Sooo I haven't played SWTOR in a couple weeks and I log in and start having problems. I then figure out that someone had removed my security key somehow. I log in and there is a new level 1 Operative and again I'm like wtf? All my credits were gone and all my toons were naked everything else was sold and you know the drill.
This is the first time I've ever been hacked in an MMO. I just don't understand how they were able to get my security key off and mess around with stuff. I never received an email notification of anything.
I got infected with what looks like a new variant of pushdo botnet / trojan while using the TORhead talent calculator 2 days ago trying to figure out the post-SWTOR-2.0 builds.
Norton Sonar popped up a warning about blocking 0.34129307493637606 for suspicious activity, but it took one action (deleting that file), and the file took 4 actions (started itself, called rundll.exe, created a new file, and executed that file), which Sonar totally ignored. Neither Norton nor Malwarebytes detect anything wrong, but my computer is spamming out to ports 80 (HTTP) and 443 (HTTPS) while idle. Blocked all traffic from getting out at the firewall, and watched it as it tried reaching a series of internet IP addresses, more and more over time, and ending with a (desperate?) broadcast to my local subnet before stopping.
Svchost.exe seems to have been hijacked; one of the processes it runs under is causing the traffic. I have 4-6 svchost.exe processes running, and one svchost.exe * 32 bit (the operating system is win7 64-bit), and that's the one that netstat -aon identifies as the spammer.
Author
