At an Insit.. Intis... a house.

Live Forever Or Die Trying [GLHF]

W/Me

22 Jul 2005 at 10:43 - 11
The person who got his account stolen should hurry to send that "I've forgotten my password" mail, because whoever stole it is probably using it for bots - and if ANet catches him, they'll ban the account.

DrSLUGFly

DrSLUGFly

Desert Nomad

Join Date: May 2005

European Server or International

22 Jul 2005 at 10:46 - 12
Quote:
Originally Posted by Creature of Legend
DONT DOWNLOAD ANYTHING FROM NON-OFFICAL GAME SIGHTS YOU DO NOT FULLY TRUST!
It's not just downloads... simply don't go anywhere that offers this stuff... a keylogger doesn't necessarily have to download from a program, it can do it in a website too.

Arcador

Arcador

Wilds Pathfinder

Join Date: Jul 2005

--

R/N

22 Jul 2005 at 12:23 - 13
I got firewall, spyware prot stuff but they can't stop everything - when it comes to misery making people are wonderously creative.

My tip: For info visit only official fansites and keep in mind noone is 100% insured.

Aniewiel

Aniewiel

Smite Mistress

Join Date: Jun 2005

The Land of AZ, USA

Rt/E

22 Jul 2005 at 12:28 - 14
We try to find and delete posts like this as soon as they pop up. Sorry for your friend. I hope he manages to get the bug out of his system.

Realize too that it can log all sorts of passwords and information. Any site with a password (banks, EBay, credit cards, etc.) can be accessed with a trojan horse keylogger.

It's imperative that he clean his system with an antivirus and a keystroke logger "finder". Spyware Doctor is one of the best and has a trial version.

Tactical-Dillusions

Tactical-Dillusions

Desert Nomad

Join Date: May 2005

Grimsby, UK

R/

22 Jul 2005 at 13:07 - 15
I'm immune to keyloggers and hackers because i very rarely log out of guildwars.

RTSFirebat

RTSFirebat

The Humanoid Typhoon

Join Date: May 2005

UK

Servants of Fortuna [SoF]

R/

22 Jul 2005 at 13:14 - 16
Quote:
Originally Posted by Aniewiel
We try to find and delete posts like this as soon as they pop up. Sorry for your friend. I hope he manages to get the bug out of his system.

Realize too that it can log all sorts of passwords and information. Any site with a password (banks, EBay, credit cards, etc.) can be accessed with a trojan horse keylogger.

It's imperative that he clean his system with an antivirus and a keystroke logger "finder". Spyware Doctor is one of the best and has a trial version.
Personally I think he should go for broke and simply format and reinstall his operating system and files... better safe then sorry.

At the end of this I hope everyone remembers that there are people out there who can and will try and steal things like your password, you friend was foolish to download it.

But as stated before, you are warned each time you load GW, on the screen before you enter you password.

Elythor

Lion's Arch Merchant

Join Date: Mar 2005

Elysium Protectorate [EP]

22 Jul 2005 at 17:58 - 17
If the key-logger is a custom program, your anti-spyware, anti-virus programs won't ever detect them. Because work by detecting known signitures of virii/spy-wares.

As RTSFirebat said...your friend better do a reformat and hope everything becomes right again. I'd go as far as d/ling software from the harddrive manufacturer to perform a low-level format.

Aniewiel

Aniewiel

Smite Mistress

Join Date: Jun 2005

The Land of AZ, USA

Rt/E

22 Jul 2005 at 18:04 - 18
There are anti-keylogger/spyware programs out there that are quite inexpensive...some even with free limited usage. They are much simpler to use and less time-intensive than a reformat.

Balay

Ascalonian Squire

Join Date: Jul 2005

Mo/Me

22 Jul 2005 at 18:23 - 19
Quote:
Originally Posted by Aniewiel
There are anti-keylogger/spyware programs out there that are quite inexpensive...some even with free limited usage. They are much simpler to use and less time-intensive than a reformat.
I would rather spend some more time to reformat to be 100% sure that i will not have keylogger than use trial programs who usulally dont have all services like customers versions , and i advise others to do the same , its ultimate solution for keyloggers victims.

