i might being hacked at this moment!!!

Joined
Aug 31, 2006
Posts
18
Location
Netherlands
Society
NBK elite miners
Avatar Name
django dj jazar
hi fellow entropians as i speak its well possible my account is being cleared out unless anyone has an explanation what s going on?
i tried logging in tonight but received a update from entropia halfway my virusscanner goes bezerk telling me he found a malware called
W32/Malware.GPO was almost unable to shut down virusscanner and realised something fishy going on here
So unless you tell me MA made a major udate mistake i might be in serious trouble now
After what happened to Loki this week i m very nervous since i too never got around buying a GC
I tried contacting support from website but got a message stating password has changed and i cant log in
ANYONE plz advice what to do before over 2 years of my funlife goes down the drain here
greetz dj
 
Please state:

Your anti virus program
Your spyware program
Your firewall program

If youre not running up to date versions of all 3, its possible you have been compromised.
 
I got no DL from MA, so probably not good bro :(
 
i have Norman antivirus use multiple proggys like adaware and spybot regulary and have no other firewalls but windows
But all was fine last night soon as i received the authentice looking download was started things messed up
i have screenshots but dont know how to dl them
 
WOW this is getting out of hanf MA needs to stride that Gold Cards is the way to go.. To many ppl are getting hacked right.
 
yea very odd it all happens at once.

seems some hackers are having a blast emptying PE accounts.

I can understand newbies doesn't get a GC but never understood why ppl with more than 2K peds doesn't get one. it is not even beeing lazy because all you gotta do is go to TT and buy it MA does the rest of the work :rolleyes:

really hope all this will make ppl more aware that GC's are not an invention from MA to make more money, they actually can make a difference

/Nakia
 
If you cant login, I saw a suggestion on one of the other "hacked" threads to repeatedly try to login, to force your account to be locked.

Your password has been changed, but you know the login so maybe try repeatedly logging in with random passwords. If your account isnt being used right now, at least get it locked so nothing further can be taken.

Glad to see you use Adaware and Spybot - I presume they dont find any "nasties" on your pc when you scan with them?


I dont rate windows firewall, as every hacker out there will be aiming to beat it in my opinion.

Zonealarm is highly rated (and free) get it here:
http://www.zonelabs.com/store/conte...alm/freeDownload.jsp?dc=12bms&ctry=GB&lang=en
 
And could someone on my behalve try to reach MA to close my account?
i cant get in touch in anyway i cant log in at all
tried starting up again and received same message and viruswarning
so if the scanner worked it did not install the virus yet
I m really stuck on what to do next
 
And could someone on my behalve try to reach MA to close my account?
i cant get in touch in anyway i cant log in at all
tried starting up again and received same message and viruswarning
so if the scanner worked it did not install the virus yet
I m really stuck on what to do next

got any contacts from PE on MSN ? if so ask them to log in and check if your avatar is logged on.

Log into the website and check your items list to see if anything is missing, if you can log in change your password.

call a RL friend and have them DL PE/EU and try to log in with your account.

all I can think of atm, prob noone at work at MA atm. it is 4 AM in sweden
 
I'm chatting to the guides at PA right now on your behalf django, I'll keep you posted what they suggest.
 
provide screenies, or better explain.

If you can't figure out the complicated posting system for screenies, mail them to anyone here with decent reputation.

Preferably, someone you know and trust.

More info will allow more help, insofar as the limited help community can provide.
 
Ok, this is what MA suggest you need to do:



 
Possible hack scenario fitting the described "virus detected during update" symptoms.

Hacker studies EU Update sequence.

Hacker uses some common hack that will modify the hosts file on target box to point the entropia update IP to their own site or replaces legitimate dns server addresses with one they run that will point to their bogus update site.

Target computer operator triggers initial virus or trojan, target PC gets host file modification as payload from the intrusion.

Target computer operator opens EU clientloader

Clientloader does update check at bogus site, sees "update" and downloads whatever else the hacker has packaged up. This could be as simple as merely spoofing the lofin sequence once to get the login credentials, installing a keylogger, or things I haven't thought of yet.


Suggested course of action:

Users: Search your PC for hosts.* if you find any reference to mindark.com or entropiauniverse.com, delete those lines. Check your DNS server settings in your network settings and make sure they are what they're supposed to be.

Mindark: Hard to say, but some kind of hidden authentication before update. Login credentials could be harvested by this same strategy, so authenticating the user by account info would jeapordize the users account.
 
Last edited:
thnx very much for info i m gonna work it out tomorrow asap
it s 5:15 am here and what happened so far is that i tried logging in as many times possible to see if account gets blocked,but on second attempt i got anotherviruswarning and was redirected to MA server i was able to log in and
all was untouched at that time so i tried to save some of my stuff in case i was under attack by handing it to a soc member i trust
So far of some of the items ,i just hope my skills remain untouched
i have screenshots but since i hardly ever post at forum i have no idea to upload them
but as soon as i logged the update came up
i try sort it out tomorrow and hope all is still there meanwhile ty all for your help
Oh and i m getting my GC asap
oh and how do i find the info you described i m quite noobish at that
thnx dj
 
Man u scared the sh*t out of me.

Glad to hear you manage to recoup things and hold the virus.

Keep us updated.
 
Posted this in another thread, also applicable here:

The advice to use a different password for your EU account than you use for other sites, such as this forum, is very good advice.

In any case, I can assure you that the EF database has not been compromised. Even if it had been somehow accessed by an unauthorized user, the passwords are encrypted in the database. This is standard for all MySQL password database fields, and I am not aware of any instance where a hacker or intruder was able to extract passwords from an encrypted field in a MySQL database. In fact, forum admins have no way of retrieving a user's password, they can only send the user a link to change it themself.

Despite this protection, it is still very good practice to use different passwords for different accounts on various websites.

Also, as many have suggested here and in other threads, if your avatar is at all valuable to you (i.e. worth more than 500 PEDs), you are simply being irresponsible by not ordering a Gold Card.

Mindark provides us a very inexpensive and effective tool to safeguard our accounts, and to the best of my knowledge, noone with a Gold Card has ever had their account stolen, hacked or otherwise compromised.

Best of luck to anyone unfortunate enough to have had their account hacked.
 
Chances are your info has been harvested. It may take some time before they target your account for ripping off. Possibly prior to weekend so you cannot contact anyone. Password change is vital. But on a clean system. To be safe i'd send a support to lock until you can clean ur system.
 
Norman antivirus is known to stop Entropia.exe since there are some problem reporting this as a virus but more and more people get this error its seems that something fishy is going on. But those that stop normans online scanning dont have a problem afterwards but who know right now.

After my friend Loki got hacked I ordered a GC and now MA has taken it from my inventory and hopefully its here today when I get home from work.
 
Ok i managed to contact support and hope they can close my account

I was just wondering if more got a update from MA and was it just recognised by my scanner as infected or is it a true trojan?
i played sunday last time so update would be from monday
i m doing multiple scans as we speak but not found anything yet
well i keep you posted on the outcome

Bout the GC ,i never got around one too, either by lack of peds (most of the time) or simply dont think about it when you do have peds
i do know that what happened to Loki few days ago made me decide to get one asap,not realising how soon that would be or i would have made extra deposit for it
i normally scan for malware twice a week with multiple proggies and this one just fell from the sky and hit me full


Big thanks to those who helped me and lets just hope i was in time

greetz dj
member of -DNA-

"it's in our genes"
 
heh calm down man, its the dllpatcher giving Norman a rough time, when it changed its checksum Norman`s UNIQUE (lmao) Sandbox technology trapped it.


I had it on another computer here, got the msg, used the search function on this forum and found https://www.planetcalypsoforum.com/forums/showthread.php?t=52673

Also search for the term norman on the forums



[YOUTUBE]http://youtube.com/watch?v=CChdwLeNllM[/YOUTUBE]

JUST ORDER THE GOLDCARD MAN
 
Last edited:
I'm sorry to hear that this happened DJ....:(

I hope Jens account isn't compromised too if you guys play on the same PC.
 
Sorry to hear this my friend. Hopefully everything will work out for the best. And I hope this is a warning to people without a Goldcard because it is probably the most important item you can buy in EU.

If you need any help just gimme a PM Deej and I'll see what I can do, otherwise hang in there.
 
ok here is what i got:
i did full scan with multiple engines and only 1 found a trojan named
Trojan .popuper it could be the one causing this
this is the one:
http://www.noadware.net/research/index2.php?item_id=2000&item_name=Trojan.Popuper
Since it occured while trying to log into EU and the updater showed signs off
a trojan/virus i immediately was thinking of hacks,especially since all i asked did not got any update that day
And thanks Pollus i did a search and found same problem i got
i will have the account closed anyway and reset password and contact Norman about this problem ,funny thing is though i use both Norman as Eu together for years without any problem and why does it open the EU dl?
I ve found the cure for the trojan on the net

My first action when i log back in is get me a GC ,cuz this is nightmarestuff when it happens to you at 1 :00 am in the morning it kept me up till 5:30

Thnx for offer Snow very appreciated but cant think of any atm

and Darkscorp : Jens account was not jeopardized ,she has diff pc we only share ip

Greetz all and cu back soon
 
ok here is what i got:
i did full scan with multiple engines and only 1 found a trojan named
Trojan .popuper it could be the one causing this
this is the one:
http://www.noadware.net/research/index2.php?item_id=2000&item_name=Trojan.Popuper
Since it occured while trying to log into EU and the updater showed signs off
a trojan/virus i immediately was thinking of hacks,especially since all i asked did not got any update that day
And thanks Pollus i did a search and found same problem i got
i will have the account closed anyway and reset password and contact Norman about this problem ,funny thing is though i use both Norman as Eu together for years without any problem and why does it open the EU dl?
I ve found the cure for the trojan on the net

My first action when i log back in is get me a GC ,cuz this is nightmarestuff when it happens to you at 1 :00 am in the morning it kept me up till 5:30

Thnx for offer Snow very appreciated but cant think of any atm

and Darkscorp : Jens account was not jeopardized ,she has diff pc we only share ip

Greetz all and cu back soon

:yay:

Great news DJ!
 
sorry to read allthis DJ, I hope you get it all sorted as fast as possible :(
 
well i solved the problem considering the Trojan called trojan.popuper
it was a tough cookie though
found the solution here: http://siri.geekstogo.com/SmitfraudFix.php
done another scan to make sure it s gone
and all seems fine now
Fact remains it s odd it embedded itself in entropia updater,but i m almost sure now it was just a random trojan attack
But what happened lately made shivers run down my spine ,so i d rather be safe than sorry
i checked account and it is still untouched and pw change is next,as is GC

thanx all for your help ,it was much appreciated

dj

" it's in our genes! "
 
well i solved the problem considering the Trojan called trojan.popuper
it was a tough cookie though
found the solution here: http://siri.geekstogo.com/SmitfraudFix.php
done another scan to make sure it s gone
and all seems fine now
Fact remains it s odd it embedded itself in entropia updater,but i m almost sure now it was just a random trojan attack
But what happened lately made shivers run down my spine ,so i d rather be safe than sorry
i checked account and it is still untouched and pw change is next,as is GC

thanx all for your help ,it was much appreciated

dj

" it's in our genes! "

Glad to see things are working out DJ. Do you remember clicking a link or downloading something that would have installed this onto your computer? I hope it all smooths out and your avie is safe with all items secure. I wonder if its possible MA has been hacked in some fashion?

Gold Card is worth it if you have some items of value in EU. I think once I started to get an accumulation of 1K ped worth I got one but I think MA needs to look at this recent rash of hacked accounts more closely it could entirely be a problem on their end, putting us all at risk.
 
Yesterday I had a much more interesting problem. I have a spybot, Ad-aware pro, Spyware Doctor, ZoneAlarm triple suite. When I was scanning my pc with spyware doctor, it told me that "Spybot tea timer" is a win32 worm, I don't remember full name of the worm. I tryed to delete it, but SB was protecting it and always restored it, I had no chances but to reinstall spybot. And now I am afraid about my EU account. Waiting for a gold card:)
 
Hi chris i m not sure where it came from
More than 1 is using this machine it could have been there longer time i dont know
I do know i was scared the account would be cleaned out due to what happened earlier this week with Loki ,he lost most items and most skills
Normally i would not have given it a second thought ,we all know that you can do just so much to try maintain a safe environment
Update scanners,use them ,etc but what disturbed me most that the updater popped up instead of loginwindow followed by norman blocking the updater
and unable to login regardless what,while i was playing normally the day before
So how it was possible for the trojan to link itsself to EU is something i still have not figured yet.
As well that i am sure that we all might see ghosts atm affected by what happened
Maybe at a normal midweekday you would find more trojans/virusattacks than
last few days considering the amount of people playing it
Its just that all these hacks atm making us very itchy
and make no mistake serious hacks are still going on so noone is safe actually,and believe me this was a wake up call
I contact Norman and send them the files to find a solution for this updaterproblem ,somehow its common with Norman AVG
Anyway the GC is first before i start playing again

cu m8
peace
 
Yesterday I had a much more interesting problem. I have a spybot, Ad-aware pro, Spyware Doctor, ZoneAlarm triple suite. When I was scanning my pc with spyware doctor, it told me that "Spybot tea timer" is a win32 worm, I don't remember full name of the worm. I tryed to delete it, but SB was protecting it and always restored it, I had no chances but to reinstall spybot. And now I am afraid about my EU account. Waiting for a gold card:)

Well, the truth is that nobody likes competition...

Most antivirus programs and adware-removers have the other companies alike as "possible threats" and you get warned about it, even though there is no real threat.
 
Back
Top