Welcome, Guest. Please login or register.
March 28, 2024, 10:00:31 AM

Login with username, password and session length

Search:     Advanced search
we're back, baby
*
Home Help Search Login Register
f13.net  |  f13.net General Forums  |  The Gaming Graveyard  |  Star Wars: The Old Republic  |  Topic: WTF Hax'd? 0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: WTF Hax'd?  (Read 5744 times)
Evildrider
Terracotta Army
Posts: 5521


on: April 29, 2013, 08:52:01 PM

Sooo I haven't played SWTOR in a couple weeks and I log in and start having problems.  I then figure out that someone had removed my security key somehow.  I log in and there is a new level 1 Operative and again I'm like wtf?  All my credits were gone and all my toons were naked everything else was sold and you know the drill. 

This is the first time I've ever been hacked in an MMO.  I just don't understand how they were able to get my security key off and mess around with stuff.  I never received an email notification of anything.   ACK!
Fordel
Terracotta Army
Posts: 8306


Reply #1 on: April 29, 2013, 10:58:31 PM

You may have bigger issues then your swtor account if they were able to circumvent the seckey and email notification.

and the gate is like I TOO AM CAPABLE OF SPEECH
Evildrider
Terracotta Army
Posts: 5521


Reply #2 on: April 29, 2013, 11:20:34 PM

Yeah I've been redoing passwords and email and scrubbing my computer.
ajax34i
Terracotta Army
Posts: 2527


Reply #3 on: May 02, 2013, 06:10:04 AM

I got infected with what looks like a new variant of pushdo botnet / trojan while using the TORhead talent calculator 2 days ago trying to figure out the post-SWTOR-2.0 builds.

Norton Sonar popped up a warning about blocking 0.34129307493637606 for suspicious activity, but it took one action (deleting that file), and the file took 4 actions (started itself, called rundll.exe, created a new file, and executed that file), which Sonar totally ignored.  Neither Norton nor Malwarebytes detect anything wrong, but my computer is spamming out to ports 80 (HTTP) and 443 (HTTPS) while idle.  Blocked all traffic from getting out at the firewall, and watched it as it tried reaching a series of internet IP addresses, more and more over time, and ending with a (desperate?) broadcast to my local subnet before stopping.

Svchost.exe seems to have been hijacked; one of the processes it runs under is causing the traffic.   I have 4-6 svchost.exe processes running, and one svchost.exe * 32 bit (the operating system is win7 64-bit), and that's the one that netstat -aon identifies as the spammer.

Trippy
Administrator
Posts: 23611


Reply #4 on: May 02, 2013, 01:06:26 PM

Nuke it from orbit.
Pages: [1] Go Up Print 
f13.net  |  f13.net General Forums  |  The Gaming Graveyard  |  Star Wars: The Old Republic  |  Topic: WTF Hax'd?  
Jump to:  

Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC