Overclock.net › Forums › Software, Programming and Coding › Networking & Security › WoW account Hacked- Hyjackthis file.
New Posts  All Forums:Forum Nav:

WoW account Hacked- Hyjackthis file. - Page 3

post #21 of 58
You said you watch movies @ wowmovies.com.. I know for a fact there's a keylogger named wowmovies.exe, I wouldn't be suprised if that site is your problem.
Locked88
(13 items)
 
  
OSKeyboardMouse Pad
Windows Vista 64bit Logitech 250 Deluxe S&S Steel SK 
  hide details  
Reply
Locked88
(13 items)
 
  
OSKeyboardMouse Pad
Windows Vista 64bit Logitech 250 Deluxe S&S Steel SK 
  hide details  
Reply
post #22 of 58
This process look different. Is this an authorized process?

O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\\components\\hidinputmonitorx.ocx

If it is authorized this process is authorized, I'd say that you weren't hacked w/ a brute forcer. Maybe it was a network packet sniffer or something like that.
post #23 of 58
go to spybot.com, and then add urself into the forums. they are very helpful. fixed a pretty big problem with my mates computer.
download avg free and see what it finds.
Main system
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500 Gigabyte H67MA-D2H Nvidia GTX460 Kingston 4GB DDR3 1600 C9 
Hard DriveHard DriveCoolingOS
1TB Seagate 7200rpm Intel SSD Zalman CNPS10X Windows 7 
MonitorPowerCase
22" Viewsonic VX2250W LED 700w Thermaltake Litepower Antec 300 
  hide details  
Reply
Main system
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500 Gigabyte H67MA-D2H Nvidia GTX460 Kingston 4GB DDR3 1600 C9 
Hard DriveHard DriveCoolingOS
1TB Seagate 7200rpm Intel SSD Zalman CNPS10X Windows 7 
MonitorPowerCase
22" Viewsonic VX2250W LED 700w Thermaltake Litepower Antec 300 
  hide details  
Reply
post #24 of 58
The worst thing I see right off the top is that you use McAfee to protect yourself. No wonder you got a virus. McAfee is about as much protection as a perforated condom.

You could, however, lookup some of the less familiar processes at processlibrary.com. At first I suspected the CurseClient.exe program, but I am fairly certain now it is ok. Check out some of the other processes though. I would but I'm limited on time right now.

EDIT- I found one. "aswwer.dll" Certified virus.
Edited by PhillyOverclocker - 6/30/08 at 7:30pm
My System
(17 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X4 955  Gigabyte GA-MA790XT-UD4P Sapphire HD 6950 Sapphire HD 6950 
RAMHard DriveHard DriveOptical Drive
G-Skill Mushkin Callisto Deluxe WD Black LG Supermulti 
CoolingOSKeyboardPower
Rasa Black CPU water block. Rasa X20 pump/res c... Windows 7 Ultimate x64 Deck Legend Fire mechanical with Cherry Black s... Cooler Master Silent Pro Gold 1200W modular PSU. 
CaseMouseAudio
Cooler Master Storm Scout Logitech MX-518 Logitech Wireless headset for gaming and 100w M... 
  hide details  
Reply
My System
(17 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X4 955  Gigabyte GA-MA790XT-UD4P Sapphire HD 6950 Sapphire HD 6950 
RAMHard DriveHard DriveOptical Drive
G-Skill Mushkin Callisto Deluxe WD Black LG Supermulti 
CoolingOSKeyboardPower
Rasa Black CPU water block. Rasa X20 pump/res c... Windows 7 Ultimate x64 Deck Legend Fire mechanical with Cherry Black s... Cooler Master Silent Pro Gold 1200W modular PSU. 
CaseMouseAudio
Cooler Master Storm Scout Logitech MX-518 Logitech Wireless headset for gaming and 100w M... 
  hide details  
Reply
post #25 of 58
Thread Starter 
Quote:
Originally Posted by PhillyOverclocker View Post
The worst thing I see right off the top is that you use McAfee to protect yourself. no wonder you got a virus.

