Silkroad Online Forums

My friend and I have always played games together and so we have each others account/passwords.

Another friend of ours who does not play sro has some time off from NS(sng army) and so wanted to help play on my friends account.

He went to Joymax.com and tried downloading the client on Tuesday, he recieved the best dl speeds from the direct link to the download.com mirror and simply downloaded it and installed it.

He logged on and played the char a bit but now today it is completely clean of items in inventory.

All the money/elixirs are gone as well but some stuff is left, like the gdf on the char and they never checked guild storage either. They also left all stones and elements etc and other miscelaneous items in storage.

My friend is no idiot. He has been gaming for years in other games. So we can only assume the downloaded sro client from download.com has a keylogger or something similar.

Questions:

1) how can we test his client for keylogger?
2) any recommendations?
3) any good software you can recommend that can help us?

Right now we have no clue really.... Quite bizaar.

My friends computer specs:
-bit defender
-mcafee
-avg

What he downloaded
filename: SilkroadOnline_GlobalOfficial_v1_150.exe
Size: 975,779,843 bytes
from: download.com

Is this the correct size for the official sro client? 975,779,843 bytes

I really would like replies from people who know more about the sparta problem with IE6 and cookies and people losing their accounts this way.

My friend may have simply gone to a wrong site to try to download the client before he went to Joymax main site... It was on Tuesday during maintenance when he wanted to dl the client and JM portal of course was under maintenance. Since it was under maintenance he looked elsewhere for client but NEVER dled any.

Sadly my friend has adaware that auto removes cookies by scheduled maintenance so he cannot recover his cookies from tuesday.

This sounds to me like the third person in this equation stole all the items.

No chance, he does not even play sro.

I know it sounds like that but he has no real interest in sro... he just has some spare time and wanted to help out his mate...

His name is Xca and the owner of the acc is YuNa, both are from singapore and friends in real life, both go to NS too...

So no, another solution plz.

1) how can we test his client for keylogger?
2) any recommendations?
3) any good software you can recommend that can help us?

1. by scanning it.
2. scan it.
3. adaware personal, spybot s&d, avast, webroot spysweeper.. so many programs, maybe download HijackThis and post the log here / on a tech support forum.

get NOD32 Antivirus , doesnt even let u download files with malicious content inside

How did your friend recieve the id/pw for the account?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48, on 2008-11-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\USER\Desktop\utorrent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Silkroad\sro_client.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.d-addicts.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files\easyMule\modules\IE2EM.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\USER\Desktop\utorrent.exe"
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download by easyMule - C:\Program Files\easyMule\IE2EM.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://188bet.microgaming.com/188bet/FlashAX.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 8704 bytes

This is my HJT logfile. I run Vista x64

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:01 PM, on 27/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files (x86)\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\TVersity\Media Server\web\admin\TVersity.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Opera\opera.exe
F:\Games\Fraps 2.9.3\fraps.exe
F:\Games\Silkroad\sro_client.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Windows Mail\WinMail.exe
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-510] "C:\Program Files (x86)\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: bw+0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {19D34EEF-3442-4889-8384-8C8AC5BE2C7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19836 bytes

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
This might answer few things.
viewtopic.php?f=2&t=102656

He probably did visit one of the malicious websites.

You mean before he dled the client... he was asking me can he just dl it from a different location and I specifically said NO only download from Joymax direct links!

... he has done 3 different virus scans on his whole pc and they all come up clean.

Wait... i read what you said and re-read that thread, i remember reading that thread when it happened.

So just having IE6 makes you vulnerable? Shit that would be lots of people man... Thanx for that though it gives us a new lead...

I asked Xca and he replies;

[18:57] Xca (R): its crap
[18:57] Xca (R): i dont see ie6 as a danger
[18:57] Xca (R): i dont even use ie 6
[18:57] Xca (R): all i use is mozilla

Only 2 options:

1. your friend isnt a friend
2. your friend is an idiot (cause of unsafety system or 3rd party progs)


If i read he want to help. Like may i hold your sun for 1 min.....