Algren Cole

Algren Cole

Banned

Join Date: Jun 2005

22 Jul 2005 at 18:23 - 20
WHOA! don't tell people to format their computers....that's about the dumbest suggestion you can possibly give someone.

to clear something up quickly... A trojan horse and a keylogger are two totally seperate ideas. A trojan horse allows an attacker to access the files on the infected computer much like you would the files on your own computer via a file manager style interface. Generally they consist of a client and a server(you download the server and become infected with it)...very rarely are these applications for any use other than messing around aimlessly on unknown victims computers...Unless you're America Online in which you've dealt with numerous IP tunnelling exploits and the 13 yr old kids that use them.(IP tunnelling is essentially the same idea of a trojan horse. It's for LAN only IP addresses and websites. They force the computer hosting the content to make an outbound connection to you..which emulates your presence on the LAN)

Keyloggers are simply little programs (generally can be done in 15-20 lines of code if you know what you are doing)..that keep track of every key that is pressed...normally in a configuration file on your hard drive. And they upload this information to either an email address...ICQ...or IRC bot(it can email but with the advances in Hex programs this method has been outdated for some years).


on that note...go Download Hijack this...run a scan. It'll pick up the keylogger.

an easier way to do this would be to open your Processes window "ctrl +alt +dlt"...depending on your version of windows/setup you might have to click the "Task Manager" button. Then click the processes tab and either search through for processes that shouldn't be running or post a screen shot of your active processes windowd here and I'll tell you how to remove the keylogger.

Divinitys Creature

Divinitys Creature

Krytan Explorer

Join Date: Apr 2005

Somewhere between the Real World and Tyria ;P

The Gothic Embrace [Goth]

22 Jul 2005 at 18:35 - 21
Need a damage calculator? Here's a good recipe:

calc.exe + in game spell descriptions

Aniewiel

Aniewiel

Smite Mistress

Join Date: Jun 2005

The Land of AZ, USA

Rt/E

22 Jul 2005 at 18:36 - 22
Quote:
Originally Posted by Balay
I would rather spend some more time to reformat to be 100% sure that i will not have keylogger than use trial programs who usulally dont have all services like customers versions , and i advise others to do the same , its ultimate solution for keyloggers victims.
I never use freeware. I find the best out there and buy it. *silently endorses Spyware Doctor*

Luggage

Luggage

Elite Guru

Join Date: Feb 2005

sweden

22 Jul 2005 at 18:40 - 23
Quote:
Originally Posted by Algren Cole
on that note...go Download Hijack this...run a scan. It'll pick up the keylogger.

an easier way to do this would be to open your Processes window "ctrl +alt +dlt"...depending on your version of windows/setup you might have to click the "Task Manager" button. Then click the processes tab and either search through for processes that shouldn't be running or post a screen shot of your active processes windowd here and I'll tell you how to remove the keylogger.
It would be a pretty poor hack if it shows up the process window or edits the registry for hijackthis to pick up - but then again I guess a keylogger for guildwars accounts would be for the poor hacks...

Algren Cole

Algren Cole

Banned

Join Date: Jun 2005

22 Jul 2005 at 18:41 - 24
*silently endorses linux*

(we don't have these problems on properly built operating systems )

a keylogger is a running application..you can't keep it OUT of your processes window...if it's on your system and running it'll show up in your processes window.

Luggage

Luggage

Elite Guru

Join Date: Feb 2005

sweden

22 Jul 2005 at 18:41 - 25
Quote:
Originally Posted by Aniewiel
I never use freeware. I find the best out there and buy it. *silently endorses Spyware Doctor*
The best might very well be freeware.

Balay

Ascalonian Squire

Join Date: Jul 2005

Mo/Me

22 Jul 2005 at 18:46 - 26
Quote:
Originally Posted by Algren Cole
*silently endorses linux*

(we don't have these problems on properly built operating systems )
window.
I would like use linux but ...most(rather all) programs and games are made for windows ,and not all of them can be used on linux

Luggage

Luggage

Elite Guru

Join Date: Feb 2005

sweden

22 Jul 2005 at 18:46 - 27
Quote:
Originally Posted by Algren Cole
*silently endorses linux*

(we don't have these problems on properly built operating systems )

a keylogger is a running application..you can't keep it OUT of your processes window...if it's on your system and running it'll show up in your processes window.
or you make it a service and run it under one of the svchost.exe threads...
or you shoot it into something else that is often run, like explorer
or you hide it in a 3rd or 4th way

Don't know if it's the best or so but - download proceXP from sysinternals and look at what .dll's are used by any normal process...

EternalTempest

EternalTempest

Furnace Stoker

Join Date: Jun 2005

United States

Dark Side Ofthe Moon [DSM]

E/

22 Jul 2005 at 18:46 - 28
Quote:
Originally Posted by Algren Cole
WHOA! don't tell people to format their computers....that's about the dumbest suggestion you can possibly give someone.

to clear something up quickly... A trojan horse and a keylogger are two totally seperate ideas. A trojan horse allows an attacker to access the files on the infected computer much like you would the files on your own computer via a file manager style interface. Generally they consist of a client and a server(you download the server and become infected with it)...very rarely are these applications for any use other than messing around aimlessly on unknown victims computers...Unless you're America Online in which you've dealt with numerous IP tunnelling exploits and the 13 yr old kids that use them.(IP tunnelling is essentially the same idea of a trojan horse. It's for LAN only IP addresses and websites. They force the computer hosting the content to make an outbound connection to you..which emulates your presence on the LAN)

Keyloggers are simply little programs (generally can be done in 15-20 lines of code if you know what you are doing)..that keep track of every key that is pressed...normally in a configuration file on your hard drive. And they upload this information to either an email address...ICQ...or IRC bot(it can email but with the advances in Hex programs this method has been outdated for some years).


on that note...go Download Hijack this...run a scan. It'll pick up the keylogger.

an easier way to do this would be to open your Processes window "ctrl +alt +dlt"...depending on your version of windows/setup you might have to click the "Task Manager" button. Then click the processes tab and either search through for processes that shouldn't be running or post a screen shot of your active processes windowd here and I'll tell you how to remove the keylogger.
It's very good advice but they can nuke there system with hijack this if used incorrectly. It will all depend on the keylogger. If it's mainstream one most anti-virus / anti-spyware should do just find, if you are running all those things and it finds nothing you may want to go as far as running the "recover" software that came with your pc or format / re-install if you did it yourself.

Disagree with the no freeware stuff. Spybot, Adaware, and Ms Antispyware used with each other can knock out almost anything. Now for AV stuff I would go with a paid such as Norton. You can have hidden process running I belive.

Algren Cole

Algren Cole

Banned

Join Date: Jun 2005

22 Jul 2005 at 18:52 - 29
Quote:
Originally Posted by Luggage
or you make it a service and run it under one of the svchost.exe threads...
or you shoot it into something else that is often run, like explorer
or you hide it in a 3rd or 4th way

Don't know if it's the best or so but - download proceXP from sysinternals and look at what .dll's are used by any normal process...

1. I would assume you are talking about Advanced Key Logger...the one that installs as a service. The file size for this keylogger is smaller than svchost and should throw up a red light immediately. I also believe this was patched with a recent windows update.

2. to fully hide a keylogger using this method ,you'd have to use createremotethread to inject the dll into explorer.exe. Then set two system hooks: one that watches for window creation, and one that hooks the keyboard... not an easy task for someone hacking something as trivial as an online game...also painfully apparent to anyone that knows anything about their system

hiding applications in a windows environment is incredibly difficult as it's painfully apparent to anyone with even minor experience.


as for the freeware thing...MOST freeware applications work perfectly when coupled with another freeware application. someone else already stated a combination of freeware spyware removal tools that works wonders.

and yes...hijack this can mess your system up pretty badly...but so can simply using your system.

