Network Detection Questions

[ceand]

I am attempting to determine how password(s) of mine have been compromised.

I initially thought keylogging(used ezTrusts Pestpatrol, and it did find and remove one, subsequent scans have turned up nothing), but diligence on my part to copy/paste them did no good. I am now thinking remote desktop viewing, but I by no means have a clue, just thoughts.

Do any of you know a way that I can detect or block this from continuing? I would rather not reformat 4 drives for the sake of security on Diablo.

Also, do you know of a program that could mimic keystrokes in the background, to further confuse any logging, or can keyloggers be active only for certain applications?

Thanks.

 

[SuperTrap]

 

[SuperTrap]

fuck, that's a big pic

 

[ceand]

Tried, those packets, they're too damn fast!

 

[[MD5]Hash]

Easy, why not buy security software and have done with it.

I love how people use nothing - or they try and save a buck and download the free shit that does absolutely no good in the long run, then bitch when they get infected.

Here's a few tips though:

1. Stay off MySpace.
2. Never use P2P client programs, any of them.
3. Stop pirating shit.
4. Stay the fuck off of porn sites.
5. Never open E-mail from anyone you don't explicitly know or at least have some idea of who they might be.
6. At least make sure the WindowsXP SP2 firewall is never turned off.
7. Get a fucking router for the NAT firewall.
8. If you're that paranoid, buy a copy of Trend Micro Internet Security.
9. Don't use cheats, hacks, "trainers", or any other manor of game altering programs.
10. Eat shit and die. I've got balls of steel.

 

[SuperTrap]

3. Stop pirating shit.

fuck that shit

 

[ceand]

Easy, why not buy security software and have done with it.

I love how people use nothing - or they try and save a buck and download the free shit that does absolutely no good in the long run, then bitch when they get infected.

Here's a few tips though:

1. Stay off MySpace. Guilty
2. Never use P2P client programs, any of them. Never do
3. Stop pirating shit. Lottery time.
4. Stay the fuck off of porn sites. Don't visit.
5. Never open E-mail from anyone you don't explicitly know or at least have some idea of who they might be. Duh/
6. At least make sure the WindowsXP SP2 firewall is never turned off. Obviously.
7. Get a fucking router for the NAT firewall. Got one.
8. If you're that paranoid, buy a copy of Trend Micro Internet Security. Using Virusscan, ZoneAlarm, and eTrust Pest Partol ATM
9. Don't use cheats, hacks, "trainers", or any other manor of game altering programs. Guilty.
10. Eat shit and die. I've got balls of steel. Ditto.

 

[DMAUL]

lol @ any program with "internet security" in the title

 

[Brasstax]

ophcrack

 

[Teratos]

Easy, why not buy security software and have done with it.

I love how people use nothing - or they try and save a buck and download the free shit that does absolutely no good in the long run, then bitch when they get infected.

Here's a few tips though:

1. Stay off MySpace.
2. Never use P2P client programs, any of them.
3. Stop pirating shit.
4. Stay the fuck off of porn sites.
5. Never open E-mail from anyone you don't explicitly know or at least have some idea of who they might be.
6. At least make sure the WindowsXP SP2 firewall is never turned off.
7. Get a fucking router for the NAT firewall.
8. If you're that paranoid, buy a copy of Trend Micro Internet Security.
9. Don't use cheats, hacks, "trainers", or any other manor of game altering programs.
10. Eat shit and die. I've got balls of steel.

Add: 11. Don't let other people use your computer.

And when did we get another Bad_CRC?

 

[ceand]

ophcrack

Wicked.

Absolutely wicked!

 

[[MoM] Gort]

I am attempting to determine how password(s) of mine have been compromised.

 

[[MoM] Gort]

Easy, why not buy security software and have done with it.

I love how people use nothing - or they try and save a buck and download the free shit that does absolutely no good in the long run, then bitch when they get infected.

