Trojan Virus Alert

This only applies to you if you are running an older version of Internet Explorer, have not updated windows with the latest security patches and do not have virus protection on your computer. Apparantly one of our ad providers was affected by a trojan and was serving it to our site for several days last weekend. This is a keylogger and could possibly compromise your game login and password. As soon as we discovered it, we pulled all of their ads. To see if you got the trojan, go to Program Files/Internet Explorer in your directory and look for a file named "syssmss.exe". If it is there, then open your task manager and delete the file. Also go to %WIN_DIR%\Downloaded Program Files and delete a file named either "fucksnow.exe" or "muma.exe". Then once you have done that, log into the game and change your password. In fact, change every password for every place you have typed since you got the trojan. There are also several online sites that scan your computer for free. http://www.windowsecurity.com/trojanscan/ http://housecall.trendmicro.com/ We apologize for this. In 6 years of running this site, nothing like this has ever happened. It kills me to think that we may have, even inadvertantly, caused anyone to have their account compromised. We're all about making the games better and more fun. Believe me, we will do everything in our power to make sure it does not happen again. Along with the advertiser who sent this, and in cooperation with the FBI, we are attempting to track down the people who sent this. I hope I get a few minutes in a back room with the bastards.

Comments

« Previous 1 2 3
Post Comment
.
# Jun 30 2007 at 5:58 AM Rating: Decent
Thank god i use Firefox. Even though i probably have many, many viruses on my computer :-P. im running the trial anyway so who cares. lol. Sorry for everyones losses though
going to cancel for now
# Oct 18 2005 at 8:01 AM Rating: Default
I just stopped my auto-renew for this site. The fact that this happened is wrong. This alert should be sticked on the front page in big letters and my friend that was hacked this last weekend might have known to check and change his password. On top of that the attitude of the posters on this board seems to be its your own fault not ours get over it. The whole thing rubs me the wrong way.
Possibilities
# Oct 18 2005 at 7:55 AM Rating: Decent
One my guildmates' mother's account was hacked. She had three level 60 toons stripped of MC eq, as well as all gold and the like. A possibility. If you see a lvl 1 character, throwing out high end equipment, I honestly suggest you report it. My guildmate actually witnessed her mother's character being logged in, and trading all of her equipment to a lvl 1 Orc named Zxz. I'm not sure which realm. So, once again, if you see a lvl 1 character throwing out high end equipment, I suggest you bring it someone's attention. It's an easy way to barter someone else's eq, and then just delete the character. Simple enough. Keep an eye out.
Stollen Account I hope it never happens to u
# Oct 17 2005 at 9:15 AM Rating: Decent
My account was stollen 14 days (exactly)ago. I hope it never happens to anyone. All my characters were deleted but one. 1 50l, 1 37l, 4 20-30l. The only one he left was my 57l warrior with the backpack, the hearthstone and his horse. Nothing else no money nothing. He sold everything. I came to conclusion that they must be from this web sites that they sell gold and items. Please never buy from them because you really steal from people like me that they had 7 months from their life stollen
new infection again
# Oct 16 2005 at 9:38 AM Rating: Decent
new infection from the popups again, details at

http://wow.allakhazam.com/forum.html?forum=3;mid=1129468634246653583;num=0
UPDATE PLEASE
# Oct 14 2005 at 4:31 PM Rating: Decent
Can we have an update as to what the FBI found out. Any more on whether they caught this B..tard or not...

to lose my account this scares me
# Oct 13 2005 at 10:20 PM Rating: Good
I have norton 2005 I am protected?
IE holes
# Oct 11 2005 at 9:56 AM Rating: Default
Internet Explorer has Known Security holes in it.
No matter what firewall or antispyware you use IE can be compromised. Mozzila-Firefox is a little better blocks most pop-ups.

Also a good practice is to make a
non "Administrator" type account for surfing the net. If your not sure how to do that it's easy...
"Start>Control Panel>User Accounts>Create a New user
Then after you name the new user click next> make it a "Limited" type account.

A "Limited" account on your PC will not allow programs to be installed or modified. Doing this can help you from gettin trojans/worms.

I hope this helps some

o and BTW for the Player who's LS lost all their stuff SE logs everything "any company that has a server farm of that size does" if they wanted to they could pull up their logs and start checking IP addresses that have accessed your LS members accounts.
Is anyone reading this?
# Oct 11 2005 at 5:18 AM Rating: Decent
Do you ever have a nightmare where you're screaming and people are just calmly ignoring you, going about their business as if nothing is wrong?

What makes you people who have found this keylogger on your PC think the information gathered is only your WoW login?

Somebody out there has EVERYTHING you have typed on your PC:
- credit card numbers
- bank account numbers
- online stock trading logins
- PayPal logins
- other game logins

and everything else you have typed.

Just because they haven't used it yet doesn't mean they won't.

Let's say your keys get stolen. Somebody uses them to break into your house, but only takes a lamp you were fond of. What makes you think your wide-screen TV, your stereo, your car, your boat, your safe deposit box are safe? You know somebody else has your keys. You'd be a fool not to change your locks immediately.

I've posted over and over. I even e-mailed Allakhazam and asked him to put something on the news about this. No response, nothing. Blizzard's ignoring me too but I expected as much from them.

Wake up for God's sake.

I'm through worrying about it. Don't blame me when more than just your WoW character gets cleaned out.
RE: Is anyone reading this?
# Oct 11 2005 at 10:33 AM Rating: Decent
***
1,392 posts
You sound like one of those middle aged men and women who think internet shopping is of the devil...If you have the right type of programs on your computer and you only go to trusted sites, then the chances of people getting your information are actually slim. Most of the time, if your info gets stolen it's because people arn't careful about how they throw it all around.
RE: Is anyone reading this?
# Oct 12 2005 at 8:17 PM Rating: Decent
Haha THIS is (or was) a trusted site....Not any more.
"Only go to trusted sites" eh? Why are you here?
It's unrealistic to say people should only go to trusted sites. If they don't go there, how are they to know? I bet tons of people had this listed as a trusted site, and some of them got burned.

I do lots of online commerce, everything I listed. I don't think e-commerce is "the devil".

The only accurate guess is that I'm middle aged.
That means I'm trying to put together a decent retirement, and I have a lot to lose if somebody gets my ETrade login.

It's fine to say good computing practices (updates, scans etc.) will keep this from happening, but it has ALREADY happened to many many people. Say 1 in 100 people has non-updated IE. That's thousands of people if you consider how many visitors this site gets. A good number of people have had their characters stripped on my server. Multiply by 90 servers...

The horse is already out of the barn. The keystrokes have been logged and transmitted. I'm just trying to mitigate the damage by making the victims aware.

From reading Allakhazam's statement, they probably don't realize that the stolen information is not just their WoW account logins. The victims are undoubtedly less computer literate than you or I.

It is Allakhazam's responsibility to post something about this on the front page. If he does not, and real-life assets get stolen, that makes him negligent in my book.
I'm definitely laughing.
# Oct 11 2005 at 4:24 AM Rating: Decent
I'm hoping that no one has actually found smss.exe and attempted to delete it. An earlier post asked if this was the program they needed to delete. I hate to be a mean person, but, this is the information concerning smss.exe, for those who are not very computer savvy.

smss.exe is a process which is a part of the Microsoft Windows Operating System. It is called the Session Manager SubSystem and is responsible for handling sessions on your system. This program is important for the stable and secure running of your computer and should not be terminated.

Nine times out of ten, if you open the Task Manager, and you see a process you don't recognize, you can Google it, and it will usually pull up information regarding it. If you do not know the exact names of certain processes, don't cancel, or delete them, until you have said information. rundll is a relatively benign looking program. Ending the process, or attempting to remove the program, is like shooting your computer in the head. All I ask is people make sure of what a thing does, before they toy with it.

Edited, Tue Oct 11 05:44:32 2005
is this it?
# Oct 10 2005 at 5:12 PM Rating: Decent
ok..i went to taskmanager and found a file named:smss.exe is that it or not. i didnt however find the muma.exe or the ************ files.
RE: is this it?
# Oct 11 2005 at 12:20 AM Rating: Decent
**
261 posts
No, it's not. Otherwise they would've said so.
Not that I expect anything...
# Oct 10 2005 at 3:08 PM Rating: Decent
I wasn't gonna post this publically... as I saw it at first as pointless... but... I kinda fel I need to. There have been three different people on my LS who have been hacked in the last week. We figured it to be someone in our LS... we have been blatantly rich... so figured we got our just deserts. Then, after getting attacked for the third time in a week, I was ready to quit. Anyone who knows me on Ifrit, and was in Jeuno at the time, was happy... cuz I gave handouts of what I had left.

