EvilZone
Hacking and Security => Game Hacking, Modding & Discussing => : defalt July 22, 2015, 03:26:23 AM
-
How convenient this happened to me the day I was about to trade up my knife.
My Steam account got hacked and all my expensive items were sold on the Steam market, including my knife, and the hackers bought a $0.25 skin for $127 and left $11 in my Steam wallet. I've sent a ticket to Steam Support, but their response times are infamously long, so it will probably be about a week before everything is back to normal. While I'm waiting, is there a way to see where and when my Steam account was recently access and see the IP so I can fuck with these guys? I mean, I probably picked up a bit of malware while my Steam was open (thanks bitdefender), doesn't necessarily mean these guys are good enough to be considered hackers but they probably hide behind a VPN. Still would like to see, out of sheer curiosity. From most of what I'm finding online, you can't find the IPs of recent logins or login attempts, but maybe somebody here knows some 1337 watch_dogs way of finding these things out?
-
Your best chance at this is to go after a known identity they have online and try to social engineer them, not try to get their IP.
Watch_Dogs is not like real life. Defalt was so bad I could not stop cringing.
I see you have cookies so I assume you aren't a skid. Take warning, because hackers around here don't take kindly to questions about "tracking IPs" to "fuck people up."
-
Your best chance at this is to go after a known identity they have online and try to social engineer them, not try to get their IP.
Watch_Dogs is not like real life. Defalt was so bad I could not stop cringing.
I see you have cookies so I assume you aren't a skid. Take warning, because hackers around here don't take kindly to questions about "tracking IPs" to "fuck people up."
Well, "tracking his IP to fuck him up" was a little bit more on the a satire side because overall, I want to figure out a way to see when my Steam account was accessed and from what IP. I believe it will tell you this if you get a Steam Guard notification, but unfortunately, I did not get one when my account was breached.
I'll decide what to do if I can see the IP address that my account was accessed from, whether or not it turns out to be useful at all, but that's the question I ended my thread with. That's all I want to know right now. Maybe I should've adjusted the title a bit more appropriately.
-
Truthfully, it is possible there is no ip to find; now I haven't gotten deep with steam in many years, since it first came out. But if they haven't fixed some of their issues, it is possible, for someone to high-jack your connection, and use it, as it's tunneled through you. Perhaps, it might be a good idea, to first think about using wireshark, to sniff out what is going on, while you are on steam...
Although just the same, the idea of trying to social engineer the person; that would imply you already have an idea of whom it was. So, sorry sh4d0w; kind of a moot point. And though Watch Dogs may not be real; it's not too far fetched either; shit, you can turn a person's monitor into a keylogger with virtually any mobile device... Hackers have the ability to take down governments, and the governments know it; it may not be what Watch Dogs is, but Watch Dogs is a great fictional representation, of what hackers can do...
-
While I'm waiting, is there a way to see where and when my Steam account was recently access and see the IP so I can fuck with these guys?
I won't help you with that, but the way you got "hacked" was likely a malware infection. Are you on a Windows computer? Do you need help to check for malware?
-
I won't help you with that, but the way you got "hacked" was likely a malware infection. Are you on a Windows computer? Do you need help to check for malware?
Yeah, it was malware. Thank you for asking, I may need to check for any remaining malware. I am on Windows 7, like any proper Steam user. Since last night, though, it's been brought to my attention that if your account was breached via "Steam stealer" malware, Steam support may be unwilling to help you as it's "your responsibility to keep your account secure, and you failed."
In other words, Steam's dystopian policies now benefit the criminals and hurt the genuine users. What a time to be alive. I may not have my skins, but I have my skill. SMFC represent.
-
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
- Please provide both logs (FRST.txt and Addition.txt) in your next reply.
-
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
- Please provide both logs (FRST.txt and Addition.txt) in your next reply.
This seems sketch as fuck. Oh, well; I'm currently out right now (on mobile). I'll be sure to do that when I get back.
-
(http://i0.kym-cdn.com/photos/images/newsfeed/000/064/995/633570298463292426-FaithIfindyoulackofitdisturbingDemotivator.jpg)
-
Honestly... I agree, that does seem sketch as fuck... However, here is something else you could try... https://www.piriform.com/ccleaner CCleaner I have been using for over a decade (when it comes to cleaning out Microshit systems). If you've ever used HiJackThis; well this is much better, but does give you an ability to check deeper then usual like HiJackThis used to do... Also for A/V use Avast or Panda; these two have always been at the top. Actually Panda and Avast were the first to actually implement sandboxing...
-
You guys should look up the software before you start telling us about your spidey senses tingling.
IMO Deque should charge you as a client instead of trying to be helpful. Too bad, you had an opportunity to learn something from a professional and instead your shooing away the help.
