Ok going back to this post i made http://wow.incgamers.com/forums/showthread.php?t=398608

It turns out it was/is a key logger.
I reinstalled wow and it was being closed down all the time, then I noticed on my desktop a note pad with the following on it.

Now I went along with this, while on the phone to my best mate who was changing my passwords on his PC on the wow site, as I spoke to this guy

You have two options:
1) Hand over your account and start all over again
-or-
2) Have your main send me 200g a week.

Choose wisely.

Me: and who do i send this gold to?

a tempory account.

what messanger do you use?

Me: I dont currently use one.

Oh its going to be fun talking on Notepad. :D

Me: Personally I am not finding this fun.

Well its the way it has to be.

Me: Who do I send the gold to

A tempory account.

Me:and you will create this account?

Yes.

If you report this to blizzard it will be a big no no.

You have untill the 26th for the first payment. I will be in touch

Me: Ok can I go back to playing in piece to get your gold now.

Yes have fun. :)

He did try and close this note pad down before it saved but i took a screen print and unplugged the modem.

In a way I suppose I was lucky that this twat. (please excuse my language.) gave me the option of not having my stuff removed.

First things first, don't log into your account at all. You did wise, getting to a friend's or someone else's completely different and unlinked computer and changing the password there. But don't break down and log in, if he's got a half way decent keylogger he'll be able to read it. Don't even connect the infected PC to the internet, keep it isolated until we're sure it's clean.

What firewall and antivirus software do you use to keep secure? Can we see these screenshots taken?

I did go over my friends house straight after this and logged on to WoW and all is well with that. Phew

I am running Avast as my anti virus but noticed my Firewall was not switched on. (I know silly me.) I have just installed Spyware Doctor and that seems to have picked him up and blocked him. But I will not be starting WoW untill a freash install of windows on the PC.

This is the screenshot of my delightful conversation with this guy.
http://i49.photobucket.com/albums/f288/hizzett/sce.jpg

Is your connection being fed through a router at any point? Hopefully if it has been set up properly, you can retrieve the logs for that time period around 1:25 and find out what his IP address was, amongst other things. Using that, his identity can be revealed and the tables are slightly more turned.

If you don't have a router, get one. Perhaps the best anti-hacker tool in the home environment, hardware always beats software solutions. Oh, and to stop him gaining control again: 'Start' 'Run' type and open "Services.msc"
Disable the following services: NetMeeting Remote Desktop Sharing, Remote Desktop Help Session Manager, Remote Registry

Once those three services are fully disabled, that should stop him gaining control from another computer through the traditional desktop control methods.

One last thing, load and run as more than one anti-spyware protection system. The cracks in one alone are too easy to exploit usually, throw him through a few more rings just to make his life more difficult. Add Hijackthis and Spybot - Search & Destroy, run them both, and be sure to use Spybot's Immunise feature. Cleaning up the junk is one thing, closing a few of the more common loopholes to prevent attacks in those areas ever again is better.

Scary story.

I'm pondering about any loopholes this guy might have to escape being reported, and up to now I can't find any. Maybe I am missing something. But if he gives you an account to send the gold to, even if it's just a temporary one, you should be able to report him, no?

Great advice from Kalos here, and we will help you along the way, but I personally think you still need to contact Blizzard about this.

Which firewall are you using? If it's the XP built in one, please get another.

The XP one doesn't block outgoing, only incoming.

Something like ZoneAlarm (free) will tell you every time a program wants internet access, and ask you if you want to let it out.

It also asks every time a program gets 'changed' so your patching will be slower and you have to re-allow WOW every patch day, but it's a lot safer.

DM

DM has a great program there. ZoneAlarm is perhaps one of the best firewalls I have discovered over the years, there are few that are as secure as it on the software side. Doesn't make up for a router mind you, but in conjunction it makes for a tougher egg to crack.

Thanks for all your info Kalos. :smiley:

I was running the standard firewall provided by my broadband provider. I have now installed Zone Alarm. and have done a complete scan and all infections are removed.

Looking at it, was this person more of a hacker than a key logger. I wonder this as he told me to hand the account over. as if he didn't have my password to enter my WoW account and just strip it bare as a key logger would. also the fact he could control my PC.

Did you follow this step as well? 'Start' 'Run' type and open "Services.msc"
Disable the following services: NetMeeting Remote Desktop Sharing, Remote Desktop Help Session Manager, Remote Registry

It is highly essential to your security. These services were designed for the operation of slave computers, servers and remote controlled PCs, allowing one computer to take control and influence another. Remove those services, you take away the native Windows support for the activities he was doing. You also free up system resources and make Windows slightly faster. The only cost is if you wanted to engage in those activities yourself. I do for instance, with my own server. But the majority of users do not, and it is a security risk. For the life of me I do not know why Microsoft was so stupid to leave it on by default; it's a good feature when used right, but there's no need for it to be on 24/7, and when the majority of people don't even know about it, it's just a pointless loophole for hijacking hackers.

Spybot - Search and Destroy's Immunise function is also near priceless. It's basically a blacklist of IP and DNS addresses that are known hackers and malware spreaders. Prevents your PC from accepting any content from them, thus preventing infections from the big players who are known on the scene. The scanning function of rooting out existing infections is pretty solid as well.

Yes I've disabled the 3 of them aswell.

I will look into spybot aswell. Once again thanks for all your help. :thumbsup:

what an *** that guy was.

yep he was, he cant even raise his own account which is kinda sad