Here's a few tips though:

1. Stay off MySpace.
2. Never use P2P client programs, any of them.
3. Stop pirating shit.
4. Stay the fuck off of porn sites.
5. Never open E-mail from anyone you don't explicitly know or at least have some idea of who they might be.
6. At least make sure the WindowsXP SP2 firewall is never turned off.
7. Get a fucking router for the NAT firewall.
8. If you're that paranoid, buy a copy of Trend Micro Internet Security.
9. Don't use cheats, hacks, "trainers", or any other manor of game altering programs.
10. Eat shit and die. I've got balls of steel.

Good suggestions, all. Another good idea if you're a Windows user is to never, ever, EVER run under an administrative context. It can be a pain in the ass ("run as" is your friend), but it's a good way to guard against compromise.

 

[ceand]

What would cookies have to do with Battle.net passwords?

 

[Whistler]

windows firewall w/ SP2 and auto updates, and common sense are the only things you need to have a computer without viruses/spyware

should be anyway

if you did get a virus then it gets more complicated, but it sounds like youve fixed it and are talking about future prevention

i mean by now most of us should be able to tell the difference between good sites and bad ones by now

 

[ceand]

I also want to know how to prevent/detect it from happening again.

Using Ethereal and KLD to attempt any detections.

 

[ceand]

Hmm, KLD came up with these, and neither of them exist or are resident in memory:

E:\games\Diablo II\ver-IX86-3.mpq
was created.

E:\games\Diablo II\ver-IX86-3.dll
was modified.

Ideas on what these might be? Google turned up squat.

 

[[MD5]Hash]

Hmm, KLD came up with these, and neither of them exist or are resident in memory:

E:\games\Diablo II\ver-IX86-3.mpq
was created.

E:\games\Diablo II\ver-IX86-3.dll
was modified.

Ideas on what these might be? Google turned up squat.

KLD = ???

Anyways, if something is telling you these two files are viruses, spyware, fuckyouuptheassware, whatever. You probably can't delete them because they're either rootkitted in your system, or their system files and/or hidden.

If you must remove these, you'll need to load up a command prompt, and navigate to that directory.

First though, before you start doing this - is Diablo II actually installed there? If he doesn't have Diablo II, go for it, otherwise double check to make sure it's okay.

Load a command prompt, go to that directory, and change the file attributes of each file you need to delete, just run all the attrib extensions, syntax is as follows:

ATTRIB -R -A -S -H file.ext

Then just try and delete both from the command prompt, if that doesn't work, let me know.

 

[ceand]

Yes, D2 is installed in that directory.

Oh, and KLD = KeyLog Detector

What I don't know is if that is the notorious bnet warden loading and unloading.

After further investigation, it also does this:

E:\games\Diablo II\bncache-520.dat
was created.

E:\games\Diablo II
was modified.

E:\games\Diablo II\ver-IX86-7.mpq
was created.

E:\games\Diablo II
was modified.

E:\games\Diablo II\bncache-520.dat
was modified.

C:\Documents and Settings\CeanD_MaN.CEAND\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1757981266-682003330-1003\1b20937c432fabd1e2e747e8e81760ff_8968de71-016f-46a9-a853-0347fcb61f54
was created.

C:\Documents and Settings\CeanD_MaN.CEAND\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1757981266-682003330-1003
was modified.

C:\Documents and Settings\CeanD_MaN.CEAND\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1757981266-682003330-1003\1b20937c432fabd1e2e747e8e81760ff_8968de71-016f-46a9-a853-0347fcb61f54
was modified.

E:\games\Diablo II\ver-IX86-7.dll
was created.

C:\Documents and Settings\CeanD_MaN.CEAND\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1757981266-682003330-1003
was modified.

E:\games\Diablo II
was modified.

E:\games\Diablo II\ver-IX86-7.dll
was modified.

E:\games\Diablo II\ver-IX86-7.mpq
was removed.

E:\games\Diablo II\ver-IX86-7.dll
was removed.