You could, however, lookup some of the less familiar processes at processlibrary.com. At first I suspected the CurseClient.exe program, but I am fairly certain now it is ok. Check out some of the other processes though. I would but I'm limited on time right now.
curse.exe is a wow mod management program that has millions of subscribers. it's not that... McAfee is the only thing that will work with The Ohio State University network... so i'm kind of limited there.
Blue Steel Beauty
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8500 E0 ASUS P5P43 EVGA 9800 GTX+ 8192 (4x2G) Corsair Dominator DDR3 
Hard DriveOSMonitorKeyboard
640 Gig SATA Win 7 Ultimate 2x 22" Widescreen Asus VW224U Logitech G15 
PowerCaseMouse
Corsair 550vx Thermaltake Armor Series Logitech G5 2000dpi!! 
  hide details  
Reply
Blue Steel Beauty
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8500 E0 ASUS P5P43 EVGA 9800 GTX+ 8192 (4x2G) Corsair Dominator DDR3 
Hard DriveOSMonitorKeyboard
640 Gig SATA Win 7 Ultimate 2x 22" Widescreen Asus VW224U Logitech G15 
PowerCaseMouse
Corsair 550vx Thermaltake Armor Series Logitech G5 2000dpi!! 
  hide details  
Reply
post #26 of 58
Thread Starter 
Quote:
Originally Posted by deskjockey View Post
yes stop that

now to get cleaning....sounds like you know kind of what you are doing.

start in safe mode and run your UPDATED antivirus

also run smitfraudfix, avg anti-root and then....msconfig and look at the startup...see whats there
you'll never guess... my antivirus broke smitfraudfix as i was trying to install it.

x_x
Blue Steel Beauty
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8500 E0 ASUS P5P43 EVGA 9800 GTX+ 8192 (4x2G) Corsair Dominator DDR3 
Hard DriveOSMonitorKeyboard
640 Gig SATA Win 7 Ultimate 2x 22" Widescreen Asus VW224U Logitech G15 
PowerCaseMouse
Corsair 550vx Thermaltake Armor Series Logitech G5 2000dpi!! 
  hide details  
Reply
Blue Steel Beauty
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8500 E0 ASUS P5P43 EVGA 9800 GTX+ 8192 (4x2G) Corsair Dominator DDR3 
Hard DriveOSMonitorKeyboard
640 Gig SATA Win 7 Ultimate 2x 22" Widescreen Asus VW224U Logitech G15 
PowerCaseMouse
Corsair 550vx Thermaltake Armor Series Logitech G5 2000dpi!! 
  hide details  
Reply
post #27 of 58
I found it. It was the "aswwer.dll" BHO. It is a certified virus.
My System
(17 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X4 955  Gigabyte GA-MA790XT-UD4P Sapphire HD 6950 Sapphire HD 6950 
RAMHard DriveHard DriveOptical Drive
G-Skill Mushkin Callisto Deluxe WD Black LG Supermulti 
CoolingOSKeyboardPower
Rasa Black CPU water block. Rasa X20 pump/res c... Windows 7 Ultimate x64 Deck Legend Fire mechanical with Cherry Black s... Cooler Master Silent Pro Gold 1200W modular PSU. 
CaseMouseAudio
Cooler Master Storm Scout Logitech MX-518 Logitech Wireless headset for gaming and 100w M... 
  hide details  
Reply
My System
(17 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X4 955  Gigabyte GA-MA790XT-UD4P Sapphire HD 6950 Sapphire HD 6950 
RAMHard DriveHard DriveOptical Drive
G-Skill Mushkin Callisto Deluxe WD Black LG Supermulti 
CoolingOSKeyboardPower
Rasa Black CPU water block. Rasa X20 pump/res c... Windows 7 Ultimate x64 Deck Legend Fire mechanical with Cherry Black s... Cooler Master Silent Pro Gold 1200W modular PSU. 
CaseMouseAudio
Cooler Master Storm Scout Logitech MX-518 Logitech Wireless headset for gaming and 100w M... 
  hide details  
Reply
post #28 of 58
Thread Starter 
Quote:
Originally Posted by PhillyOverclocker View Post
I found it. It was the "aswwer.dll" BHO. It is a certified virus.
yes but could it steal a password?
Blue Steel Beauty
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8500 E0 ASUS P5P43 EVGA 9800 GTX+ 8192 (4x2G) Corsair Dominator DDR3 
Hard DriveOSMonitorKeyboard
640 Gig SATA Win 7 Ultimate 2x 22" Widescreen Asus VW224U Logitech G15 
PowerCaseMouse
Corsair 550vx Thermaltake Armor Series Logitech G5 2000dpi!! 
  hide details  
Reply
Blue Steel Beauty
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8500 E0 ASUS P5P43 EVGA 9800 GTX+ 8192 (4x2G) Corsair Dominator DDR3 
Hard DriveOSMonitorKeyboard
640 Gig SATA Win 7 Ultimate 2x 22" Widescreen Asus VW224U Logitech G15 
PowerCaseMouse
Corsair 550vx Thermaltake Armor Series Logitech G5 2000dpi!! 
  hide details  
Reply
post #29 of 58
Well if you cant figure out what hacked you your best bet is to do a format cause you might have a hidden trojan and soon as you reset your passwords they get it from you agian. EDU's are a huge target of botnets and hackers and if your windows waset fully updated you were asking to be hacked to tbo thiers alot of exploits that go right thru firewalls if the computer is not updated.
SABERWOLF
(18 items)
 
XEON-WOLF
(18 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6800K MSI X99A GAMING PRO CARBON EVGA GTX 1080 FTW Hydro Copper G.SKILL TridentZ Series 
Hard DriveCoolingCoolingCooling
Samsung EVO 850 500 EK-SBAY Dual DDC 3.2 PWM Serial Alphacool NexXxoS ST30 Full Copper Radiator 360 Hardware Labs Black Ice SR2 Multiport Black Car... 
CoolingCoolingOSMonitor
EK-CoolStream RAD XTC 420 koolance 380i Windows 10 Pro ASUS VW246H Black 24" 2ms 
PowerCaseMouseAudio
SeaSonic M12D SS-850 850W  Thermaltake core x71 CM Storm Sentinel Advance II Corsair Void 
CPUMotherboardGraphicsRAM
X5675@4400 1.344 ASUS P6X58D-E XfX RX480 RS F3-12800CL7T-6GBPI 6-7-6-21 1T 
RAMHard DriveHard DriveHard Drive
F3-12800CL9S-4GBRL WDC WD1001FALS-00J7B1 ST31000340AS WDC WD7500AAKS-00RBA0 
Hard DriveOptical DriveCoolingOS
Hitachi HDS723020BLA642 ihas 624-A SilverStone Heligon HE01 windows 10 64 Pro 
MonitorPowerCase
Vizio 42inch lcd tv CORSAIR CMPSU-950TX Modded Rocketfish 
  hide details  
Reply
SABERWOLF
(18 items)
 
XEON-WOLF
(18 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6800K MSI X99A GAMING PRO CARBON EVGA GTX 1080 FTW Hydro Copper G.SKILL TridentZ Series 
Hard DriveCoolingCoolingCooling
Samsung EVO 850 500 EK-SBAY Dual DDC 3.2 PWM Serial Alphacool NexXxoS ST30 Full Copper Radiator 360 Hardware Labs Black Ice SR2 Multiport Black Car... 
CoolingCoolingOSMonitor
EK-CoolStream RAD XTC 420 koolance 380i Windows 10 Pro ASUS VW246H Black 24" 2ms 
PowerCaseMouseAudio
SeaSonic M12D SS-850 850W  Thermaltake core x71 CM Storm Sentinel Advance II Corsair Void 
CPUMotherboardGraphicsRAM
X5675@4400 1.344 ASUS P6X58D-E XfX RX480 RS F3-12800CL7T-6GBPI 6-7-6-21 1T 
RAMHard DriveHard DriveHard Drive
F3-12800CL9S-4GBRL WDC WD1001FALS-00J7B1 ST31000340AS WDC WD7500AAKS-00RBA0 
Hard DriveOptical DriveCoolingOS
Hitachi HDS723020BLA642 ihas 624-A SilverStone Heligon HE01 windows 10 64 Pro 
MonitorPowerCase
Vizio 42inch lcd tv CORSAIR CMPSU-950TX Modded Rocketfish 
  hide details  
Reply
post #30 of 58
Quote:
Originally Posted by PhillyOverclocker View Post
I found it. It was the "aswwer.dll" BHO. It is a certified virus.
Yes but that file was missing.... probs deleted by your antivirus
Gaming Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Q6600 G0 @ 3.5GHz Gigabyte GA-P35-DS3L EVGA GTX 260 Core 216 Superclocked Edition 4GB G.Skill DDR2 PC2-6400 HK 4-4-3-5 @ 940MHz 
Hard DriveOSMonitorKeyboard
WD6401AALS 640GB Black + Samsung F3 1TB Windows 7 Ultimate 64Bit Samsung SM2253BW 22" 1680x1050 Microsoft Digital Media 3000 
PowerCaseMouse
Corsair AX750 CoolerMaster 690 NVIDIA Edition Microsoft Laser Mouse 6000 
  hide details  
Reply
Gaming Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Q6600 G0 @ 3.5GHz Gigabyte GA-P35-DS3L EVGA GTX 260 Core 216 Superclocked Edition 4GB G.Skill DDR2 PC2-6400 HK 4-4-3-5 @ 940MHz 
Hard DriveOSMonitorKeyboard
WD6401AALS 640GB Black + Samsung F3 1TB Windows 7 Ultimate 64Bit Samsung SM2253BW 22" 1680x1050 Microsoft Digital Media 3000 
PowerCaseMouse
Corsair AX750 CoolerMaster 690 NVIDIA Edition Microsoft Laser Mouse 6000 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › WoW account Hacked- Hyjackthis file.