Announcement

**jenova_9** · 05-29-2008, 11:30 AM

Re: Another #$%@% virus warning.

oh great, has that website become another Allakahzam?

**Mhurron** · 05-29-2008, 11:45 AM

Re: Another #$%@% virus warning.

SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

**Feba** · 05-29-2008, 11:52 AM

Re: Another #$%@% virus warning.

Second computer, virtual box, dual boot, etc. We've been over this, people.

**Lunaryn** · 05-29-2008, 01:25 PM

Re: Another #$%@% virus warning.

Yeah, I had to help with a computer that was compromised most likely by this (posted about it in another thread). Fortunately, on at least some systems, the keylogger has the side-effect of breaking FFXI, providing a warning sign in this case that led us to detecting the compromise.

The files you'll want to check for are in C:\WINDOWS\system32 and are named smart.dll and lovefly.dll. You'll need to go through some effort to unregister and delete them.

Some relevant threads:

My experiences with the system: http://www.ffxionline.com/forums/gam...hing-ffxi.html

BlueGartr thread regarding the error: Order of the Blue Gartr • View topic - POL: "No such interface supported" = virus/keylogger BEWARE

BlueGartr thread regarding the keylogger itself (includes removal instructions): Order of the Blue Gartr • View topic - "Interface not supported"? You have been hacked! Read this!

W6r forum thread containing a guide to securing Firefox against these kinds of things (I'm hoping the mods won't mind as this is very useful and valuable technical information that doesn't relate to or promote said third-party app): GUIDE: Protecting your web browser. - Windower (edit: I see Taskmage beat me to editing the post, it's good to see this info mirrored here.)

Worth noting that having either NoScript or FlashBlock configured as suggested would have prevented this if ffxiclopedia is not whitelisted; however, certain site features on ffxiclopedia don't work if it's not whitelisted in NoScript... If you're just browsing for info though it's fine to leave it untrusted.

**LyonheartLakshmi** · 05-29-2008, 01:30 PM

Re: Another #$%@% virus warning.

Originally posted by Feba View Post

Second computer, virtual box, dual boot, etc. We've been over this, people.

Feba forgot to mention his ultimate technique for preventing his FFXI account from getting hacked: stop playing FFXI.

**Feba** · 05-29-2008, 01:36 PM

Re: Another #$%@% virus warning.

That's not really an effective strategy, unless you never touch POL. Actually, I'm not sure how secure the files are that store password information, but I doubt it would be too hard for someone to make malware that would find that easily too.

**Kitalrez** · 05-29-2008, 04:59 PM

Re: Another #$%@% virus warning.

Hmm, apparently I'm unaffected. File checks turned up nothing, SpyBot and AVG didn't find anything, POL Linkshell Communities still has my character listed as having all the HQ stuff he logged off with.

I'd like to put up the latest NoScript and FlashBlock versions though, anyone know how to get around Download Error -228 in Firefox? The solutions in the FAQ and mozilla boards aren't working for me. {edit} nvm, found it. Right-click, save to desktop, then drag the new .xmi file over into an open window of Firefox to install. I think this is Qwest's security filters again.

**Firewind** · 06-03-2008, 09:53 AM

Re: Another #$%@% virus warning.

I've not had any problems but I did log on this morning to find an extra 8k on my character with no missing items or gear

**Hazina** · 06-03-2008, 07:19 PM

Re: Another #$%@% virus warning.

Son of a !!! Thanks for this thread, I ran my anti virus and sure enough I was infected, I don't think it managed to do a whole lot, I upgraded to the latest adobe flash player... -.-

**Firewind** · 06-04-2008, 01:43 PM

Re: Another #$%@% virus warning.

I did the whole debug process and ran a virus scan and found I wasn't infected. I still don't know where that extra 8k came from though

**Shadowneko** · 06-05-2008, 07:11 AM

Re: Another #$%@% virus warning.

Originally posted by LyonheartLakshmi View Post

Feba forgot to mention his ultimate technique for preventing his FFXI account from getting hacked: stop playing FFXI.

Actually that's not really a solution. The only sure way to not get hacked is to use the console clients(PS2, Xbox360) exculuivley and never log into the FFXI LS community site and never use your real FFXI ID and password on any other site(basiclly never get your FFXI ID anywhere near a PC). The lame hackers have not found a way to hack the console editions at all so you're about 99% safe if you just play on those....

**Feba** · 06-05-2008, 07:40 AM

Re: Another #$%@% virus warning.

Originally posted by Shadowneko View Post

The only sure way to not get hacked is to use the console clients

Wrong.

As has been pointed out, it isn't rocket science to make your web browsing extremely safe.

**LyonheartLakshmi** · 06-05-2008, 08:22 AM

Re: Another #$%@% virus warning.

Originally posted by Shadowneko View Post

Actually that's not really a solution. The only sure way to not get hacked is to use the console clients(PS2, Xbox360) exculuivley and never log into the FFXI LS community site and never use your real FFXI ID and password on any other site(basiclly never get your FFXI ID anywhere near a PC). The lame hackers have not found a way to hack the console editions at all so you're about 99% safe if you just play on those....

What? Not having a FFXI account doesn't prevent getting your FFXI account from getting compromised?

I guess I need to be more clearly facetious in the future.

**Shadowneko** · 06-06-2008, 08:06 AM

Re: Another #$%@% virus warning.

It's not a really solution to cancel the game...if you really want to play it ^^

Announcement

Another #$%@% virus warning.

Another #$%@% virus warning.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment