1
Forum Settings
       
Reply To Thread

Compiled Info for Virus ProtectionFollow

#1 Apr 10 2008 at 6:14 PM Rating: Excellent
*****
12,735 posts
This is reposted from BG thread here.

Threads of interest:
Website infected with trojan
Prevent Yourself From Being Hacked Part I
Prevent Yourself From Being Hacked Part II
Protect Your PC - A Guide
Gener Tips To Avoid Account Theft

Thanks very much to Airenn for this information.

Quote:
Aight guys, listen up. I am going to do my best to walk everyone through how to protect your computer and get this spyware/keyloggers off before anymore people get hacked.

If I can think to add anymore, I'll mention the update here.
12/11/07 Posted, and I hope it helps.
-Added some programs, and recommendations on password security/saving. Thanks guys!
-Changed title, cause I want to make sure people know this is specifically for the hackings.

First things first:

Actions that need to be taken immediately:
1) Take this post to your LS Forums. Post it.

2) No forums? LS Message, broadcast on FFXI, send them(LS), friends, people you know, to BG to read it. (Publicizing BG and preventing hacks<3)

3) Run Anti-Spyware.

4) As for your PW method? You're on your own.

Programs you should be getting:
1) Ad-Aware Free Version
2) Spy-Bot Search&Destroy
3) AVG Free Spyware Edition AND AVG Free Virus Edition Get both, they are 2 seperate downloads. I have caught so many problems with this that Norton never picked up. <3
4) Firefox
5) ProcessGuard
6) CCleaner
7) Kapersky Anti-Virus -- Proved to show that it can prevent this Trojan from Auto-Downloading.

Step-by-Step Walkthrough:

1) Get those programs and open them. Update them first, once they are installed.
2) Run them, fix any problems, delete any bad files, etc, etc.
3) Once all that is done, do this:
Start Menu > Search > All Files and Folders > Click Advanced Options > Search System Folders, Hidden Folders, Search Subfolders > Type in the Search Field: rsbo.exe

Repeat said steps for ALL these files:

rsbo.exe
kb1ss1p.dll
kb1ss1p.sys
in3.dll

4) If you find the files, delete them asap. If you cannot delete them, post here, we'll try to figure out how to do it.

5) Search the Registry by doing this:

Start Menu > Run > type in "regedit" and click OK > Highlight My Computer in the newly opened Regedit box > Click on Edit > Click on Find > type in rsbo.exe

Repeat said steps for ALL these files:

rsbo.exe
kb1ss1p.dll
kb1ss1p.sys
in3.dll

6) If you find anything with those listed delete them immediately. Note: you may find something with a really long name when you look for "in3.dll" it's not it, it's actually a plugin3.dll :p

Secondary note: You will find strings related to your previous Start Menu > Search functions. It is just indicating that you recently did a search on this. Just to clear that up, I know it scared a lot of people.

7) Restart your computer, research to make sure it's all gone. You should be clean.

8) If you are all clean, now is the time to change your password in case RMT have gotten it. Do so. If you want 100% extra security, call SE, have them change it.


Edited, Apr 10th 2008 10:15pm by Exodus

Edited, Oct 14th 2008 12:59am by Pikko
#2 May 25 2008 at 12:33 PM Rating: Good
***
1,197 posts
Greetings!

This post is very, very specific in regards to the MMO trojan.

First off, this:
Quote:
Secondary note: You will find strings related to your previous Start Menu > Search functions. It is just indicating that you recently did a search on this. Just to clear that up, I know it scared a lot of people.


did make me panic, up til it was pointed out that there was other crap in there, like "pokemon" and "simcity ds", which I had also recently searched for.

In the past two days I've had the pleasure of failing login due to invalid password and then being spammed on MSN with "omg did you move to Shiva" messages. My character and all my mules have indeed been moved to Shiva (with no WT fee on the CC, tho whether this is due to the long weekend or the billing information being changed, I've no clue).

So, the first thing I did was check to see that NOD32 was up to date (yes) and check its log for threats, and ensure it was still doing its scheduled once-a-week scans (yes). The only note in the log was one hit from my spam mail folder for an email phishing virus, telling me NOD32 had deleted it upon receipt.

Then I ran AdAware (since it's quicker). The only hits it got were on tracking cookies. I then ran a full on-demand scan in NOD32 - nothing.

I have since run scans using AVG, McAfee, and Symantec, (free downloadable versions and/or web-based, as applicable) all resulting in nothing, as well as Network Associates/McAfee's Stinger software.

Two people have my POL ID - myself, and my husband, who pays for my account. I have logged in on my machine and from his this past March, as well as as a guest login on a PS2 back in February.

No people have my curent password. As in, I don't even currently have it (prior to losing my account, I mean). See... I change my password every 4-5 weeks, with the most recent change being on or around May 10, which I remember because I'd just started doing KSNM service (and I have that date written down). I never told my husband my new password, and I didn't write it down. I then managed to forget it in short order and had to go on "the hunt" to locate my original manual so that I could get password retrieval services from POL, but... since it wasn't inconveniencing me, I just kept putting it off. I'm not sure it'd have made a difference now.

The only gaming related sites I visit are here, the wiki, and ffxiah.com as well as forums at yuku, and on my own domain. Aside from that I don't surf much past Google, YouTube, gamespot, and imdb, or the links my husband sends me via MSN from work (so things like odd CNN news stories and random geeky things like an R2-D2 projector/media center).

This machine has always had NOD32 installed and running, since its creation. The only 3rd party media player I use is iTunes. I use IE7 Pro. My automatic updates are on for critical & security updates. I have not installed SP3. I have installed NOD32, AdAware, Adobe CS, Macromedia Studio, Azureus Vuze, Nero, Win-DVR (gogo 2nd monitor w/Cartoon Network, lol), Fraps, Thunderbird, Firefox, TaskSwitchXP, 7-Zip, WinRAR, Zune, FFXI, and Age of Conan on Tuesday and mIRC last night.

I am... confused. My account was hijacked and moved to Shiva. My husband's was not. Both are set to auto-login when selected from the menu in POL on my machine.

Again, this thread is very specific, about a single version of the MMO trojan, while checking any virus DB will show that there are numerous varities. If there's something else I should be using to scan or check for, please do share. I'm at my wits' end. There are only so many ways/times I can scan my machine and come up empty-handed.

Edited in the interests of clarity and specifics.

Edited, May 25th 2008 4:34pm by Arketa
#3 May 27 2008 at 4:12 AM Rating: Good
***
1,428 posts
Arketa wrote:
Greetings!

This post is very, very specific in regards to the MMO trojan.

First off, this:
Quote:
Secondary note: You will find strings related to your previous Start Menu > Search functions. It is just indicating that you recently did a search on this. Just to clear that up, I know it scared a lot of people.


did make me panic, up til it was pointed out that there was other crap in there, like "pokemon" and "simcity ds", which I had also recently searched for.

In the past two days I've had the pleasure of failing login due to invalid password and then being spammed on MSN with "omg did you move to Shiva" messages. My character and all my mules have indeed been moved to Shiva (with no WT fee on the CC, tho whether this is due to the long weekend or the billing information being changed, I've no clue).

So, the first thing I did was check to see that NOD32 was up to date (yes) and check its log for threats, and ensure it was still doing its scheduled once-a-week scans (yes). The only note in the log was one hit from my spam mail folder for an email phishing virus, telling me NOD32 had deleted it upon receipt.

Then I ran AdAware (since it's quicker). The only hits it got were on tracking cookies. I then ran a full on-demand scan in NOD32 - nothing.

I have since run scans using AVG, McAfee, and Symantec, (free downloadable versions and/or web-based, as applicable) all resulting in nothing, as well as Network Associates/McAfee's Stinger software.

Two people have my POL ID - myself, and my husband, who pays for my account. I have logged in on my machine and from his this past March, as well as as a guest login on a PS2 back in February.

