Hacked.. again.

[llDemonll]

You'd make a horrible computer repair person. =\ Reformatting should be the last thing he does, especially since it's most likely a simple keylogger.

Reformatting is the easiest way to make sure there's nothing on your computer.

You say it's the last thing he should do, yet he's run multiple antivirus scans and found nothing...is there something else we should be looking at before a reformat?

[Deleted]

Reformatting is the easiest way to make sure there's nothing on your computer.

You say it's the last thing he should do, yet he's run multiple antivirus scans and found nothing...is there something else we should be looking at before a reformat?

Combofix can fix it! http://www.bleepingcomputer.com/comb...o-use-combofix <--

Please post logfile here

[Zyzzyx]

You'd make a horrible computer repair person. =\ Reformatting should be the last thing he does, especially since it's most likely a simple keylogger.

lulz

Keyloggers aren't always simple. Obviously he wasn't able to get rid of it after running the programs he said. While you were right that he should stay updated, that doesn't just magically fix all problems. Reformatting does (for the most part, especially if it's "simple"). After that, then a fresh install, updates, etc.

[haxartus]

Reformatting without finding the cause of the infection will just ensure that he will get infected again.

[llDemonll]

Reformatting without finding the cause of the infection will just ensure that he will get infected again.

No...virus can be a random hit. When you reformat just because your browsing / usage habits don't change doesn't mean you will automatically get a virus again. I'd say at least 75% of virus' are from bad advertisements on websites, and not the website itself. It's just bad luck in that case.

[Zyzzyx]

Reformatting without finding the cause of the infection will just ensure that he will get infected again.

Scanning and removing the threat won't find the cause either, unless the threat is very specifically transferred only through one method, which is doubtful. There's also no guarantee that there's only one threat, or which in particular is causing him to be hacked. Hell, it may not even be a keylogger.

[Belloc]

Keyloggers aren't always detected. Your email may be compromised. And have you ever shared your information with another person? Do you ever play on other peoples' computers?

All possibilities.

[eternalwhitemoon]

1) I'd like to refer you to my signature.

2) Do you use the same email as your Bnet address for anything else, ever, in the history of anything? Is your Bnet email password different than your actual Bnet account password?

[Cantii]

Touching on passwords... I'm sure this is common knowledge, however it should probably be said. There are some very simple rules for passwords that everyone should follow:

Never make a password an actual word, birthday, name, or anything significantly easy to remember or in the dictionary. Brute force attacks can crack such weak passwords in no time at all.

Your password should contain upper and lower case letters, numbers and at least one symbol. You can create a passphrase, such as "The quick brown fox jumped over the lazy dog" and turn it into a password like "t3hqBF0xj0t3hLZd0g" or something similar, whatever makes it easier for you to remember. If you have to, write down the password and keep it somewhere safe, not attached to your keyboard or monitor (you'd be surprised...).

Never. Use. The. Same. Password. For. Every.Thing. FFS. Yeah, you have a strong password, you even put it in hex! If you use that same password for everything, all it takes is one time. And chances are, you use the same username as well. DO. NOT. DO. THIS. Security is not meant to be easy, casual or provide comfort. Security is to keep your shit SECURE, and doing it wrong will not have that effect.

Other steps to take: Block java scripts and any other scripts from running in your browser. Don't download any attachments without verifying it first with the sender, unless you're actually expecting that particular file from that particular person. Use a non-shitty anti-virus, these include avast!, Microsoft Security Essentials, AVG, even some of the paid-for programs are good. Use the firewall on your router with Windows Firewall - you do not need a fancy stand-alone firewall that sucks up resources and does the same thing. Hell, you don't even need a software firewall if you're using a hardware firewall (i.e. your router's).

Don't give your password out to anyone, if you do because you're letting someone use your account, change the password immediately after they're done. Even though I trust my friend with my password to my account, I do not trust his computer. If he wants to log on again he'll have to call me.

Scan for viruses and malware frequently, twice a month at least. Don't download pr0n or warez and don't click those links for Viagra for 1¢/pill.

You should also change your passwords frequently. I don't mean once a year, I mean every thirty to sixty days.

[ayako]

Its hard to guarantee a compromised system is completely clean. Reformat is pretty much the only sure-fire way.

[haxartus]

When you reformat just because your browsing / usage habits don't change doesn't mean you will automatically get a virus again.

Not automatically, but eventually he will get it again. I've seen it happen to the same people time after time, with no chance of ever stopping the cycle. These people just didn't learn from their mistakes.

[soulbound]

Hey there.

This is the second time within a fortnight that my WoW account has been hacked, and I have no idea how it could possibly get hacked?

I've scanned my computer with multiple anti-virus/spyware programs, and not one of them has come up with anything..

I've changed my password several times aswell.

Any ideas of what is causing me to get hacked?

Thanks.

have you done an in-depth audit of your system tray lately? specifically, you should be looking for .dlls that arent specificed in directories. microsoft (assuming that is your OS) will often load .dll clones, or "preloaders" when the location isnt legit.

the good news here is that most free-ware programs that are designed to monitor this can actually identify them as they are loaded. i know free-ware isnt real-time. but if you run an antimalware program regularly, you are bound to find the "infection" as it tries to load itself.

---------- Post added 2011-03-16 at 04:29 AM ----------

Reformatting is the easiest way to make sure there's nothing on your computer.

You say it's the last thing he should do, yet he's run multiple antivirus scans and found nothing...is there something else we should be looking at before a reformat?

i would have to agree here... if the target (the Original Poster) is using a video game forum as a last resort for tech help, i think its safe to say that he/she isnt tech minded. formating is the best solution here.

(no offense to the OP)

[Ghash]

I've seen two of the three authenticators mentioned, but not the easiest (in my opinion) and most convenient one. The newly added dial-in authenticator is completely free, and once enabled, monitors your login activity and if anyone tries to log in from any abnormal IP (i.e. any computer that hasn't been logged in with since you enabled the authenticator), you have to call Blizzard from a specific phone that you set up when you get the authenticator, put in a PIN that only you know and potentially have to answer a few security questions that you set up. That's about as secure as it gets, especially if you have it set to a landline phone number. I personally have it set to my cell, but honestly unless they have the phone, the PIN AND the security answers, they're going to have a hell of a time getting on unless they're sitting in front of your personal computer.

[soulbound]

You'd make a horrible computer repair person. =\ Reformatting should be the last thing he does, especially since it's most likely a simple keylogger.

just to beat a dead horse:


keyloggers arent simple. they are complex... they are anomalies. a keylogger's 'depandant' is so varried that it is impossible to set out on a witch hunt for them. they can be pre-loaded upon bootup, before the basic platform secuirty , by attaching to keyboard drivers.

they can be stand-alones hidden in a fragment and burried in the registry.

[Bobonei]

It can be SO many things.. Purchase an authenticator on blizzard site, or buy it on your phone for like 1$ if u have android or iphone/ipad/ipod touch.. Very simple, and very secure.. that´s my advise.. and sorry for you.

[Denaka]

Buy an Authenticator. Easy hacker prevention.

[Licarius]

Authenticator = problem fixed.

i still don't understand how people can NOT have one./.... i mean, its either free on a smart phone, or its $6 from the Blizz store....
just get one to avoid the worry.

[Greennunu]

Even after you fix your issue, I would recommend buying a cheap computer for all your porn needs and only porn, perhaps even a new email for porn only related stuff. As someone has already suggested the quickest answer is a factory reset/format. If that doesn't work I would start checking your house for a hidden cam.

[mrberry]

setup a gmail account with 2-step login and get an authenticator.

dial-in auth. is not as good as the keychain one. known poeople thats gotten hacked with it on.

[haxartus]

Authenticator = problem fixed.

And how is that ? If the problem is the virus infection then the authenticator doest absolutely nothing about that.