Threads of interest:
Website infected with trojan
Prevent Yourself From Being Hacked Part I
Prevent Yourself From Being Hacked Part II
Protect Your PC - A Guide
Gener Tips To Avoid Account Theft
Thanks very much to Airenn for this information.
Quote:
Aight guys, listen up. I am going to do my best to walk everyone through how to protect your computer and get this spyware/keyloggers off before anymore people get hacked.
If I can think to add anymore, I'll mention the update here.
12/11/07 Posted, and I hope it helps.
-Added some programs, and recommendations on password security/saving. Thanks guys!
-Changed title, cause I want to make sure people know this is specifically for the hackings.
First things first:
Actions that need to be taken immediately:
1) Take this post to your LS Forums. Post it.
2) No forums? LS Message, broadcast on FFXI, send them(LS), friends, people you know, to BG to read it. (Publicizing BG and preventing hacks<3)
3) Run Anti-Spyware.
4) As for your PW method? You're on your own.
Programs you should be getting:
1) Ad-Aware Free Version
2) Spy-Bot Search&Destroy
3) AVG Free Spyware Edition AND AVG Free Virus Edition Get both, they are 2 seperate downloads. I have caught so many problems with this that Norton never picked up. <3
4) Firefox
5) ProcessGuard
6) CCleaner
7) Kapersky Anti-Virus -- Proved to show that it can prevent this Trojan from Auto-Downloading.
Step-by-Step Walkthrough:
1) Get those programs and open them. Update them first, once they are installed.
2) Run them, fix any problems, delete any bad files, etc, etc.
3) Once all that is done, do this:
Start Menu > Search > All Files and Folders > Click Advanced Options > Search System Folders, Hidden Folders, Search Subfolders > Type in the Search Field: rsbo.exe
Repeat said steps for ALL these files:
rsbo.exe
kb1ss1p.dll
kb1ss1p.sys
in3.dll
4) If you find the files, delete them asap. If you cannot delete them, post here, we'll try to figure out how to do it.
5) Search the Registry by doing this:
Start Menu > Run > type in "regedit" and click OK > Highlight My Computer in the newly opened Regedit box > Click on Edit > Click on Find > type in rsbo.exe
Repeat said steps for ALL these files:
rsbo.exe
kb1ss1p.dll
kb1ss1p.sys
in3.dll
6) If you find anything with those listed delete them immediately. Note: you may find something with a really long name when you look for "in3.dll" it's not it, it's actually a plugin3.dll :p
Secondary note: You will find strings related to your previous Start Menu > Search functions. It is just indicating that you recently did a search on this. Just to clear that up, I know it scared a lot of people.
7) Restart your computer, research to make sure it's all gone. You should be clean.
8) If you are all clean, now is the time to change your password in case RMT have gotten it. Do so. If you want 100% extra security, call SE, have them change it.
If I can think to add anymore, I'll mention the update here.
12/11/07 Posted, and I hope it helps.
-Added some programs, and recommendations on password security/saving. Thanks guys!
-Changed title, cause I want to make sure people know this is specifically for the hackings.
First things first:
Actions that need to be taken immediately:
1) Take this post to your LS Forums. Post it.
2) No forums? LS Message, broadcast on FFXI, send them(LS), friends, people you know, to BG to read it. (Publicizing BG and preventing hacks<3)
3) Run Anti-Spyware.
4) As for your PW method? You're on your own.
Programs you should be getting:
1) Ad-Aware Free Version
2) Spy-Bot Search&Destroy
3) AVG Free Spyware Edition AND AVG Free Virus Edition Get both, they are 2 seperate downloads. I have caught so many problems with this that Norton never picked up. <3
4) Firefox
5) ProcessGuard
6) CCleaner
7) Kapersky Anti-Virus -- Proved to show that it can prevent this Trojan from Auto-Downloading.
Step-by-Step Walkthrough:
1) Get those programs and open them. Update them first, once they are installed.
2) Run them, fix any problems, delete any bad files, etc, etc.
3) Once all that is done, do this:
Start Menu > Search > All Files and Folders > Click Advanced Options > Search System Folders, Hidden Folders, Search Subfolders > Type in the Search Field: rsbo.exe
Repeat said steps for ALL these files:
rsbo.exe
kb1ss1p.dll
kb1ss1p.sys
in3.dll
4) If you find the files, delete them asap. If you cannot delete them, post here, we'll try to figure out how to do it.
5) Search the Registry by doing this:
Start Menu > Run > type in "regedit" and click OK > Highlight My Computer in the newly opened Regedit box > Click on Edit > Click on Find > type in rsbo.exe
Repeat said steps for ALL these files:
rsbo.exe
kb1ss1p.dll
kb1ss1p.sys
in3.dll
6) If you find anything with those listed delete them immediately. Note: you may find something with a really long name when you look for "in3.dll" it's not it, it's actually a plugin3.dll :p
Secondary note: You will find strings related to your previous Start Menu > Search functions. It is just indicating that you recently did a search on this. Just to clear that up, I know it scared a lot of people.
7) Restart your computer, research to make sure it's all gone. You should be clean.
8) If you are all clean, now is the time to change your password in case RMT have gotten it. Do so. If you want 100% extra security, call SE, have them change it.
Edited, Dec 12th 2007 11:40am by ImperialNinja
Edited, Dec 12th 2007 11:43am by ImperialNinja
Edited, Dec 12th 2007 6:39pm by ImperialNinja
Edited, Dec 12th 2007 6:40pm by ImperialNinja
Edited, Dec 29th 2007 8:46pm by ImperialNinja
Edited, Apr 10th 2008 10:12pm by Exodus
