 |
|
Nov 13, 2006, 06:45 PM // 18:45
|
#1 |
|
Wilds Pathfinder
Join Date: May 2006
Guild: Hooded Reavers of Eternal Life(Ankh)
Profession: R/
|
Friendly warning about keyloggers
the back story:
I've been into computers for umpteen years and managed networks etc. Yesterday I grabbed from guru a nice little app (so I thought) that would alleviate my troubles with wiki when it came to looking up skills. It turned out to be a keylogger that I (think) I've managed to squash before it could do any real damage. Guru promptly deleted the post although I think deleting just the link and posting a warning would have been better. Yes it was total stupidity on my party and I totally should have known better. But wiki has been problematic and I was desperate and so I did a stupid thing by not checking the source of the post. the warning: Never never ever dl something from a forum and just run it. (hell, I checked it with norton etc b4 running it and it passed so I ran it anyway) If you want something talked about in a forum find the home site and do some research. Never let your own frustration get the best of you and make you do something you wouldn't do in your right mind. There will ALWAYS be someone who anticipates your frustration and positions themself to take advantage of that. that should take care of it. ps: if you by chance dl'ed the gwfreaks-installer thing that got posted several times yesterday, look for a 'sys' folder in your windows/system32 folder and take care of what you find there. Basically it's a bastardized version of the Ardakey.spyware keylogger. I never got either Norton or spybot to recognize this as a variant though so just delete manually. There will be a refernce to the gvae.exe file in your registry 'run' listing. play safe! edit: This isn't a plea for sympathy just a warning to others who might in a moment of weakness be tempted to do something stupid. Last edited by Pkest; Nov 14, 2006 at 12:27 AM // 00:27.. |
|
|
|
Nov 13, 2006, 06:50 PM // 18:50
|
#2 |
|
I dunt even get "Retired"
Join Date: Aug 2005
Guild: Fifteen Over Fifty [Rare]
|
Yeah, and it's an even better idea to never download programs that say they are, for example, "GWfreaks" when not only are they not hosted by GWFreaks, but are hosted on a site that masks where it's really from. But good warning, I guess we thought we nuked it before anyone downloaded it.
Don't flame him, he's warning other people who may have d/led it. Most people would assume that files linked to from here would be safer than random internet files, and that's why we nuked it when we noticed it was... very suspect at the least. |
|
|
|
|
Nov 13, 2006, 06:56 PM // 18:56
|
#3 |
|
Wilds Pathfinder
Join Date: May 2006
Guild: Hooded Reavers of Eternal Life(Ankh)
Profession: R/
|
I totally admit that it was me that dropped the ball on this. But I see it as a thing others might do so a warning about what is going around seems better than just deleting the posts as soon as the admins find them.
|
|
|
|
|
Nov 13, 2006, 07:15 PM // 19:15
|
#4 |
|
Ascalonian Squire
Join Date: Nov 2005
|
Just for future note. Housecall caught it on a family members computer. Housecall is a free up to date online scanner. I am not pushing them over the others just thinking because its online and updated all the time it may catch newer stuff. Its a Trend Micro product.
Just trying to help. Take Care Happy Hunting! |
|
|
|
|
Nov 13, 2006, 07:19 PM // 19:19
|
#5 | |
|
Wilds Pathfinder
Join Date: May 2006
Guild: Hooded Reavers of Eternal Life(Ankh)
Profession: R/
|
Quote:
Thanks! Good to know. I usually only run housecall after I've had an issue with Norton but perhaps I need to rethink that strategy. Especially since I had basically determined this thing was toxic and couldn't get any of my usual guardians to confirm it. Last edited by Pkest; Nov 13, 2006 at 07:21 PM // 19:21.. |
|
|
|
|
|
Nov 13, 2006, 07:28 PM // 19:28
|
#6 |
|
Grotto Attendant
Join Date: Mar 2006
Location: "Pre-nerf" is incorrect. It's pre-buff.
Guild: Requirement Begins With R [notQ]
Profession: Me/
|
Like the Announcement says when the Guild Wars client opens, just don't download anything whatsoever unless its specifically endorsed by a reputable source. Anything directly related to Guild Wars will download automatically when the client opens and any other sources' 'patches' will most likely be keyloggers and you can wave bye-bye to your account forever.
Last edited by makosi; Nov 13, 2006 at 08:17 PM // 20:17.. |
|
|
|
|
Nov 13, 2006, 07:43 PM // 19:43
|
#7 | |
|
Wilds Pathfinder
Join Date: May 2006
Guild: Hooded Reavers of Eternal Life(Ankh)
Profession: R/
|
Quote:
For instance, the post I pulled the toxic thing from was an originated post by a very new member with only 8 posts. (hindsight is 20/20 I didn't check this at the time I will from now on - live and learn) There was a later post where someone asked for 'safe' utilities and several people responded with links all to the homesites of popular, useful lutilities. The moral is to check the link and the provider of the link to make sure this is something legit and not just some fly-by-nighter posting a link to the latest greatest account stealer. Yes of course you can avoid all 3rd party utils and probably be safe. But with Wiki's current situation, there are likely to be many seeking other alternatives and suggestions about the safest way to approach utils. Providing a few do's and don'ts about that is the goal of this thread. |
|
|
|
|
|
Nov 13, 2006, 08:05 PM // 20:05
|
#8 |
|
Krytan Explorer
Join Date: Apr 2006
|
The fact that you took your time to warn the player community should be something praised.
Thank you for sharing this. Not that i use any programs of any sort, but this might at least keep any tempted people at bay. Gl & Hf |
|
|
|
|
Nov 13, 2006, 08:26 PM // 20:26
|
#9 |
|
Site Contributor
Join Date: Jun 2005
Profession: R/
|
Thanks for the heads up! And you're right about House call, they find things that no other program does.
|
|
|
|
|
Nov 13, 2006, 11:33 PM // 23:33
|
#10 |
|
La-Li-Lu-Le-Lo
Join Date: Feb 2006
|
We've been diligently nuking those threads and banning the spamming members as they appear, but sometimes we're not fast enough to save everyone the pain of getting infected.
It's nice to know that a member of the community is looking out for the rest of the crew. 
__________________
Stay Breezy
|
|
|
|
|
Nov 14, 2006, 12:20 AM // 00:20
|
#11 |
|
Pre-Searing Cadet
Join Date: Oct 2006
Profession: E/Mo
|
http://www.virustotal.com
You can submit a file to this website, and it will give you the results from 26 different virus scanners. I have had good luck with that. |
|
|
|
|
Nov 14, 2006, 02:33 AM // 02:33
|
#12 |
|
Site Contributor
Join Date: Jan 2006
Profession: R/
|
Was it that thing where it was posted in 3 different topics?If so great catch in saving people alot of trouble.
|
|
|
|
|
Nov 14, 2006, 02:55 AM // 02:55
|
#13 |
|
Grotto Attendant
Join Date: May 2005
Location: in the midline
Profession: E/Mo
|
GWFreaks is clean, you probably got a mirror that had been corrupted.
|
|
|
|
|
Nov 14, 2006, 03:02 AM // 03:02
|
#14 | |
|
Lion's Arch Merchant
Join Date: Jul 2006
Location: canada
|
Quote:
|
|
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 01:04 PM // 13:04.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("