No people have my curent password. As in, I don't even currently have it (prior to losing my account, I mean). See... I change my password every 4-5 weeks, with the most recent change being on or around May 10, which I remember because I'd just started doing KSNM service (and I have that date written down). I never told my husband my new password, and I didn't write it down. I then managed to forget it in short order and had to go on "the hunt" to locate my original manual so that I could get password retrieval services from POL, but... since it wasn't inconveniencing me, I just kept putting it off. I'm not sure it'd have made a difference now.

The only gaming related sites I visit are here, the wiki, and ffxiah.com as well as forums at yuku, and on my own domain. Aside from that I don't surf much past Google, YouTube, gamespot, and imdb, or the links my husband sends me via MSN from work (so things like odd CNN news stories and random geeky things like an R2-D2 projector/media center).

This machine has always had NOD32 installed and running, since its creation. The only 3rd party media player I use is iTunes. I use IE7 Pro. My automatic updates are on for critical & security updates. I have not installed SP3. I have installed NOD32, AdAware, Adobe CS, Macromedia Studio, Azureus Vuze, Nero, Win-DVR (gogo 2nd monitor w/Cartoon Network, lol), Fraps, Thunderbird, Firefox, TaskSwitchXP, 7-Zip, WinRAR, Zune, FFXI, and Age of Conan on Tuesday and mIRC last night.

I am... confused. My account was hijacked and moved to Shiva. My husband's was not. Both are set to auto-login when selected from the menu in POL on my machine.

Again, this thread is very specific, about a single version of the MMO trojan, while checking any virus DB will show that there are numerous varities. If there's something else I should be using to scan or check for, please do share. I'm at my wits' end. There are only so many ways/times I can scan my machine and come up empty-handed.

Edited in the interests of clarity and specifics.

Edited, May 25th 2008 4:34pm by Arketa


You forgot to mention that you had gone to somepage and then got pop ups when you went to BG, these you did nt lost in sites you visit.
#4 May 27 2008 at 7:47 AM Rating: Good
***
1,197 posts
shibaaa wrote:

You forgot to mention that you had gone to somepage and then got pop ups when you went to BG, these you did nt lost in sites you visit.


I went to Somepage Sunday, two days after I lost my account, after I figured "wth it's too late, might as well go look, might help with cleaning my machine now", and about five hours after I posted this thread.

There is no "Kirasha.A" worm on my machine currently, there is no information about what exactly it is, or does, to be found via Google, or in any of the major virus database sites that I have checked, aside from that it is a "generic worm", nor is it listed or does it seem to be related to any of the known MMO trojans, or their varities which are listed in known virus databases such as this.
#5 May 27 2008 at 4:04 PM Rating: Good
Ok, I created a login here just to let you all know what I have found. It seems that FFXIah.com is the common factor. Both my Girlfriend and myself visited the site and her account was compromised and my account was stolen and transfered. I noticed the previous post had also visited that site. I am going to warn everybody I know to not visit that site. I am not saying it is the only culprit but it just seems to be the most obvious. Three visitors and all three got hacked.
#6 May 30 2008 at 3:21 AM Rating: Good
I'm glad I stumbled across this thread. Arketa, my account was also recently stolen (sometime between the 20th and the 24th). Saturday the 24th was the first day I tried to log on and I received an error saying the password was incorrect. SE support wasn't available over the weekend or on Memorial Day so I had to wait until Tuesday to contact them. On Tuesday (27th), I managed to get a SE representative to reset my password. I logged on to find that my 5 mules had been deleted and my main character had been transferred to Shiva and had a new name (Kyarufyoru). It seems that we've encountered the same trojan.

This also happened to occur just as I bought a new computer. I'm fairly sure that it was my old computer that was compromised. I hooked it up and only ran Ad-Aware which only turned up tracking cookies. I'd really like to find out more about this trojan and where I may have gotten it. All of the websites I've visited recently are ones I've visited many times before (Somepage, ffxiclopedia, killingifrit, ffxionline, allakhazam, ffxiah). Since I had just recently reactivated my account, I also downloaded the newest version of Windower.

Does anyone know if it's possible to track a keylogger? I'm pretty sure it's still on my old computer, but I don't know exactly how they work. Once they log your info, they have to broadcast the information. Do they only open a port for a brief moment or is a port left open? Will a keylogger only report a password that is successful or are all login attempts logged?

Anyway, I felt compelled to respond because we both were hacked at about the same time and both transferred to the same server. By the way, you won't be charged for the World Transfer until June 1st. I honestly haven't decided if I want to go through with the data recovery (which means paying $18 to keep my account active through June) or taking all of the money off of the credit card before the bill date to avoid all of the costs. I don't plan on playing the game anymore, but I need to ask SE if they do anything to punish the account thieves once they confirm that the account was compromised. That alone would make the fees worth it.
#7 May 30 2008 at 3:43 AM Rating: Good
Hmm, I suppose this thread:

http://wow.allakhazam.com/forum.html?forum=10;mid=1197452542237332319;num=51;page=1

Would have been useful to me a few weeks ago...

EDIT:

Scanned the old computer with AVG and turned up the trojan described here:

http://www.allakhazam.com/forum.html?forum=10;mid=1212090316125862848

I found the file C:\WINDOWS\system32\smart.dll and have so far been unable to remove it. The file was created and last modified on May 12th and seems to have been the reason for an error I would get occasionally when trying to run FFXI (Interface not supported). At the time, I didn't think much of the error because I was usually able to get back into the game after a second attempt. I had tried to find information about the error through google with no luck.

I'm not in any real hurry to get the Trojan off of that computer because I don't use it anymore, but I would be interested in discovering where it may have come from. I play FFXI off and on and was until now unaware that various FFXI websites have been hacked. It appears that ffxiclopedia was also affected. A problem report filed at their site recently says the issue has been fixed.

http://wiki.ffxiclopedia.org/wiki/Special:ProblemReports/10168

As I said earlier, It's not likely that I'll ever play FFXI again. Does anyone know if there's anything more you can do than just cancelling Content IDs? Is there any way to remove your credit card information from the PlayOnline account in case the account is stolen again? Or even just delete the entire PlayOnline account completely? A SE Representative said he unsubscribed my PlayOnline account for me but I'm really not sure what that means.



Edited, May 30th 2008 8:48pm by TwistidSoul
#8 May 31 2008 at 4:10 AM Rating: Good
*
134 posts
TwistidSoul wrote:


Scanned the old computer with AVG and turned up the trojan described here:

http://www.allakhazam.com/forum.html?forum=10;mid=1212090316125862848

I found the file C:\WINDOWS\system32\smart.dll and have so far been unable to remove it. The file was created and last modified on May 12th and seems to have been the reason for an error I would get occasionally when trying to run FFXI (Interface not supported). At the time, I didn't think much of the error because I was usually able to get back into the game after a second attempt. I had tried to find information about the error through google with no luck.[/sm][/i]


I used safe mode + Hijackthis to "fix it" then deleted the file manually in safe mode. Ran Hijackthis again in normal mode (and browsed to previous file location) and the file was no longer there.
#9 Jun 04 2008 at 1:59 AM Rating: Excellent
For those who still use IE for their web navigation, I will suggest these actions too:

- upgrade to IE7, older versions have too much well know vulnerabilities, and I dunno if MS had fixed them all, not to mention support and fixes have been dropped for older versions

- Go Tools -> Internet Options -> Security, click on Internet zone, then click on Default level (we adjust it then), make sure the slider is set to "medium-high" (why not high? it is because casual download will be blocked, and I dont wanna lower security just to download from one site, more security will be added by hand now)

- now click on "custom level"
- on the settings, take these actions:
* Downloads - Automatic prompting for file downloads: Enable (was disabled, if it was enabled you missed something on previous instructions!)
* Downloads - File download: Enable
* Miscellaneus - Display mixed content: Enable (dont worry, if you try to send a form to nonsecure page, a prompt will shows, you can decide if goin on or not; this setting is set because it is common that even secure sites will store their images elsewhere, causing annoying pop ups of mixed content warnings)
* Miscellaneus - Launching applications and unsafe files: Prompt (needed to unlock downloads from any website)
* Scripting - Active scripting: Enable (I really HATE to have this set on, but as today, without javascript, any web surfin is a pain-in-da-***, maybe today web authoring tools made so easy to setup a webpage that some webmasters thinks to be webmasters, but if they take a look on sources they havent a clue on whats goin on; so sorry mates, we have to bear with it...)

