Results 1 to 5 of 5

Thread: WoW account + MSN Messenger hacked, reformated, now still problems?

  1. #1
    midaxis Guest

    Default WoW account + MSN Messenger hacked, reformated, now still problems?

    Alright, let me explain my situation -

    Alright, I am very scared right now because whatever was on this computer has taken my passwords. All my gear on WoW was deleted. This is only where it begins though, let me explain.

    10:30 PM Sunday I recently downloaded some new addons, none of which were .exe files, and am playing WoW. I am disconnected because someone has logged onto my account. At this time, I try to change the password, but am unable to. I switch over to my laptop and contact billing. They change my password back. I log into wow using my laptop.

    At around 12:00 am I go through all of my accounts such as MSN. merchant, ect and change my passwords using my laptop.

    I shut both computers down until the next day.

    I reformat my desktop which I was playing wow on, I booted from the CD and did not connect to the Internet.

    At 7:00 PM Monday, while I was not home, my friend sends my account a message on MSN and he receives a reply to his question. This was not me replying and it was not anyone I live with. How could they have received my NEW password when I was using the laptop to change the information and passwords?!?

    I did not download anything on the laptop recently and as far as I know, did not go to any malicious sites. I use my desktop majority of the time. I ran a virus scanner and it did not detect anything. Today I think my NewEgg account password was changed.

    I downloaded ZoneAlarm and the only noticeable alert I was attempting to connect to my roommate's computer. He recently bought a computer from a friend and it was attempting to connect to my computer. --- Could this be the cause? Without me even opening anything, could that computer be sending my personal passwords and such over to another source? I know it is not my roomate who is doing it on purpose.

    I am so baffled about how on earth my MSN account password could have been stolen from a completely separate computer... but still on the same network. Guys I am in some trouble here, I really need some assistance

    --
    Now I just reformatted my computer once again, and am in the process of reformatting my laptop. The first thing I did was install AVG virus scanner and then windows service pack 3. I then installed my wireless drivers to get Internet and then downloaded ZoneAlarm. Again, my computer is trying to connect to my roommates computer. It is reading,
    Packet sent from 192.168.0.2 (TCP port 1087) to 192.168.0.3 (NetBIOS Session) was blocked.

    I am worried that maybe somebody has hacked our router and has a keylogger or something collecting passwords and installing the second I connect to the network. We have security enabled with a key as well. Please assist, I am very distraught right now.

    Operating System:
    Windows XP Home Edition
    Product Name:
    ZoneAlarm (Free)

    Message Edited by Midaxis on 03-18-2009 03:27 PM

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: WoW account + MSN Messenger hacked, reformated, now still problems?

    <blockquote><hr>Midaxis wrote:
    Alright, let me explain my situation -

    Alright, I am very scared right now because whatever was on this computer has taken my passwords. All my gear on WoW was deleted. This is only where it begins though, let me explain.

    10:30 PM Sunday I recently downloaded some new addons, none of which were .exe files, and am playing WoW. I am disconnected because someone has logged onto my account. At this time, I try to change the password, but am unable to. I switch over to my laptop and contact billing. They change my password back. I log into wow using my laptop.

    At around 12:00 am I go through all of my accounts such as MSN. merchant, ect and change my passwords using my laptop.

    I shut both computers down until the next day.

    I reformat my desktop which I was playing wow on, I booted from the CD and did not connect to the Internet.

    At 7:00 PM Monday, while I was not home, my friend sends my account a message on MSN and he receives a reply to his question. This was not me replying and it was not anyone I live with. How could they have received my NEW password when I was using the laptop to change the information and passwords?!?

    I did not download anything on the laptop recently and as far as I know, did not go to any malicious sites. I use my desktop majority of the time. I ran a virus scanner and it did not detect anything. Today I think my NewEgg account password was changed.

    I downloaded ZoneAlarm and the only noticeable alert I was attempting to connect to my roommate's computer. He recently bought a computer from a friend and it was attempting to connect to my computer. --- Could this be the cause? Without me even opening anything, could that computer be sending my personal passwords and such over to another source? I know it is not my roomate who is doing it on purpose.

    I am so baffled about how on earth my MSN account password could have been stolen from a completely separate computer... but still on the same network. Guys I am in some trouble here, I really need some assistance

    --
    Now I just reformatted my computer once again, and am in the process of reformatting my laptop. The first thing I did was install AVG virus scanner and then windows service pack 3. I then installed my wireless drivers to get Internet and then downloaded ZoneAlarm. Again, my computer is trying to connect to my roommates computer. It is reading,
    Packet sent from 192.168.0.2 (TCP port 1087) to 192.168.0.3 (NetBIOS Session) was blocked.

    I am worried that maybe somebody has hacked our router and has a keylogger or something collecting passwords and installing the second I connect to the network. We have security enabled with a key as well. Please assist, I am very distraught right now.

