Well i didnt get around to transfering my characters to b.net yet it was on my list of things to do. tried to log in on my 4 box shamans today and 1 of my 4 accounts was xfered to a b.net account. Tried retyping making sure everything was right. it was. so logged in on other toons and added main shaman to friends list sure enough someone stole my main account somehow and added it to their b.net account. As if it isnt bad enough its saturday and i cant do a damn thing about it. Only thing i downloaded lately was ISboxer and Innerspace to convert from keyclone. guess thats what it was somehow. Anyone have any ideas what i can do to fix this before monday?

Well hes currently tele hacking around borean tundra with my rogue. Nothing worse than seeing someone abuse your characters and nothing you can do about it. Blizzard had better fix this crap and i want it exactly the way it was. I will accept nothing less.

Have you tried opening an ingame ticket with a GM?

Have you tried opening an ingame ticket with a GM?


Normally they don't really take reports from other accounts about hacking, but since you should all be from the same registered e-mail....

Idk about your server, my GM times though run 24 hours, but better than Monday. Try the CS forums, there are GM's there and even though they say they don't like reports there, they can see it's the same e-mail and lock your account.

Good luck w/ that.

I have a ticket open but last ticket i put in took like 32 hours for them to respond. I want them to lock the account till monday so i can provide info to get it all back. CS forums? sorry cant think right now!

I doubt very much that ISBoxer or Innerspace was the culprit. You do not have to download an application to have your account hacked in fact I am sure a large percentage of hacks are key loggers from website ads.

http://forums.worldofwarcraft.com/thread.html?topicId=9679802928&sid=1&pageNo=1#7

1. What are you using for browser/anti-virus/anti-spyware? Did you find and remove the keylogger before you did anything at all with the other accounts?

2. It would be really, incredibly stupid of Lax to spend all the time he has here, helping people learn about IS, only to turn around and stick a keylogger in it, especially since his program is subscription based. Unless you have a cracked version, in which case I'd have to say...not nice things.

Only thing i downloaded lately was ISboxer and Innerspace to convert from keyclone. guess thats what it was somehow.


lolcatz

yah, that must be it.

Didnt mean to point the blame but was clearly stating that was the last 2 things i downloaded before this happened which was 2 nights ago the only websites i browse is wow armory and db website. Im very anal about what sites i go to on this computer i dont even really check my email and when i do i only click links to people im certain that i know. Somthing else that makes me confused is why was it just 1 account and not all 5. Very strange since i was on all of them logging in and out alot.

Any link you clicked could be the culprit.
You don't need to download anything, although an unknown .exe or .com or .bat program could do it too.

I'd personally recommend (after the format) running Firefox with the No Script addon.
If you don't have an anti-virus type program, get one.
I personally like Kaperski, but Norton or McAffee are great too.

Sorry this happened to you.
The people who do this shit are the scum of the earth.
But then people buy gold and such, which keeps the scum in business too.

Hey I'm with you, banned till Monday on 1 account of my 5. The worst part is I'm stationed in Korea, 1.55 dollars a minute to sit on hold is not my idea of fun. I hope I can get this straightened out, I've never supported gold sellers in any format, nor have I been powerlevelled by the same people/scum. I received a 72 hour ban for exploitation of the economy...not sure what it was that I did that incited a ban but I seriously hope it was simply a blizzard warden automated behavior that can be easily reversed. Good luck, and if your method doesn't work I'll let you know what I did and maybe it'll help you.

While your at it, get an authinticator.....

well Gm's responded to my ingame petition and i think they put a suspension on the account till monday which makes me feel a little better. I already ordered me up a blizzard authenticator dont know why i didnt do it sooner. Just got 1860 on my 5v5 if its not fixed by tuesday 3/4 chars will get points and 1 will most likely get rolled back to last night. still for the life of me i cannot figure out what i would have went to to get a keylogger. warcraftmovies.com, mmo-champ, wow armory sigh. Got norton running atm well see what happens

Firefox with Noscript helps.

still for the life of me i cannot figure out what i would have went to to get a keylogger.

I have been there too some month ago. Also on a WE, actually (sunday afternoon). Weirdly, they hacked into only one account (when they all have the same password). I didn't download or install anything, the Windows disk on my Mac is used only for WoW, and basically this forum. I also got an authenticator and also hatted myself for not doing it earlier.

Blizzard was very helpful and efficient about it. Within 2 days, my main characters on that account were up and running with money and gear back.

MMOChampion has waaaaay too many ads and crap that I block. If I wasn't running Opera with Javascript disabled I wouldn't go there at all. Not blaming the site, but the adservers they use...yeah, wouldn't touch them with a 10-foot pole.

Avast Anti-virus is free, you should ALWAYS have active anti-virus running. And from many accounts Norton is bloated crap.
CCleaner, also free, anti-malware.
Spybot S&D, also free anti-spyware.
http://www.eset.com/onlinescan/
http://www.f-secure.com/en_US/security/security-lab/tools-and-services/online-scanner/

Blizzard's forums were serving ads that had exploits, as well. There is no such thing as a "safe" website anymore. I suspect most if not all adservers are corrupted and infected, and it's not just for WoW accounts, there are people putting keyloggers out there for bank accounts and worse.

I run a Mac, but I still run Firefox and NoScript, and keep a close eye on Flash upgrades. Blizzard's forums have been getting ads lately that crash my browser, I havent been able to figure out if an ad is trying to start something, or trying to download something. Very suspicious.

For anyone who hasn't already done this, they are telling everyone to update to this certain flash 10 version that blocks a flash exploit:

http://forums.worldofwarcraft.com/thread.html?topicId=18971780374&sid=1

well scanned my computer with about 4-5 different anti virus norton, eset, avast ect all of them came up clean. So confusing, if it were a keylogger wouldn't they have gotten all 5 accounts not just one? seems really wierd they would only take 1.

While you are at it break up with your girlfriend or divorce your wife. They can be looking over your shoulder when you type in your password. :)

This is why you got hacked. Whatever they are doing is not detectable. Same thing when I got hacked.

FORMAT YOUR COMPUTER.

I second this. I was hacked three times (recently) in a matter of a few weeks. They only attacked one account and the only way to keep them out was to reformat and start over. For extra security, I have battle.net and iphone authenticator. But I played for a month or so with just battle.net on my newly formatted system and I was not compromised. You will not be able to find the key-logger or what ever they are using to get the information. I looked for it with everything available on the web.

Mark

guess ill have to give gateway a call to purchase the format discs wonder how much that is going cost me.

Not sure if it will help but we recently had a rash of hacking in my guild.

All of the computers come up clean but the peoples email accounts had been hacked. Only thing I can recommend is setting up a new email just for WoW,

Wish us aussies could get authenticators, even the Iphone one is not available to us.

On Win2000 there is a services called "Remote Registry Service", "telephony" and "telnet" and "task schduler" and "net meeting remote ..." and "runas"

Just disable any service that allows another computer to use yours or starts up programs without telling you. You have to go through all your services and disable the ones that you dont need its not easy but it just stops anyone from using your computer from another computer.


Then go here and use this program to see what starts when you start your computer:

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

If something isnt normal disable it. Any keylogger or virus has to start somehow.

This will eliminate 99 percent of problems. Ya sure someone can use a rootkit or whatever but if they are that sofisicated they will be haking banks and not yur shaman.

Also when you go to a site that is quesionable HARD SHUT DOWN YOUR COMPUTER right away from the on/off switch, don't ctrl/alt/del and let the computer save any settings.

Wish us aussies could get authenticators, even the Iphone one is not available to us.

Ahhh, wrong.

You can get physical auths mailed over (at a hefty price, but still) and you can get the mobile app for nearly all smartphones on Telstra, Vodaphone, Optus and a few others along with from the app store for iPhone and Touch.

I have the auth running on my Nokia N95 from Optus, took about 5 minutes to get downloaded and running after buying it from the blizzard frontend and selecting my carrier and phone from there.

I tried to get an authenticator and got told by blizz I couldnt, will get a friend to send me one if thats the case.

As to the iphone one, I downloaded it and its incompatable with either my Iphone or Telstra.

On Win2000 there is a services called "Remote Registry Service", "telephony" and "telnet" and "task schduler" and "net meeting remote ..." and "runas"

Just disable any service that allows another computer to use yours or starts up programs without telling you. You have to go through all your services and disable the ones that you dont need its not easy but it just stops anyone from using your computer from another computer.


Then go here and use this program to see what starts when you start your computer:

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

If something isnt normal disable it. Any keylogger or virus has to start somehow.

This will eliminate 99 percent of problems. Ya sure someone can use a rootkit or whatever but if they are that sofisicated they will be haking banks and not yur shaman.

Also when you go to a site that is quesionable HARD SHUT DOWN YOUR COMPUTER right away from the on/off switch, don't ctrl/alt/del and let the computer save any settings.