30+million... gone. Not all of it was gil... only about 16Mill. 12M on my Mule, almost 4M on my main. But then there was my KungFu Shoes, CrossCounters, Victory Rings, Enkelado's Bracelets, O Kote, Fuma Kyahan, etc... it all kinda added up.

So now I see this... and after talking with SE, and three different GM's (which seriously... dont go to a GM with any serious problem... 9/10 times, they can't help you.) I am kinda just like... ok... this could have been why my account was hacked... I didnt find the spyware posted, but did find about 30 other misc things. So I ask... in general... maybe someone who actually knows something can help me here... what recourse do we have in a situation like this? SE says they have made a report to the devs... but I won't get any of my stuff back... GM's are worthless. What happens now? We know there is a problem here... what happens now?
allanot the first time
# Oct 10 2005 at 1:44 PM Rating: Decent
*
135 posts
THIS IS NOT THE FIRST TIME SOMETHING LIKE THIS HAS HAPPENED!!!

There was a thread in the main FFXI forums about a week ago detailing some of the users experiences with catching the "winantispyware" adware from this site.

The infection used a method that was undetectable to Norton at the time. Ad-aware and spybot search and destroy both failed to detect the adware. Fully updated IE and XP failed to prevent the infection. Contrary to several of the above posters beliefs, the days of running IE and assuming that 2 or 3 tools plus patching, will keep you from being burned are OVER!

help
# Oct 10 2005 at 5:00 AM Rating: Decent
ok few questions.

WIN_DIR%\Downloaded Program Files where the hell is this folder? I did a search and cant find it, nor can i find the ******** or muma.exe files. But then again search works like a pos, i cant find a file on my desktop with search.

I removed the first file syss one. Now i cant log on to the playonline browser. It just sits there and sais verifying user name and connection or something like that. I've already changed every other one of my passwords for everything. Whats going on with PO? Has my password been changed? How do I fix this? Im not seeing where to go on the playonline.com website... Any help please.
RE: help
# Oct 10 2005 at 5:28 AM Rating: Decent
WIN_DIR%\Downloaded Program Files

That is your windows directory... has already been posted before.. try reading before saying again

In most cases the answer will be : C:\WINDOWS\Downloaded Program Files

Help
# Oct 10 2005 at 4:58 AM Rating: Decent
ok few questions.

WIN_DIR%\Downloaded Program Files where the hell is this folder? I did a search and cant find it, nor can i find the ******** or muma.exe files. But then again search works like a pos, i cant find a file on my desktop with search.

I removed the first file syss one. Now i cant log on to the playonline browser. It just sits there and sais verifying user name and connection or something like that. I've already changed every other one of my passwords for everything. Whats going on with PO? Has my password been changed? How do I fix this? Im not seeing where to go on the playonline.com website... Any help please.
Reposting for Shyft below.
# Oct 10 2005 at 1:18 AM Rating: Excellent
**
261 posts
Shyft wrote:
This is IMPORTANT.

I'm going to bed. Please refrain from posting random comments about how your character got jacked, IE vs. Firefox/Opera, or anything else, and burying this post.

To anyone who has found this trojan on your computer: someone out there has EVERYTHING you have typed lately.

Credit card numbers used for online purchases.
Checking account numbers used for online payments.
PayPal logins.
Stock trading account logins.
Other game logins.
EVERYTHING.

Invalidate it all NOW.
Get rid of the Trojan, then change ALL your passwords.
Invalidate any credit cards you have used.
Consider changing your checking account if you have used it for online payments.

The clock is ticking.
What about the spyware ads?
# Oct 10 2005 at 12:39 AM Rating: Decent
I constantly get spyware ads popping up from allakhazam all the time. The ones that popup the java script window that claim they're "registry scanners". I'm sure if I clicked Yes, I'd have more spyware on my PC than I could shake a stick at. Granted they'd probably just popup pron on my screen and not log all my keystrokes, but they're just as bad IMHO ....
RE: What about the spyware ads?
# Oct 10 2005 at 12:44 AM Rating: Decent
**
261 posts
Well, the part about that is that you actually have to click through and accept it... than having it foisted on you invisibly. But, agreed.

BTW, did you know that your computer might already be infected with spyware?????!!? I can sell you a piece of **** for $30 that'll claim it fixes everything so you can have peace of mind!
RE: What about the spyware ads?
# Oct 10 2005 at 12:52 AM Rating: Decent
Hey, where your link for the $30 spyware scanner?!?!?!?! I have my paypal account ready and waiting. I lay awake at night just thinking about all the spyware I might have installed. >.>
RE: What about the spyware ads?
# Oct 10 2005 at 12:57 AM Rating: Decent
**
261 posts
(Insert stupid link with four or five affiliate IDs embedded in the URL. Complete with popunders on every page.)

I can't even bring myself to try and think up a URL. :P
help ._. plz
# Oct 09 2005 at 11:44 PM Rating: Default
um...
"go to Program Files/Internet Explorer in your directory and look for a file named "syssmss.exe". If it is there, then open your task manager and delete the file." i tried to do this and got this -> "Cannot delete syssmss: Access is denied. Make sure the disc is not full or write-protected and that the file is not currently in use." ... meh? ._.
And the post on alla saying...
"Also go to %WIN_DIR%\Downloaded Program Files" where is this? i cant find it >< please forgive my lack of computer knowledge ._. just need some help to get rid of this. thanks.
RE: help ._. plz
# Oct 10 2005 at 12:37 AM Rating: Decent
**
261 posts
Okay... first, open Task Manager. (start > run > taskmgr) Locate syssmss.exe in the Processes list, right click on it, and choose "End Process".

Then delete the file.

%WIN_DIR% = whichever location you've got Windows installed in. For example: c:\Windows (Windows XP allows you to install Windows anywhere you want, with certain restrictions.)

So, for example: C:\Windows\Downloaded Program Files
this is bad.
# Oct 09 2005 at 10:46 PM Rating: Decent
*
50 posts
i think this has happened to me. I have the visit here frequently and i had the files in my programs files and windows directory. As of right now i can't login to playonline either.
RE: this is bad.
# Oct 10 2005 at 12:40 AM Rating: Decent
POL is down for everyone
Blah
# Oct 09 2005 at 10:11 PM Rating: Default
40 posts
More reasons to be on Firefox
Adakazham
# Oct 09 2005 at 10:01 PM Rating: Decent
lol, I dont use I-E but... It took me an entire day to block every ad on Alla.. I didnt know so many ad servers existed till started blocking them on this site... Im not surpised something like this happend lol.
IMPORTANT PLEASE READ
# Oct 09 2005 at 4:49 PM Rating: Excellent

This is IMPORTANT.

I'm going to bed. Please refrain from posting random comments about how your character got jacked, IE vs. Firefox/Opera, or anything else, and burying this post.

To anyone who has found this trojan on your computer: someone out there has EVERYTHING you have typed lately.

Credit card numbers used for online purchases.
Checking account numbers used for online payments.
PayPal logins.
Stock trading account logins.
Other game logins.
EVERYTHING.

Invalidate it all NOW.
Get rid of the Trojan, then change ALL your passwords.
Invalidate any credit cards you have used.
Consider changing your checking account if you have used it for online payments.

The clock is ticking.
>:O
# Oct 09 2005 at 4:29 PM Rating: Decent
They should put a big heading at the top that sais:

Nerd Wars: IE vs Firefox/Opera
being a victim hurts
# Oct 09 2005 at 3:06 PM Rating: Decent
well, two of my accounts (wow) got changed. still waiting for any response from blizzard side to be able to get BACK the accounts, but i don't see no hope in the characters being usable. :-((
RE: being a victim hurts
# Oct 09 2005 at 4:02 PM Rating: Decent

Online banking logins.
Credit cards numbers used for online purchases.
PayPal logins.
Online stock trading account logins.
They have it all.

They haven't used it yet, but they'll get around to using it...or selling it to somebody who will.

Victims need to invalidate EVERYTHING they've used online lately: credit cards, passwords.

Why is nobody listening?

RE: being a victim hurts
# Oct 10 2005 at 1:41 AM Rating: Decent
well, me for my part, I've listended, but you know those wow players, they don't do much besides playing it ;-)
« Previous 1 2 3
Post Comment

Free account required to post

You must log in or create an account to post messages.