Dont share all is fine, share and open threads in forums.

Please no retard comments like the one above.

I stated already he has no reason to steal items.

Others dont have any reason too and do it anyway. So whats gone is gone and wont come back. Just keep your ID/PW secret and u are safe if u arnt a retard.

well have no idea what is wrong but in lsat 2 days my guild lost two accounts >.<
Wizard used for taxi and one of farmers. by farming time many people hate us becoue since we haven't use bot we can ks, pk, or kill bot taxers and n00bs by npc thieves or pk. Some people hate us when they comes back and his wizard is dead/ has pk etc. I know hacked guildmate since about 2 years and i;m sure he didn;t have some 3rd hand sh.it. Only think that could be correct is that both acc had silk charge in time when by logging on main silroad side sometime redirected to rev6. friends computers are clean. We have no idea what happend :/

@LostOasis You say he has an unsafe system yet I posted you his Hijackthis log file and I cannot see any vulnerabilities there... And he is not an idiot.

I asked for help or information in this thread, I did not ask for you to tell me my friend, who I have gamed with for god knows how many years 6 or 7 I cannot remember, Stole my items.

I really would like replies from people who know more about the sparta problem with IE6 and cookies and people losing their accounts this way.

My friend may have simply gone to a wrong site to try to download the client before he went to Joymax main site... It was on Tuesday during maintenance when he wanted to dl the client and JM portal of course was under maintenance. Since it was under maintenance he looked elsewhere for client but NEVER dled any.

yeah... how did you tell him the login info...

those im/email things can be hacked too... if you know him use phone... :S
but download.com is safe... they scan their own junk, and i'm not sure why you dont scan it before running it if you download something anyways

if you think it is a keylogger, just reformat computer because there are other ways to get info from someone without keylogging :S

edit: did he login to any sro looking websites that isnt really joymax.com? you couuld have zipped game folder and sent it to him and he wouldnt need to download from other places :S

You know how many times I've heard that?

10 out of the 10 times someone has asked me about such an issue, and that is not an exaggeration by any means, it was always another person taking advantage of them. I've spent a lot of time explaining to people all of the possibilities involved when you "get hacked" and the first thing I tell them is there is a very strong chance someone is just being dishonest. It is human nature, there is no way around it and no matter how well you think you know someone, you don't.

You can find millions of examples of how person A would never think person B would ever do something, and person B does / did. You can find a lot of those examples on this forum even.

Anyways, back to your problem. A keylogger / being keylogged is one of those things that is usually used as "an excuse".

Consider this: If the client from download.com really had a keylogger, which in 99.99999% certainly it does not, but let's just say it did, everyone who ever downloaded it would be infected. That would mean any new people downloading and installing the game would be getting keylogged and all the text they type would be sent to some server.

If that were the case, how in the world would your friend get hacked so fast? Imagine having to look through all the key strokes for a number of computers and find what you think are the password and account names. Then, you have to go through the process of searching 30 odd some servers in Silkroad.com after having logged in to know which server the character was on. That is totally infeasible and why I say it's not even a possibility to consider here.

Now, imagine he had a random keylogger that was not Silkroad specific. Who in the world would care about your Silkroad account, more or less even know what it was for? People want things of value, such as PayPal accounts, Bank accounts, credit card numbers, logins for ebay, amazon, etc... A random keylogger would have no context of the data that's being logged and even if it did, who is going to say, "oh this person has Silkroad, let's go through all the trouble of seeing what they have on their account when I've got all this other more important things to do". I don't think that's going to happen, so that discounts any "random" hacking.

Now, what is left to consider as a possibility is the "hacking" was very targeted. Someone knew the server, account name, account password. They knew they had access to the account 24/7. Considering how everything was fine until the account information was given out to the new friend, you cannot give me a reasonable argument he was hacked somehow "randomly" or not. Maybe he told someone else the account information that he was a friend, maybe he did it for someone else, who knows, but I don't think I can give any more convincing an argument that he was responsible in one way or another for it.

The only last possibility left is that a 4th person who had the account information before and was not a part of the picture has been plotting revenge and when they heard about your new friend getting the account they hacked it knowing the 3rd friend would be blamed and never ever considered. That's more probable than the whole keylogger thing in my opinion and I have seen that happen, strangely enough.

So, take it how you want, but given the circumstances, your "friend" is responsible. Unless someone else happened to log into the account coincidentally, that's the best and most found explanation you will ever get.

1st thought that came to mind is mabe he wants u to quit SRO and the only way he can think of is to destroy ur account? just a thought

I lol'd ur signature Easy_Lady

amen to that.

and btw LivithiuM dont call people retards, you the one who share account thus you shouldnt complain when this happens.

Please listen to this just one more time.

What I do NOT want:
1.I do NOT want people writing an essay to me on the basic necessity of human nature to fck over someone else.
2.I do NOT want people to tell me it is my friend who hacked the account.
3.I do NOT want people telling me my friends computer is insecure or he is an idiot.

What I want:
1. informative responses like what borat2 wrote.
2. ideas thought through as to what may have happened.

My friend first went to fileplanet to download sro. He used Mozilla to go there. So the fact his windows comes with IE6 should not have anything to do with it. No IE6 cookies if he is using mozilla.

So please if you CAN help tell me your opinion, just do not turn this thread into a witch hunt against my friend.

But he has IE6 right? He could of visit any number of sites and been infected before he even downloaded SRO. I think you need to look at other options, a link to the client from the main site wouldn't even enter into my possibles.

Yeh, Phaidra, your thinking along the right lines I think.

I asked him to check his history of websites he visited just prior to downloading the client from JM.

But the question is this, Just by having IE6 IS his system vulnerable? Even when he does not use the IE6 web broswer and only uses mozilla could this be the problem still?

By the way my original question about his client file size is still unanswered. Does anyone know the filesize of the client? The size it SHOULD be?

I doubt it, no. So that's another possible eliminated. Has he done all antivirus checks, and also Spybot?

This forum has helped me with a range of computer problems, maybe ask these about it.

http://forums.majorgeeks.com/index.php

there's currently an exploit where hackers can steal information on the server side (ie. joymax's) on player's accounts if they ever had sold or bought from stall network.

so far alot of sunners have been targetted across several servers...either your account had suns or just unlucky to be selected by hackers...

I dunno if this was the case for you but it certainly is happening

change your pwd's often guys!

Yeh this is why I said he is not an idiot.

He scanned his pc with the following and they all came up clean:

Mcafe :clean
Nod32 :clean
BitDefender : clean
Adaware :clean

He used hijackthis to check his current processes, he ran sro while he did it to and I posted the log in this thread.

I told him the login info through Trillian to msn, he uses msn I use trillian.

@pizzagirl2008

The account had som 8d robe boots.

All other gears were normal. He had about 70mil in his storage.

BTW, why do you have to enter you user/pass on JM site when you want to dl the client.... that is stupid.

That isn't true, there's no such exploit, gb2 retarded school.

@LivithiuM

Your friend farked it up, and he doesn't want to admit it.
/end

I found the culprits stall character.




http://www.rev6.com/guild.asp?server=15 ... D_SOLDIERS

He is stalling my friends Som 8d robe boots, these are the EXACT boots.

This stall guy has heaps of other items like sos prot chest, sos 9d garm male boots and loads of full blue items here. This is not a one off hacking incident.

Also notice how this guy has lots of other random high level items for sale, my friend who downloaded sro does not even have an account AT ALL so you see it cannot possibly be him.

Just a little (not really) secret.
Jm site has new exploit that can be used to redirect email verification.
All those sold accounts can be re hacked by old owners or anyone who knows id and secret answer
and registered email address so no need to know the new password

And let u know 1 more thing all the free bots and bot cracks redirect login infos to home server/database. Just question of time who and when hacked, they just check rev6 who and when to.

Web scripts and java can't be detected as a virus and they still can steal id/pw.

ps.: delete the mcafee garbage