WTF? Why are you even talking about Windows 2000 when WoW has XP as a minimum system requirement (http://us.blizzard.com/support/article.xml?locale=en_US&articleId=21054).

At least the tool you linked is useful (and runs under Vista) but put the crack pipe down before you post next time please...

Cheers,
S.

I tried to get an authenticator and got told by blizz I couldnt, will get a friend to send me one if thats the case.

As to the iphone one, I downloaded it and its incompatable with either my Iphone or Telstra.

I am in Brisbane and I have three authenticator's running with Battle.Net. The shipping costs more than the authenticator, but it is well worth it.:)

Even to Canada, the shipping was more then the Authenticator.
Definitely worth the small cost though.

Have you guys ever thought that Blizz might be at fault for hacked accounts? You'd be surprised at how many large companies have vulnerabilities.

I laughed pretty good at all the "reformat/reinstall/firefox" suggestions.

Well, if virus scans turn up clean, but shit still happens, it seems to me that the virus is still there, but undetectable. And besides, it's good to reformat your pc every once in a while. I've been meaning to start imaging my computers right after I get em set up and working right, so I can just revert it to Day one whenever i have an issue.

I've been meaning to start imaging my computers right after I get em set up and working right, so I can just revert it to Day one whenever i have an issue.

It's a bit of a hassle to do it the first time around but oh so worth it!

Suggestion

Buy a new hard drive , install windows and start fresh.

never use your gamming machine for email, web, serfing etc.

Buy a cheap PC/laptop/etc for email and web.

ONLY thing you use your gamming PC for is WOW and WOW only never install addons

This has worked for me since they took and owned mine account .

That was almost 10 months ago and no problems yet.

Suggestion

Buy a new hard drive , install windows and start fresh.

never use your gamming machine for email, web, serfing etc.

Buy a cheap PC/laptop/etc for email and web.

ONLY thing you use your gamming PC for is WOW and WOW only never install addons

This has worked for me since they took and owned mine account .

That was almost 10 months ago and no problems yet.

I have been using 1 PC for everything from Grocery Lists to MMOs for a decade and have never been hit with a keylogger or virus. And I spend roughly 12 hours a day online. Housebound is fun, yes? :rolleyes: Proper security and learning what is not trustworthy is a lot cheaper and more effective than a separate computer.

I'll share with you something I wrote a few years ago when someone tried to break into my apartment in the middle of the night because this whole discussion made me think of it. 100% true story.


On Keyloggers and Reality.

Amid all the chaos with the cops here, I couldn't help but laugh when my head went from "oh shit, I'm getting robbed" to "OMG! Keylogged IRL!" The cops must have thought I was either crazy or lying when I had to stifle a giggle. Nervous reactions, hoo-boy.

I didn't think it could happen to me, but it did. At about 1AM EST last Thursday, I was going about my normal Startup processes. I have MakeLatte, Kat's Do Dishes ver 1.0 and BootSHDB2.5 {Super Heinous Death Box 2.5} all set to run at startup.

The latter two had completed their processes when Paranoid Cats Deluxe started giving me error messages about Unknown Users trying to access the system. I quickly launched Speeddial_husband.exe and grabbed Big Fuckin Knife out of my Tools folder and confirmed that Stranger.exe was trying to access Frontdoor using something called JimmyLock.

Luckily I had Frontdoor modded with DeadBolt, so I was able to slam BFK against Frontdoor to lock out write access and prevent the program from executing BreakWindow. I closed Speeddail_Husband.exe and launched CallCops {came with my system when I submitted my Local Resident User Agreement}, which immediatly deployed Broward Sherriff's Office '07 with K9 unit, Aerial Search and Local Perimeter.

Fortunately the only casualty was a Burned Milk error from MakeLatte.

I don't know where I got this keylogger from. My system is always on full lockdown and I don't allow any access from unknown sites. I have RandomVisitor disabled and always use Loner with the Antisocial plugin instead of Incredibly Extroverted. I always delete all junkmail unread.

The only thing I can think of is I have recently been using OpenWindows to help when my guild raids Powerbill. I never had a problem with it before, only now that it has gone from Winter06 to Spring07 build. Not to say that the problem is with OpenWindows, I love the program, but I think there may be an exploit out there somewhere that allows Stranger.exe to try and download when it sees OpenWindows users.

