| Yarr The Pirate! https://w.yarrthepirate.com/phpbb3/ |
|
| FFXIAH trojan keylogger warning. https://w.yarrthepirate.com/phpbb3/viewtopic.php?f=1&t=11689 |
Page 1 of 3 |
| Author: | Ulgokiem [ Mon Dec 10, 2007 2:08 pm ] |
| Post subject: | FFXIAH trojan keylogger warning. |
http://ffxi.allakhazam.com/forum.html?f ... 389;page=1 It's also being discussed on BG and other forums. Supposedly this the keylogger coming from FFXIAH. Trojan Type: Agent.GDA System32 files: C:\Windows\System32\rsbo.exe C:\Windows\System32\kb1ss1p.dll C:\Windows\System32\kb1ss1p.sys Registry Key: {ED0ACB58-556F-21DA-DDFE-6D20F3F611BB} It's a RMT operation. People have seen their friends compromised characters trading everything to mules called Moonbank or Sunbank, this has been confirmed over multiple servers. |
|
| Author: | Pantherxx [ Mon Dec 10, 2007 4:49 pm ] |
| Post subject: | |
thanks for info now I know what to look for. |
|
| Author: | Jimbean [ Mon Dec 10, 2007 4:58 pm ] |
| Post subject: | |
i dled some fucking adware while trying to check out the bme pain olympics video and no matter what I do I can't get rid of it. I've ran adaware, virusscan, completely uninstalled and reinstalled explorer.. my only other option is to do a complete factory reset, but I don't really feel like backing up all my illegally downloaded programs and media. boo |
|
| Author: | Kluya [ Mon Dec 10, 2007 5:03 pm ] |
| Post subject: | |
I have some spyware on my desktop that has a bunch of Japanese looking symbols. I've had it for a while and can't get rid of it either. |
|
| Author: | Kioto [ Mon Dec 10, 2007 5:48 pm ] |
| Post subject: | |
Have you guys tried the AVG-S&D combo? CClean(all boxes checked) before running both AVG and S&D really helps... So many things you guys can do to remove it it's not even funny. Always immunizing & constantly having resident (from S&D) turned on really helps, specially if you log any personal information online (banks, cc, etc..) |
|
| Author: | Dmitry [ Mon Dec 10, 2007 6:56 pm ] |
| Post subject: | |
Kioto do you have a link where I can DL S&D? I used to have it before my HD crashed but can't find a good site for it. |
|
| Author: | Kioto [ Mon Dec 10, 2007 8:01 pm ] |
| Post subject: | |
Dmitry wrote: Kioto do you have a link where I can DL S&D? I used to have it before my HD crashed but can't find a good site for it.
I sure do. http://www.safer-networking.org/en/download/index.html |
|
| Author: | ChickenNoodleSoup [ Mon Dec 10, 2007 9:15 pm ] |
| Post subject: | Re: FFXIAH trojan keylogger warning. |
Ulgokiem wrote: http://ffxi.allakhazam.com/forum.html?forum=10;mid=119720635127342389;page=1
It's also being discussed on BG and other forums. Supposedly this the keylogger coming from FFXIAH. Trojan Type: Agent.GDA System32 files: C:\Windows\System32\rsbo.exe C:\Windows\System32\kb1ss1p.dll C:\Windows\System32\kb1ss1p.sys Registry Key: {ED0ACB58-556F-21DA-DDFE-6D20F3F611BB} It's a RMT operation. People have seen their friends compromised characters trading everything to mules called Moonbank or Sunbank, this has been confirmed over multiple servers. Ouch. Guess this is RMT's backlash for all the mass bannings. As much as it boils my blood reading about people getting their accounts jacked and sold off, SE's award winning bullet proof policies with regards to compromised accounts makes me even more furious. I want to stab someone, preferably those RMT bastards, but only after I stab the SE employee(or empolyees) that came up with the current oh so awesome policies on compromised accounts. |
|
| Author: | Kluya [ Mon Dec 10, 2007 9:35 pm ] |
| Post subject: | |
Cool thanks Kioto! I downloaded it. I only use Norton at the moment. I'll give this a shot. |
|
| Author: | Armani [ Mon Dec 10, 2007 9:54 pm ] |
| Post subject: | |
I find its sometimes easy to get spyware off if you run a quick check right at start up before they can get initialized. Lavasoft's AdAware is a good program too. And yeah, I hope I don't get my account stolen. |
|
| Author: | Tomake [ Mon Dec 10, 2007 10:59 pm ] |
| Post subject: | |
dude i had all those gay trojan files but i got rid of them, with delete key+system restore to before the shit was added. Im so lucky lol |
|
| Author: | Kluya [ Mon Dec 10, 2007 11:34 pm ] |
| Post subject: | |
This deleted a ton of shit Norton didn't find. All that torrent downloading probably loaded me up pretty good. |
|
| Author: | Kioto [ Tue Dec 11, 2007 12:34 am ] |
| Post subject: | |
Most of the finds are cookies, but if you start seeing folders & files then your computer needs to be cleaned up nicely. |
|
| Author: | Ulgokiem [ Tue Dec 11, 2007 12:40 am ] |
| Post subject: | |
It's not the employees that come up with that crap. It's the higher ups. Believe it or not, most of their so-called "clauses" in the user agreement wouldn't even stand up in court if you challenged them that far. It's there to scare people into believing that there is no course of action against them when in fact there is. I've personally dealt with their special brand of customer service lol. Took me close to 5 hours to reverse a bullshit suspension. It's guilty until proven innocent haha. |
|
| Author: | Dmitry [ Tue Dec 11, 2007 8:59 am ] |
| Post subject: | |
That's how any court system is Ulgo. More importantly though: Does anyone know if these files are originally hidden? I looked to see if I had them and I'm not sure if I had my hidden files shown or not. |
|
| Author: | Masterg [ Tue Dec 11, 2007 11:51 am ] |
| Post subject: | |
if you can find and open your system32 folder, then most of the files inside are also able to be seen. system32 starts out hidden on new computers so to see it means that the folders and files have been set to un-hidden. |
|
| Author: | Kioto [ Tue Dec 11, 2007 1:28 pm ] |
| Post subject: | |
Masterg wrote: system32 starts out hidden on new computers so to see it means that the folders and files have been set to un-hidden.
Or you have manually selected to see hidden files & folders under the "view" tab in the folder options inside the control panel. There you can also select to see protected systems files (which i recommend if you're looking for a file inside the windows folder) |
|
| Author: | Mareso [ Tue Dec 11, 2007 4:42 pm ] |
| Post subject: | |
Anyone check the list on BG for which people lost their accounts, Twig is on there. Kinda surprised to see that since he's always been decently infamous. |
|
| Author: | Eternus [ Tue Dec 11, 2007 4:46 pm ] |
| Post subject: | |
Hopefully these people do themselves a favor and quit MMOs altogether after this. |
|
| Author: | ChickenNoodleSoup [ Tue Dec 11, 2007 4:47 pm ] |
| Post subject: | |
Ulgokiem wrote: It's not the employees that come up with that crap. It's the higher ups. Believe it or not, most of their so-called "clauses" in the user agreement wouldn't even stand up in court if you challenged them that far. It's there to scare people into believing that there is no course of action against them when in fact there is. I've personally dealt with their special brand of customer service lol. Took me close to 5 hours to reverse a bullshit suspension. It's guilty until proven innocent haha. When I said SE employees, I meant those numbnuts suit head fat cats and not the people on the frontlines who have to face our ire every time something goes wrong - should of clarified that. I wouldn't doubt all of their ToS clauses wouldn't stand up in court, but they'd probably just tie you up in court till you give up. And yeah, their special brand of customer service is off the charts, it's on that remarkable of a level. I still enjoy the game (I know, that may be hard to believe, even after all this time), but the shitastic customer service leaves a rather strong bitter taste in my mouth. Tomake wrote: dude i had all those gay trojan files but i got rid of them, with delete key+system restore to before the shit was added. Im so lucky lol
Did you change your password and such just to be safe? |
|
| Author: | Dmitry [ Tue Dec 11, 2007 6:56 pm ] |
| Post subject: | |
Does anyone know if ffxiah.com knows about this and if they've removed the banners in question? |
|
| Author: | Mareso [ Tue Dec 11, 2007 7:00 pm ] |
| Post subject: | |
Dmitry wrote: Does anyone know if ffxiah.com knows about this and if they've removed the banners in question?
There is a thread in their forums I assume they've removed the banners if it really was the cause. |
|
| Author: | Tomake [ Tue Dec 11, 2007 9:15 pm ] |
| Post subject: | |
Tomake wrote: dude i had all those gay trojan files but i got rid of them, with delete key+system restore to before the shit was added. Im so lucky lol Did you change your password and such just to be safe?[/quote] yeah i did immediately after the restore. Cant find any of the bad files now which is good, but i can't be 100% sure im totally safe... |
|
| Author: | Arnwulf [ Wed Dec 12, 2007 9:40 am ] |
| Post subject: | |
FYI this has also spread to Somepage, do not visit that site. |
|
| Author: | Armani [ Wed Dec 12, 2007 11:26 am ] |
| Post subject: | |
When Allakhazam gets hit I'm gonna be so bored. |
|
| Page 1 of 3 | All times are UTC - 5 hours |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|