Here are some photos ruined by other folks sticking their nose in;
Here are some photos ruined by other folks sticking their nose in;
After having my World of Warcraft Account hacked i set about searching for how to remove any viruses and other crap that had made there way on to my PC so a quick google came up with these two great tips.
1) A program called KeyScrambler — it is free for your web browser.
2) An addon for Firefox called “NoScript” — this defaults to denying scripts to run on pages you view. But, if you are absolutely certain that the site is safe, you can quite easily allow scripts.
3) A program called “SnoopFree Privacy Shield 1.0.7″ — which alerts you to any program trying to attach itself to your computers keystrokes.
Hi all, this guide will help you on how to clean your pc from keyloggers.
Please take a look.
Screenshots have now been added!!!
Please also take a look at the Unofficial Helper’s Forum (with IRC!)
> http://forum.anayra.info/ < (Thanks to Anayra for running this!)
English is not my mother tongue, so some things are hard for me to explain, but I think i’m doing a good job, in general ^^
First of all, a note: Hijackthis is a tool, used for finding infections in your computer. Please note: THIS IS NOT A SCANNER. It shows both malicous rules, but also LEGIT rules. Do not fix rules in Hijackthis yourself!
You can find a list of forums that are qualified to look at your Hijackthis log here: http://asap.maddoktor2.com
In addition, here’s a list of forums where you can post your hijackthis logfile. – If you know any others, please let me know in a comment/reply!
Before posting a Hijackthis log, please do the following steps upfront. I know this is alot of work, but that way most malware is already deleted and your logfile can be looked at faster.
Please remember: Follow ALL steps, including step 7
Note: Vista Users must run installations and the downloaded programs as Administrator. You can do this by right-clicking the program and select Run as Administrator (The screenshot shows it for Hijackthis, You must use this for every program we use here)
http://img408.imageshack.us/img408/6665/guide1bb5.jpg <– Screenshot
1. Download ATF Cleaner here: http://www.atribune.org/ccount/click.php?id=1 – and save it somewhere (Desktop for example)
– Start ATF Cleaner and check everything except “Prefetch” at the tab “Main“. Then press “Empty Selected”
http://img510.imageshack.us/img510/5641/guide2xo7.jpg <– screenshot
– If you use Firefox as your browser, go to the Firefox tab and check everything except “Firefox Saved passwords”. Then press “Empty Selected”
http://img220.imageshack.us/img220/9761/guide2qu7.jpg <– Screenshot
– If you use Opera as your browser, go to the Opera tab and check everything except “Saved Passwords“. Then press Empty Selected.
2. Download Ad-aware 2008 Free here: http://www.download.com/Ad-Aware-2008/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5&cdlPid=10903602 – and install it. If you get an license note during the installation, press Use Free After the installation, start Ad-Aware and press Update.
http://img67.imageshack.us/img67/3198/guide3po0.jpg <– screenshot
When Ad-Aware is finished updating, press Scan and do a Full system scan
When the scanning is completed, You’ll see two tabs with infected objects. The first tab contains Critical Objects and the second tab Privacy Objects Check everything at both tabs and press Remove At the top of both tabs you see a number which says the amount of infections found. Please wait until both numbers say “0” and then press Complete.
http://img90.imageshack.us/img90/2029/guide4pg7.jpg <– screenshot
3. Download Spybot Search & Destroy here: http://www.safer-networking.org/en/mirrors/index.html – and install it. During the installation, uncheck “Use Internet Explorer protection (SDHelper)” and “Use system settings Protection (TeaTimer)”
When the installation is completed, start Spybot S&D and press OK at the notice you get about Ad-Aware. It may also notify you about deleting temporary files. Just select yes Follow the Wizard, and when the wizard is done press Update in Spybot. Search for updates, check all available updates and install the updates. After that press the Immunize tab and Immunize your system. When the Immunization is done, press the Search & Destroy tab and start scanning your computer.
http://img520.imageshack.us/img520/7301/guide5br0.jpg <– screenshot
When Spybot S&D is done scanning. Check all found objects and press Fix Selected Problems.
If Spybot S&D cannot delete all found objects, it will ask if it can scan at the next reboot to fix the problems. Press Yes.
http://img70.imageshack.us/img70/439/guide6uc1.gif <– screenshot
Now close Spybot S&D.
4. Download MBAM (MalwareBytes’ Anti-Malware) here: http://www.besttechie.net/tools/mbam-setup.exe – and install it. Make sure that at the end of the installation, Update MalwareBytes’ Anti-Malware and Start MalwareBytes’ Anti-Malware is checked.
http://img218.imageshack.us/img218/9350/guide7bi9.jpg <– screenshot
When MBAM is started. Go to the Scanner tab and do a Full scan
http://img512.imageshack.us/img512/9767/guide8iv5.jpg <– screenshot
Once MBAM is done scanning, press Show Results and make sure all found objects are selected. After that press Remove Selected
http://img255.imageshack.us/img255/5509/guide9sm1.jpg <– screenshot
When MBAM is done deleting objects a logfile will open. You can close this logfile.
The Logfile will automatically be saved at the Logs tab in MBAM.
If MBAM found objects that can’t be deleted, it will ask to reboot your computer. Allow this and restart your computer.
4. If you didn’t restart your computer after running MBAM, restart it now anyway.
5. Do a full system scan with your virusscanner and remove all found infections.
If you do not have a virusscanner, you can scan online with one of these scanners. (Use Internet Explorer to scan)
Remove all infections found.
6. Restart your computer.
7. Download Hijackthis here: http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe – and install it. After the installation Hijackthis will open. Press Do a systemscan and save a logfile.
http://img165.imageshack.us/img165/4533/guide10pz1.jpg <– screenshot
A notepad file will open. In the Notepad file, press CTRL + A to select everything, CTRL + C to Copy everything. Then press CTRL + V in a new topic at the forum you want to post the log.
Also paste the MBAM log on the forum you place the Hijackthis logfile.
Many thanks for reading, if you have questions or problems, please ask
Also: Please note: Doing this all, is NOT A GUARANTEE your computer is not infected. There is no scanner that has a 100% detection rate.
I got an email this morning before i headed to college saying that wow account password had been changed, well guess what i didnt change it in fact i havnt played since early septemeber and my account is inactive. I merged my account with battle.net months ago and it worked fine when i logged in.
When i did try to login today i tried evey password combination i can remember and no luck. I tried to reset my password and it wont let me so it seems my account is either hacked or its something else.
Heres the email i got;
This is an automated notification regarding the recent change(s) made to your Battle.net account: EMAILADDRESS@EMAIL.COM
Your password has recently been modified through the Account Management website.
*** If you made this password change, please disregard this notification.
However, if you did NOT make any changes to your password, we recommend you contact Blizzard Billing & Account Services for assistance keeping your account as secure as possible.
For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing & Account Services team.
Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.
The Battle.net Account Team
The email looks real with the email headers looking correct. Unfortunetly the information you need to fill out to even get help with this from Blizzard support is insane, you need the original game CD key and all sorts off other stuff which i didnt have time to get this morning.
The email header;
Received: from ew1-web-10-blade02.wowadmin.net (ew1-web-10-blade02.wowadmin.net [10.50.53.42])
by smtp06.eu.worldofwarcraft.com (8.13.8/8.13.8) with ESMTP id nAA6Odc5027774
for <myemail>; Tue, 10 Nov 2009 06:24:40 GMT
Date: Tue, 10 Nov 2009 06:24:39 GMT
From: Blizzard Entertainment <firstname.lastname@example.org>
It seems my account has been hacked after all as Blizzard have sent this email to me;
We are writing to inform you that we have, unfortunately, had to cancel your World of Warcraft account:
Account Name: ********
Type of Violation: Involvement in online trading activities
Investigation Concluded: 10/11/2009
Consequences for Account: Account Cancellation
It is with regret that we take this type of action, however, it is in the best interest of the World of Warcraft community as a whole, and for the integrity of the game, that your access to the World of Warcraft servers be cancelled.
Online trading refers to the exchange of in-game content for real world money, and includes, but is not limited to, the sale or purchase of gold, the sale or purchase of experience in the form of powerlevelling, and the sale or purchase of honor points, reputation or items.
If you wish to review our current Rules and Polices, they can be found at:
Account Administration Team
Blizzard Entertainment Europe
Edit Update 13-nov-09:
I still dont know how i was hacked as ive all windows updates, Anti virus and a firewall. Avast said my Windows installation was clean, so did Spybot Search and Destroy. Howeve Lavasofts Adaware came up with a load of different viruses but didnt tell where they were. So in order to be sure i changed passwords to all my email accounts.
Ever since i was aware that Wow accounts would be hacked and cleaned out like this ive been very aware of my wow password and had Anti-Virus and firewall software installed. Bu i never thought this would matter if your wernt playing anymore. Since my account was inactive i dont know how it was hacked and im stilll waiting on Blizzard to contact me. I cant get even get though to them by using there UK number when they have an office in ireland in cork, so thats bloody great.
Edit: 20 – Nov Source of Virus Found – my College
Im after putting in the memory stick that i use for college in the DKIT and my new Anti Virus ESET Security (AVAST didnt even detect it) has picked up the virus on it something called;
“N:\9g86.exe – Win32/PSW.OnLineGames.NNU trojan”
So its clear even from the name that this is the nasty bastard virus that let somebody hack my account, whats even worse is that weeks ago at college the Anti-virus up there reported that some file on the memory stick had a virus but it didnt remove it and i thought nothing of it. Window then must have run the file when i put the Memory stick in. Ill never use Avast Anti-virus again even though ive used it for 5 years.
More from thechive.com