    Operating System:
    Windows XP Home Edition
    Product Name:
    ZoneAlarm (Free)

    Message Edited by Midaxis on 03-18-2009 03:27 PM
    <hr></blockquote>


    OK first relax a little - yes getting attacked and hacked is never taken lightly and it usually results in panic, anger and fear. And paranoia sets in at the end.
    Because the 192.168.x.x addresses are NOT internet addresses and are just addresses of your router's network.
    Nor is it unusual for computers on the same home network attempt to connect to each other - so this is not unusual.
    These local connections of the home network can be blocked in the ZA OR the services daemons doing the connecion attempts can be stopped and disabled - this would make things a lot quieter.

    Router can not be hacked in the true sense - it is linux type of system seperate from your computer. MAC in your computer with the router; and make sure the default password and login are changed to something not so easily guessed at - this will deter any unwanted outside attempts to change the router's settings. And use the WPA or WEP - depending on the router setup.

    A 'hacked' router is basically a router with it's settings changed.
    Basically a hacked router will be setup by a person of malicious intent to change the dhcp server for your computer from the router's dhcp to their own laptop computer so they can 'sniff' the connections and read the packets (thus see your passwords and informations). Or they will change the router's connections from the correct dns servers to some rouge servers to redirect your computers internet connections to rogue (and maybe trick you to install a rogue file) and phishing servers and fake sites (where they can steal your passwords and information).
    JUST login to your router, make sure it is still the correct dhcp server, make sure it is using the correct dns servers (from your provider), then MAC in your computer with the router, then change the default login and password to something a little more secure.
    These steps will help secure the local area network since it is a wireless network.

    Netbios blocked is fairly normal - the netbios ports are for file and printer sharing but it is only on your own LAN. Not the internet and if the other IP is a friends computer, then either your friends computer or yours tried to connect to each other. No serious and it is blocked anyways.
    The dhcp and dns connections do not use any netbios ports and are strictly udp 67-68 for the dhcp and remote udp 53 for the dns connections. None of these are netbios related, even though your computer and the router may even attempt netbios connections. Again the netbios attempts is should not be a security issue as long as the IPs are recognizeable and known as being safe.

    WOW troyans are getting around these days - the malware users of the game troyans make a good illegal/theft monies from these. Have you contacted the hosting WOW server which you use for your WOW gameand explained things and asked for help or advice?
    They are very experienced in these things.

    Reformatted the computer, but you did an actual reformat and then reinstall or just an install over (repair install).
    Usually I advise to first erase the hard drisk drive so it is absolutely clean, then format the drive and then install the windows and the drivers - just incase there is or was a rootkit involved and even some stubborn troyans will survive a reformat. Along with flashing the bios after the erasure and pulling the electrical plug to kill the computer at the moment the erasure is finished - to kill any rootkits/troyans that could be hiding in the memory. Extreme but effective.

    The password for MSN - I am guessing they logged in to your account and retrieved the new password.
    Make a new MSN account and trash the old account.

    Oldsod.

    Message Edited by Oldsod on 03-18-2009 07:41 PM
    Best regards.
    oldsod

  3. #3
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: WoW account + MSN Messenger hacked, reformated, now still problems?

    Also not just .exe files can be malicious, but many other files -from a .pdf to a .com to a .dll and many others. Some are executible from binary code but even scripts based files can execute and do nasty things.
    Always handle all files as risk - and download only from safe servers (which I assume you would) and not from risky servers.

    Oldsod.
    Best regards.
    oldsod

  4. #4
    midaxis Guest

    Default Re: WoW account + MSN Messenger hacked, reformated, now still problems?

    I did contact WoW support about the account, but they just told me to run the virus scanners. I did a complete reformat by deleting the partition prior to reinstalling the operating system. I guess my main questions and worries come from rather or not my roommates computers are able to connect to mine or steal my passwords without me knowing or clicking on anything even though I have windows firewall and ZoneAlarm up. I haven't opened any bad programs or websites and do not plan on it either. I think I am good at recognizing such things.

  5. #5
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: WoW account + MSN Messenger hacked, reformated, now still problems?


    <blockquote><hr>Midaxis wrote:
    I did contact WoW support about the account, but they just told me to run the virus scanners. I did a complete reformat by deleting the partition prior to reinstalling the operating system. I guess my main questions and worries come from rather or not my roommates computers are able to connect to mine or steal my passwords without me knowing or clicking on anything even though I have windows firewall and ZoneAlarm up. I haven't opened any bad programs or websites and do not plan on it either. I think I am good at recognizing such things.
    <hr></blockquote>


    Okay it looks like you did the right things.
    But please do not use the windows firewall and the ZA firewall together - using two seperate software firewall at the same time actually will provide less networking security than more.
    Basically both will try to control the same packets at the same time and one of the firewall loses out or the packets escape anyways evading both firewalls. Plus there are hidden internal conflicts from using two firewalls, at the windows tcp/ip stack and in other areas.

    Basically if there are unwanted files, then there are risks of leaking.
    No unwanted risky files and no risks.
    The ZA firewall should help prevent these unwanted risks.
    I would suspect that an approved connection and an approved program was the faulting party for the leaked information. Somewhere.

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •