***IMPORTANT*** Keyloggers on Curse Gaming / ui.worldofwar.net

Started by Yrthal, September 22, 2006, 05:08:34 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2
User actions

Yrthal

September 22, 2006, 05:08:34 PM
Unbelivable that people allways try to destroy the game for others.!

http://forums.wow-europe.com/thread.html?topicId=31483341&sid=1

dont know what to say!
[SIGPIC][/SIGPIC]
Yrthal - warrior
Siliandra - mage
Starspoul - priest

Nefertem

#1
September 22, 2006, 06:02:43 PM
Hmm.. Was this what happend to Shadowelf?
[imga=right]http://www.tsuriai.dk/ms4.jpg[/imga]Nefertem - lvl 80 Nelf warrior, Aszune
Livtraser - lvl 80 noom mage, Aszune
Legba - lvl 71 Nelf rogue, Aszune
Shegoat (formerly Pentesiléa) - lvl 80 draenei shaman, Aszune
--------------------------------
As a species we\'re fundamentally insane. Put more than two of us in a room, we pick sides and start dreaming up ways to kill one another. Why do you think we invented politics and religion?
- Ollie, The Mist

Knabbel

#2
September 25, 2006, 12:29:22 PM
Important information......
 
Read the thread I may happen to you....
 
http://aszune.xsa.ch/forum_posts.asp?TID=6770&PN=1
 
CG stand for Curse-Gaming site.
Daedalus: The Handsome Lvl 60 Dwarf Paladin.
My Troll Name: is Kitty Girl.
Born to perform

Bastet

#3
September 25, 2006, 12:36:01 PM
Posted yesterday, and since just about every thing has the problem, id sujest ppl not DLing any UI mods atm <_<
Aszune (Alliance):
Sokhar lv 80 (H/M) Warrior, Sokhár lv 80 (H/M) Death Knight, Beset lv 70 (NE/F) Druid, Bastet lv 70 (NE/F) Rogue, Mentu lv 70 (Dr/M) Shaman
-=[dMw]=-Bastet (CSS) / -=[dMw]=-Niwa (BF2) / -=dMw=- Sokhar (BF2142)
-=[dMw]=- MVP Award Holder (June 2006) Winning team -=[dMw]=- Christmas Crunch (2008)

Neff

#4
September 25, 2006, 12:55:55 PM
Think so, but he got hacked 9 times or something.
[quote=Adularena] Robin?!?!?! *shouts* "Lets ride, my nimble youngster!" - Mmmm, how batman loves Robin to hum the Batman theme (na nananan anan ananana BatMAN!!) while *cough* Exploring Batman`s secret grotto.[/quote]

TEH N00m IS BACK WITH TEH PWN!:yell:

Demon

#5
September 25, 2006, 03:39:39 PM
well i've became a victim, of this as well, and neither norton av or avast av have detected anything foul on my system, check for svch0st.exe but none, so not sure where or how i got it since i've not done any ui mods or visited either site for a while but *shrugs* beware peeps.

Just advice you as other peeps have said dont if u have to update any UI mods and change your password asap.

As naked chars isnt funny, whats worse is the :ranting2: mofo that got into my account delted too of my 60 toons damm them!

*prays to god a gm can fix this*


:boxing: chinese farmers

(ps i dont hate chinese just chinese gold farmers)

Sinap

#6
September 25, 2006, 04:26:57 PM
Do what I do. Save your password to a notepad doc or something, and just copy and paste it in everytime, if its a keylogger, wouldnt it just see what is actually pressed on the keyboard not copy and pasted? :P But yeah.. it sucks, happened to one of my good RL mates last night (Dalto) pretty shitty tbh.
Sinap - 85 Human Warrior
Yarena - 85 Night Elf Priest
Xiaa - 83 Human Mage

TeaLeaf

#7
September 26, 2006, 07:27:36 AM
SoG have seen 3 members now affected by this type of hacking.  All 3 had their accounts stripped bare and all their hard earned epic gear & gold disappear.  Be careful out there folks.

TL.
TL.
Wisdom doesn\'t necessarily come with age. Sometimes age just shows up all by itself.  (Tom Wilson)
Talent wins games, but teamwork and intelligence wins championships. (Michael Jordan)

noevra

#8
September 26, 2006, 08:43:24 AM Last Edit: September 26, 2006, 08:56:46 AM by noevra
Ads there have been shown to be using a vulnerability to deliver a trojan to your system.
 
If you have visited recently, check your processes for svch0st.exe and g0ld.exe and also scvhost.exe
 
Those are the main processes the trojans have been using.
 
Supposedly this will be fixed soon, but due to the nature of the attack itself, i wouldnt and wont trust the site for some time yet.
 
 
DO NOT GO TO
ui.worldofwar.net
 
(see i didnt make a link) its F....d
 
linked off http://aszune.xsa.ch/forum_posts.asp?TID=6737&PN=1 for more information
 
 
thinks to delete if you have them!
 
svch0st.exe
g0ld.exe
scvhost.exe
 
Be suspicious! When you extract an addon package check its content for executable files.
They can appear to users to be useful or interesting programs. Avoid opening files with extensions such as .bat, .exe, .com
 
besites if you ever had a ingame wisper, ore mail about money selling website's. REPORT IT TO A GM, these are suspected to be the once to do this and sell you the money. with your one gear that got DEed. (not sure about this though)
 
----------------------------------some help to delete the crap-------------------------------------
 
 
Just killing them wont make much difference, you have to run uber spywear/virus scans on your pc, and quick.
 
One thing through is to disable your system restore. There isnt much point in removing nasty programmes if windows has a backup >.>
Enable it again after you have got rid of everything.
 
If your various scans dont pick anything up (even through you found the proccesses running) then you can try going to :-
 
Start
Run
regedit
 
once your in registery edit click on the 'edit' tab and go to 'find'. type in svch0st.exe or g0ld.exe or scvhost.exe... whatever you found running and hit 'find next'.
 
If you find it, delete it.
 
Keep hitting 'find next' untill there are no more results.
 
Then go to
 
Start
Find
 
and search for it again - all files and folders including hidden ones etc.
Same goes, find it delete it.
 
This is just part of what i did after finding something in my registry, although please note do not remove random stuff from your regisery just because you dont know what it is, only remove the things noted above. You can do major damage to your pc especially with the system restore turned off.
 
If in doubt, give someone a call that is really good with computers. Hope this helps!
 
-----------------------------------------------------------------------
 
 
hope this helps a bit


- opticalrush is still a noob, and dajo still a chilly dwarf -

Bastet

#9
September 26, 2006, 01:18:33 PM
Quote from: Sinap;152254Do what I do. Save your password to a notepad doc or something, and just copy and paste it in everytime, if its a keylogger, wouldnt it just see what is actually pressed on the keyboard not copy and pasted? :P But yeah.. it sucks, happened to one of my good RL mates last night (Dalto) pretty shitty tbh.

i wouldnt recomend saving any PWs on your drive, but if your sure your comp is save set wow to save the account name, then they only get a password, and not the account name, making it useless.
Aszune (Alliance):
Sokhar lv 80 (H/M) Warrior, Sokhár lv 80 (H/M) Death Knight, Beset lv 70 (NE/F) Druid, Bastet lv 70 (NE/F) Rogue, Mentu lv 70 (Dr/M) Shaman
-=[dMw]=-Bastet (CSS) / -=[dMw]=-Niwa (BF2) / -=dMw=- Sokhar (BF2142)
-=[dMw]=- MVP Award Holder (June 2006) Winning team -=[dMw]=- Christmas Crunch (2008)

Sebas

#10
September 26, 2006, 04:20:55 PM
Whats fun 'bout this... Sigh if I could get me hands on the *******s. :ranting:

Sinap

#11
September 26, 2006, 04:22:01 PM
Quote from: Bastet;152453i wouldnt recomend saving any PWs on your drive, but if your sure your comp is save set wow to save the account name, then they only get a password, and not the account name, making it useless.

Yep, save the account name, and I hid my password pretty well in amongst another random word document :P
Sinap - 85 Human Warrior
Yarena - 85 Night Elf Priest
Xiaa - 83 Human Mage

Nefertem

#12
September 26, 2006, 05:54:12 PM Last Edit: September 26, 2006, 06:07:56 PM by Nefertem
hmm.. I just checked my processes and I got like 7 different scvhost.exe thingies running.. But I got no idea which one of em to delete.. They doesn't show in neither search nor registery.. I have always used the 'save account name' option and so far nothing have happend.. but if that exe-file is what they use I wouldn't mind getting rid of it soonish..



EDIT: just read through the aszune forum, and I quote "svchost is fine, you have lots of them running under all kind of identities as normal in windoze XP. Thats why people have chosen to disguise the trojan as something similar you wont notice."
so its the svch0st.exe thats the corrupted one and Im free of thieves atm..
[imga=right]http://www.tsuriai.dk/ms4.jpg[/imga]Nefertem - lvl 80 Nelf warrior, Aszune
Livtraser - lvl 80 noom mage, Aszune
Legba - lvl 71 Nelf rogue, Aszune
Shegoat (formerly Pentesiléa) - lvl 80 draenei shaman, Aszune
--------------------------------
As a species we\'re fundamentally insane. Put more than two of us in a room, we pick sides and start dreaming up ways to kill one another. Why do you think we invented politics and religion?
- Ollie, The Mist

Bob

#13
September 26, 2006, 11:42:34 PM
Quote from: Nefertem;152524hmm.. I just checked my processes and I got like 7 different scvhost.exe thingies running..
I assume that was just a typo, cause if you really have 7 scvhost.exe processes running, you should be worried.
svchost.exe is just fine, scvhost.exe and svch0st.exe are nasty stuff :smile:
[imga=right]http://77.108.135.49/fahtags/ms10.jpg[/imga]* Threbrilith the Nightelf, born and raised by the Silver Oak Guardians *
Proud member of Dead Men Walking

Maus

#14
September 27, 2006, 12:09:29 AM
Don't know much about keyloggers, but couldn't you hit a few keys before targetting the password field to fox it?
Print
Go Up Pages1 2
User actions