Aniewiel

Aniewiel

Smite Mistress

Join Date: Jun 2005

The Land of AZ, USA

Rt/E

22 Jul 2005 at 18:56 - 30
I run a suite of applications, all of which check for a variety of things. Some of them are freeware, others I have bought full-versions of:

Spyware Doctor
VoptXP
Ad-Aware
Start Up Cop
Registry Mechanic
Error Nuker
Spybot-Search & Destroy
Zone Alarm
AVG
Spy Cop

I run each of these at least once a week and, if I suspect some kind of infection, I run all of them one on top of the other.

Algren Cole

Algren Cole

Banned

Join Date: Jun 2005

22 Jul 2005 at 18:58 - 31
Quote:
Originally Posted by Balay
I would like use linux but ...most(rather all) programs and games are made for windows ,and not all of them can be used on linux

WINE is an incredibly effective project...most applications can be used in an emulated windows environment. new applications can be tricky to get working and require a bit of programming...but most of the stuff that's been around for a while is WINE compliant.

Luggage

Luggage

Elite Guru

Join Date: Feb 2005

sweden

22 Jul 2005 at 19:15 - 32
No I was purly speaking of methods - I'm not into this scene (or any).
And I stated from the beginning that nobody would make a "good" keylogger for anything like this...

People with "even minor experience" would be in small risk of getting infected with a keylogger that looks for GW passwords tho I guess

OT: Using the mac support in ntfs for hiding files is kind of spiffy tho - have they made a patch for that yet?

Algren Cole

Algren Cole

Banned

Join Date: Jun 2005

22 Jul 2005 at 19:18 - 33
Quote:
Originally Posted by Luggage
No I was purly speaking of methods - I'm not into this scene (or any).
And I stated from the beginning that nobody would make a "good" keylogger for anything like this...

People with "even minor experience" would be in small risk of getting infected with a keylogger that looks for GW passwords tho I guess

OT: Using the mac support in ntfs for hiding files is kind of spiffy tho - have they made a patch for that yet?

I don't know if they have...I'd be interested to know though. I haven't used windows in years...had to do an install to play Guild Wars. But it's been about 5 years since i've owned a computer with a Microsoft OS on it...so I'm not completely up to par on my security information regarding windows.. but i'll definately check it out and let ya know

d4nowar

d4nowar

Wilds Pathfinder

Join Date: Apr 2005

Mo/

22 Jul 2005 at 19:30 - 34
Too bad your friend doesn't use a Mac. He would have no problem at all. I've never heard of ANY Mac getting a virus or anything.

You don't usually need any kind of an antivirus or spyware remover or anything like that. All you need is decent knowledge of where those things go in your computer. It is generally in the system32 folder. This is where all of the Devil's minions go. Just look through it and anything that was modified/created on the day the keylogger was downloaded should be looked into carefully.

I do this any time my computer starts to run slow and I almost always get rid of my viruses. You may ask, "It says the file is in use and can't be deleted, what do I do?" I hate Windows for that, but a good program to get rid of those little pests is Dr. Delete.

I think that is all from me.

Teklord

Teklord

Krytan Explorer

Join Date: Jun 2005

Lloyd.ab.ca

Lords of All

R/Mo

22 Jul 2005 at 19:32 - 35
Quote:
Originally Posted by Algren Cole
*silently endorses linux*

(we don't have these problems on properly built operating systems )

a keylogger is a running application..you can't keep it OUT of your processes window...if it's on your system and running it'll show up in your processes window.
I had to stop at this one and reply directly as it is inaccurate. Keylogger's can be invisible to the operating system, the task list, registry... and the like. And yes, this is in a Window's environment. I'm a Network Technician in a fairly large company and we have looked at such programs as a way to control (and sometimes use as evidence) the surfing habits of our community. I have studied extensively one such logger that is for sale by a security company and it absolutely does not show up in any process list or registry. I've run scans using popular and effective programs such as Ad Aware SE Personal, and Spybot S&D and it has FAILED to pick it up. As mentioned by other... the only way to be completely sure you are free of a key logger is to format and rebuild the comprimised system.

If you choose not to believe me, so be it. Just some friendly advice from someone who is in this field and has experience with this stuff.

SOT

SOT

Banned

Join Date: May 2005

East Texas

22 Jul 2005 at 19:37 - 36
Quote:
Originally Posted by Aniewiel
We try to find and delete posts like this as soon as they pop up. Sorry for your friend. I hope he manages to get the bug out of his system.

Realize too that it can log all sorts of passwords and information. Any site with a password (banks, EBay, credit cards, etc.) can be accessed with a trojan horse keylogger.

It's imperative that he clean his system with an antivirus and a keystroke logger "finder". Spyware Doctor is one of the best and has a trial version.
I went through this exact thing on Lineage II. The best preventative maintenance is do not go to a site for a gameworld unless it is the official one, or one that is linked to on their 'fansite' listing, because those are verified as legit and safe.

The mere fact he tried to download a hack of anykind tells me that he made his bed, and now must lie in it. If you are going to try to circumvent hard-coded stipulations in a game, online or off, whatever happens cannot be bitched about later.

Whether or not the link caused the keylogging, or the download, your friend, by your own account of things, was SEEKING a hack or exploit program, and thus has no sympathy on my end...

SOT

SOT

Banned

Join Date: May 2005

East Texas

22 Jul 2005 at 19:38 - 37
Quote:
Originally Posted by Teklord
I had to stop at this one and reply directly as it is inaccurate. Keylogger's can be invisible to the operating system, the task list, registry... and the like. And yes, this is in a Window's environment. I'm a Network Technician in a fairly large company and we have looked at such programs as a way to control (and sometimes use as evidence) the surfing habits of our community. I have studied extensively one such logger that is for sale by a security company and it absolutely does not show up in any process list or registry. I've run scans using popular and effective programs such as Ad Aware SE Personal, and Spybot S&D and it has FAILED to pick it up. As mentioned by other... the only way to be completely sure you are free of a key logger is to format and rebuild the comprimised system.

If you choose not to believe me, so be it. Just some friendly advice from someone who is in this field and has experience with this stuff.

Yessss...To Obiwan you listen! Good call bud

Scol

Academy Page

Join Date: Jul 2005

California

[PSST]

Mo/E

22 Jul 2005 at 20:04 - 38
Just curious, how would it not show up in processes or whatever? Wouldn't the process have to be in the startup or something of the like? Hijackthis has caught pretty much everything for me in my experiences with malware.

Plus wouldn't a secure personal firewall program block the traffic or ask for permission first before it allows it through?

SOT

SOT

Banned

Join Date: May 2005

East Texas

22 Jul 2005 at 20:08 - 39
Quote:
Originally Posted by Scol
Just curious, how would it not show up in processes or whatever? Wouldn't the process have to be in the startup or something of the like? Hijackthis has caught pretty much everything for me in my experiences with malware.

Plus wouldn't a secure personal firewall program block the traffic or ask for permission first before it allows it through?
Nothing is 100% secure.

And no, and no.

Teklord

Teklord

Krytan Explorer

Join Date: Jun 2005

Lloyd.ab.ca

Lords of All

R/Mo

22 Jul 2005 at 20:13 - 40
Honestly I don't know how it avoids the process list, I just know it does.

Hijackthis I didn't test on my test system I deployed this particular logger to, so maybe it can... maybe it can't. As for the firewall... a lot of personal firewalls are setup to default allow anything outbound, and only allow inbound based on responses to outbound requests. This makes sense and works as the typical home user doesn't want to be bothered with setting up allow rules for everything they need it to do. Now I've never heard of keyloggers that install themselves from websites but if it were possible, unless it uses a well known port (like 80) then a typical firewall should be blocking it. However, another nifty feature of the program I have tested is that you can combine it into any other program out there. For example, I set it up to install out of a Spyboy 1.4 executable (oh the irony I know)... with the option enabled to delete itself 7 days later. So when you install from that particular Spybot 1.4 executable you are installing the keylogger as well, without realizing it. That of course bypasses all firewall technology as you already have it on your system and you the user are installing it (without realizing it of course).

You'll notice I'm purposefully not naming the actual program or company that creates it. This is simply because I'm quite familiar with Torrent networks, and I have seen copies of it floating around there. I'd prefer not to point potential evil-doers (oh to the days of Darkwing Duck when I was young ) in the right direction where they may try to use this particular program to exploit unsuspecting Guild Wars players.