- Press OK ->Are you sure....-> OK
- Press Apply, then OK

Now you think we are done? Not yet, we have now to setup security to use with web sites we trust a little more: for example, with above settings you cant watch youtube videos.

- Go Tools -> Internet Options -> Security, click on "Local Intranet" zone, then click on Default level, make sure the slider is set to Medium-High, then click on Apply
- now click on "custom level"
- on the settings, take these actions:
* ActiveX controls and plug-ins - Run ActiveX controls and plug-ins: Enable
* Downloads - Automatic prompting for file downloads: Enable
* Downloads - File download: Enable
* Miscellaneus - Display mixed content: Enable
* Miscellaneus - Launching applications and unsafe files: Prompt
* Scripting - Active scripting: Enable
Press OK -> are you sure... YES -> Apply -> OK

Now you can add in Intranet zone all sites you trust at least for running activex controls, here is the procedure to add, as example, youtube.com:

- Go Tools -> Internet Options -> Security, click on "Local Intranet" zone, then click on Sites button
- Make sure ALL settings are disabled (they are 4 checkboxes)
- click on Advanced
- In the "Add this website..." box add your site, example: *.youtube.com (note: *.youtube.com means: ALL sites who ends in ".youtube.com", this way even scrips.youtube.com is added)
- click on Add button
- Make sure the checkbox "require server authentication..." is disabled
- Click on Close button -> OK -> OK

Most likely these settings are enough to let also your bank or CC website working, if not, add them to your Trusted zone, I think you are smart enough on how to do it now.

One note: it happens sometimes that your unlocked site still not working properly, this happens because the site is using pages or scripts coming from a different website, which have to be trusted too!

As example, ebay: I have *.ebay.it in my Intranet zone, but some things will not works, so I take a look in source pages and I found some scripts are coming out the ebay.com site, so I added *.ebay.com and now all workin fine.

And last resource for security is your brain: no antivirus, no firewalls, nothing at all can protect you, when you click on "YES" botton of any popup that will state "Can I mess up with your PC?" So please think twice before allowing any actions coming from the site you are visiting: is that action necessary? Have I triggered it? Was it a result of something I'm doin here?

Have fun!

#10 Jun 04 2008 at 6:12 AM Rating: Excellent
*
154 posts
I got hacked from logging onto my girlfriends computer for 2 whole minutes. After my account was stolen I went through her comp and found everything on this page. She used to go to ffxiah and ffxi-atlas. I went through all her computer logs and found the IP address of the hackers. Here is the guy who most likely has your account too.

inetnum: 125.40.0.0 - 125.47.255.255
netname: CNCGROUP-HA
descr: CNCGROUP Henan province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: WW444-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HA
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20051011
changed: hm-changed@apnic.net 20051020
source: APNIC

route: 125.40.0.0/13
descr: CNC Group CHINA169 Henan Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20060118
source: APNIC

role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC

person: Wei Wang
nic-hdl: WW444-AP
e-mail: abuse@public.zz.ha.cn
address: #37 Wei Wu Road, Zhengzhou, Henan Provice
phone: +86-371-65952358
fax-no: +86-371-65968952
country: CN
changed: wangw@data.zz.ha.cn 20060205
mnt-by: MAINT-CNCGROUP-HA
source: APNIC



Edited, Jun 4th 2008 10:25am by Ilostmyclothes
____________________________
Tuffguy 75 nin, 75 rng, other useless jobs ^^
100+3(+3) woodworking, 98 fishing, 60 alchemy, 60 bonecraft, 60 smithing, other assorted junk




#11 Jun 04 2008 at 6:51 PM Rating: Excellent
Mistress of Gardening
Avatar
*****
14,661 posts
You wouldn't happen to be that naked Elvaan mule Ilostmyclothes that walks around following Dazi Nosuk would you?
____________________________
Yum-Yum Bento Box | Pikko Pots | Adventures in Bentomaking

Twitter


[ffxivsig]277809[/ffxivsig]
#12 Jun 04 2008 at 8:30 PM Rating: Good
*
154 posts
The naked Elvaan is Bouncybouncy. I was the naked Mithra that followed along too. My account was hacked and moved to Seraph though so I won't be doing any following anytime soon.
____________________________
Tuffguy 75 nin, 75 rng, other useless jobs ^^
100+3(+3) woodworking, 98 fishing, 60 alchemy, 60 bonecraft, 60 smithing, other assorted junk




#13 Jun 04 2008 at 8:43 PM Rating: Good
*
221 posts
I was hacked the same day as Tuff, so you won't be seeing Bouncybouncy anytime soon either. I used to enjoy the odd looks I used to get by following that NPC. I guess that's just one more thing I will miss :(.

BTW, we submitted a screenshot that you posted on this site in the beginning of December. It was a tribute to a fallen NFL player. Tuff played the part of Sean Taylor with angel wings. Others in the pic were, Almighty, Ryder, Blackwindz, Deathocha, Citreille, Haliu, Jekmu, and Ackanhife. I still have that pic. It is one of my treasured FFXI memories.

I have so many treasured memories. /sigh

/derail off
____________________________
Windy Mule
75 BLM, WHM, SMN

SorenIsKing wrote:
I have returned!

And don't know what to do :P
#14 Jun 05 2008 at 9:23 AM Rating: Excellent
The walk through is excellent, but the removal should be done in safe mode. Many viruses post an uninstall.txt that is a batch program to reinstall the virus should it be removed. Restarting safe mode and removing it disables any program to reinstall, then search for uninstall.txt in the regedit file deleting it. This should also help.
#15 Jun 06 2008 at 9:42 AM Rating: Good
I think one of the worst ways of loosing your account to a hacker or rmt is when you get to watch them log in and out of all your characters, taking all your stuff..
I quit playing about 5 months ago now, but my mom and dad play. last night i got a text from my mom saying how her and my dad were doing the lure of the wildcat quests.. (yes, finally just now) and all of a sudden she got booted off and couldn't get back on.. then what do you know, little Kototo came back online headed to the deliv box and dropped off all her stuff, going to the mog house then back to deliv box; while my dads char (and my mom sitting there with him) followed Kototo around not believing what was happening. then off went that char and on came her mules, rinse and repeat.
So i get these texts telling me whats going on and how should she fix it? what should she do?, which i can't really keep up to cause im out finally having a life(ahahahhaa) so i decide to call her and assure her all her CC info and stuff should be safe, but shes all flustered about her banking info on the computer so she drives 30 minutes to my uncles house to use his computer to change all her passwords and whatever, while she's ******** at me about what happened not much i can do besides telling her that tomorrow i can come over and fix her computer up.
But really, im so sick of this account stealing ****. (btw they did change the password back on her nakid empty chars, they didnt delete them) It pisses me off, my mom doesn't use scripts or anything like that; she simply didn't know that certain sites are bad. i think the highest level she has gotten(in 4 years) is like 52, which she was bragging to me about so proudly that morning before. i doubt she even had anything worth over 50k. I told her she could reactivate my account and take my stuff off there and sell it, but now she's done playing. Which is sad.. someone who acually liked to play the game, who had fun (not saying everyone doesn't) but she wasn't just there to go kill gods or show up for ls events. She just ran around doing quests and whatever with my dad. Now my sisters account -which is now retired but my mom uses if she needs to pwn- can't be accessed. Goodbye gear? most likely. such a pitty.
Does SE even try to stop this? no. What a game. Not to mention the user agreement, i'm not sure if any of you have ever really read it, but its a load of crap lol.
Anyways, i guess i'll end this rant.
#16 Jun 11 2008 at 7:11 AM Rating: Excellent
I looked through the post here and didn't see this mentioned, sorry if it already was and I missed it. AVG Free Spyware Edition is no longer available and will soon no longer be updated.
#17 Jun 11 2008 at 7:18 AM Rating: Good
I got hacked on saturday the 7th sometime in the early morning but I noticed an additional charge on my credit card I did not make. I quickly cancelled the charge and tried to contact the vendor and what do you know... the e-mail to contact them does not work and the phone just has some message where they ask for some personal information name e-mail and phone. Any of you recieve charges from i-platform.net?