So, be careful. If you're running OpenWindows on a FirstFloor system, you should get the Windows patch for DrawBlinds to prevent unauthorized users from being able to browse your Stuff databases. If you have Secondfloor or higher, there is a highly reduced risk of this exploit, but it's still a good idea to have Deadbolt running at all times and no matter what you run, you should NEVER share your key with anyone except a spouse and maybe your children if they are highly responsible. Always update your Deadbolt with a new key if you are compromised by things like Breakup.

Even if you're using a system as obscure as Boonies or using Loner with Antisocial, you can still be hit. I suppose you could always use Hermit, but that's an awful lot of useability to give up when you could simply apply a little extra security and awareness to what is going on with your current system.

I love this ... definitely gave me a laugh.

The only secure PC is one that isn't turned on.

I'm laughing at you right now.

Even if Blizzard is at fault. They'll never admit it, and you can't force them to do anything about it. You have to assume its on your end.

You can only control your own PC. You might as well take care of it and secure it properly. If you don't have faith in blizzard, why are you giving them money?

Cool, keep putting words in my mouth. I do have faith in Blizzad, and I don't mind giving them money at all. The thing is no company is going to be 100% secure all the time. Twitter was recently hacked due to a Google app vulnerability. Shocker! Google being vulnerable! NO WAI!!!!

You mentioned you are "sorta" in the intrusion detection field, I'd imagine someone with your knowledge would know this. Then again you "nuked" Windows 7 in favor of XP because it "uses more memory".

I'm still laughing btw. Thanks!

@Khatovar

Pure Win! Sorry you had to experience system problems like this. Might I recommend my two friends to help with the situation? Smith & Wesson.

Barring AmbulanceChasingLawyer.exe, HotLeadtoBreakingandEntering version 357 (38 or 44 are very good also) is an excellent defense if FrontDoor is offline.

:)

I love this ... definitely gave me a laugh.

The only secure PC is one that isn't turned on.

Although one not connected to the internet is fairly secure and infinitely more useful then an off PC.




Really liked your story Khat.

Can't say I'm a fan of S&W...my uncle used one of those programs to terminate his access permanently. The other half had a MAC10, but he was quick to delete that one when we got pregnant. That didn't work out for us, so he sometimes talks about installing another version, especially since it's been 2 years and we're still hearing of other people on our network getting Keylogged in the same manner.

To OP:
Fursphere is right, if you haven't done it already do it now, even if you do find the virus with a virus scanner chances are you won't be able to remove it.

And to this angry individual....

Cool, keep putting words in my mouth. I do have faith in Blizzad, and I don't mind giving them money at all. The thing is no company is going to be 100% secure all the time. Twitter was recently hacked due to a Google app vulnerability. Shocker! Google being vulnerable! NO WAI!!!!

You mentioned you are "sorta" in the intrusion detection field, I'd imagine someone with your knowledge would know this. Then again you "nuked" Windows 7 in favor of XP because it "uses more memory".

I'm still laughing btw. Thanks!
I pronounce you Sir Sofa King Wee Tah Did

Why would you laugh at formatting suggestions? Because you like having keyloggers? Kinda like having crabs you grow attached to them? Or vise versa....

Blame Blizzard? Sure, we can, they DID admit they were in the wrong once, but remember they don't surf the internet where you can accept viruses left and right 14x hours a day... After not only gaming and being a poor student for many years having to fix stuff myself and then working in the field, shit happens and 9/10 times format = 10x easier then "removing the virus" 3+ hrs virus removal or 2 or less hours of formatting...I think you Sir Sofa King can do the math there ;)

Oh and funny story Khat, was great =P

To OP:
Fursphere is right, if you haven't done it already do it now, even if you do find the virus with a virus scanner chances are you won't be able to remove it.

And to this angry individual....

I pronounce you Sir Sofa King Wee Tah Did

Why would you laugh at formatting suggestions? Because you like having keyloggers? Kinda like having crabs you grow attached to them? Or vise versa....

Blame Blizzard? Sure, we can, they DID admit they were in the wrong once, but remember they don't surf the internet where you can accept viruses left and right 14x hours a day... After not only gaming and being a poor student for many years having to fix stuff myself and then working in the field, shit happens and 9/10 times format = 10x easier then "removing the virus" 3+ hrs virus removal or 2 or less hours of formatting...I think you Sir Sofa King can do the math there ;)

Ooooo I got another one! Not really gonna waste too much time with you.

But yeah, I don't get keyloggers because I have half a brain. Have fun formatting/reinstalling because you think that www.awesomegoldwowtipsforfree.com (http://www.awesomegoldwowtipsforfree.com) is a good site to visit.

Kthxbai.