The funniest thing about my hacking is that I am a noob. They moved me from Caitsith to Hades and all they got was 100k my friend gave me they left all my noob equips cause it wasn't even worth their time.
#18 Jun 15 2008 at 12:28 PM Rating: Excellent
Avatar
**
842 posts
They've really hidden AVG Free, but it's still around. Here. They have put some antispyware features into their antivirus now. Long live AVG.

As for antispyware, I'm just gonna have to find something else once my compeh is back up.
____________________________
Elizara, Mithran WHM of Quetzalcoatl
LS's: SpecialFriends, ShikigamiWeapon, Noble's, WeSayHurray, JingZen, Betrayed (Dynamis and Aby)

Still a MithraPride kitty at heart, tho that shell is gone..Also still CTY at heart forevah!

Midgard: NEVER FORGET.

Alla profile: http://ffxi.allakhazam.com/profile.xml?11530

Thinking about swapping from console to PC? Check here to do it right!
#19 Jun 26 2008 at 7:32 AM Rating: Good
**
452 posts
There's a thread on the BST Forum that makes a reference to a file called "smart.dll," which may be another logger. Might want to add it to that overall list.

I just checked my work computer here, and actually found all 5 of those files in my registry o.O I don't have POL on this system, but I have accessed Flist Plus before they added that keyboard option...I'm praying I don't find myself hit at some point ><
#20 Jun 30 2008 at 3:34 PM Rating: Good
**
561 posts
ok, this may be a noob question when it comes to internet security, so please dont flame me. i read somewhere to start using firefox instead of IE, to download NoScript, addblock plus and keyscrambler, and to turn on 'block iframes'. ive downloaded and installed the add-ons, but cant for the life of me find how to turn on 'block iframes', not in internet options, or anything. where is that option located?
#21 Jul 04 2008 at 6:01 AM Rating: Good
Avatar
**
842 posts
Check this out: http://forums.windower.net/index.php?showtopic=11323

That guy explains it better than I could, but don't worry too hard about Flashblock. Thanks to updates in Noscript, Flashblock is no longer necessary.

Basically though; it's in tools/addons, find noscript, options.
____________________________
Elizara, Mithran WHM of Quetzalcoatl
LS's: SpecialFriends, ShikigamiWeapon, Noble's, WeSayHurray, JingZen, Betrayed (Dynamis and Aby)

Still a MithraPride kitty at heart, tho that shell is gone..Also still CTY at heart forevah!

Midgard: NEVER FORGET.

Alla profile: http://ffxi.allakhazam.com/profile.xml?11530

Thinking about swapping from console to PC? Check here to do it right!
#22 Jul 30 2008 at 10:37 AM Rating: Decent
4) "Programs you should be getting"

ESET Smart Security, also known as NOD32.
#23 Sep 28 2008 at 1:33 PM Rating: Decent
Quote:

4) "Programs you should be getting"

ESET Smart Security, also known as NOD32.



nahh!

Avira AntiVir Personal (free!!)
#24 Oct 08 2008 at 1:11 PM Rating: Decent
*
63 posts
I'm just starting the game and this thread is disconcerting. I use AntiVir and run AdAware monthly, and know not to download suspicious exe's, but is account theft still an issue? Seems like people here had accounts stolen in spite of not being idiots and downloading every trojan imaginable. A stolen MMORPG account sounds like a nightmare...
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 307 All times are in CST
Anonymous Guests (307)