Dont be skerd.
-
You guys should look up the software before you start telling us about your spidey senses tingling.
IMO Deque should charge you as a client instead of trying to be helpful. Too bad, you had an opportunity to learn something from a professional and instead your shooing away the help.
Dont be skerd.
Considering you said that, after I posted, it does seem as though you're also talking to me... Did you not realize my reference to HiJackThis? The original to Farbar recovery scan tool... I put that reference in there, for a reason. CCleaner, has a section, that does what Farbar recovery scan tool does. If memory serves me right, farbar used to speak very highly of HiJackThis; hence why farbar scan tool even exists...
-
Honestly... I agree, that does seem sketch as fuck... However, here is something else you could try... https://www.piriform.com/ccleaner CCleaner I have been using for over a decade (when it comes to cleaning out Microshit systems). If you've ever used HiJackThis; well this is much better, but does give you an ability to check deeper then usual like HiJackThis used to do... Also for A/V use Avast or Panda; these two have always been at the top. Actually Panda and Avast were the first to actually implement sandboxing...
Considering you said that, after I posted, it does seem as though you're also talking to me... Did you not realize my reference to HiJackThis? The original to Farbar recovery scan tool... I put that reference in there, for a reason. CCleaner, has a section, that does what Farbar recovery scan tool does. If memory serves me right, farbar used to speak very highly of HiJackThis; hence why farbar scan tool even exists...
It is hard to stand that high amount of bullshit here.
CCleaner does not remove malware. That is like claiming your broom gets rid of a cockroach infestation.
HijackThis is outdated, no one uses it anymore, except for people that have been in coma for 10 years. HJT does not support any OS after Windows XP. So it should also not be used by the OP, who has Windows 7. *sigh*
Don't use your obviously bad memory, do actual research. You will see that every reputable malware removal forum uses FRST nowadays. You will see that the logs HJT throws out are only a small subset of what FRST can tell.
Now go into the corner and shame on you.
(http://i1.kym-cdn.com/photos/images/original/000/364/104/af5.gif)
-
Honestly... I agree, that does seem sketch as fuck... However, here is something else you could try... https://www.piriform.com/ccleaner (https://www.piriform.com/ccleaner) CCleaner I have been using for over a decade (when it comes to cleaning out Microshit systems). If you've ever used HiJackThis; well this is much better, but does give you an ability to check deeper then usual like HiJackThis used to do... Also for A/V use Avast or Panda; these two have always been at the top. Actually Panda and Avast were the first to actually implement sandboxing...
I said that jokingly. It's fine. Didn't realize how long it'd be before I'd be able to do this, though. It's fuckin' 2:31 AM now, wow. Alright, I'm going to do the thing.
-
Deque, where in there did I ever say malware? I said I use it when cleaning out systems; that doesn't mean malware... CCleaner, does more then FRST; it scans the registry, and for the last 10 years, has stopped invalid firewall rules, that doesn't get cleaned out from any Malware system I have ever tried. On top of that, CCleaner, cleans out JUNK FILES, TEMP FILES, and so forth; it makes all the tedious bullshit like cookies, including sticky cookies, and tracker cookies, as easy as pie. Plus, you can scan, or wipe any free space on your drive, to ensure there is no non-indexed programs being hidden, or to cover tracks on deleted files... And to top it all off, it allows you to alter any startup file; not just windows start ups, but also IE, Chrome, Firefox, Scheduled tasks and so forth.
Oh, plus it provides similar information as FRST; or at least it is far more in-depth then HJT.
Now, I haven't cared to be in any community in a long time; cause I got tired of idiot SKIDs like you. Farbar, learned some shit from me, over 6 years ago... See I use programs, based on trial and error, and how it compares to other programs; I don't use a program cause "Reputable communities", say to use a program, that's skiddy bullshit bro... Seriously, do you think Linux would even exist, if Linus Torvald, used what all the "Reputable Communities" used? Fuck no, he didn't spread Skiddy bullshit...
And you're right the bullshit here, is at a high amount; stop spreading bullshit... You're inability to understand the difference between cleaning out a system, and MALWARE; pretty pathetic when I am the one with Memory Issues... You're inability to distinguish between; referencing the similarity, the best part of an old program, or me questioning if it had ever been used; and me telling someone to use that program.... Are you fuckin Delusional??? Stop fantasying, and stop seeing only what you want to see; that inability to tell the difference between what is REAL, and what is IN YOUR HEAD; makes you Delusional... I have brain damage; so yes, I have memory issues, and yes I get things confused; but what the fuck is your excuse? Cause I have an actual reason, with 2 MRIs to back it up...
And one last thing... Malware, is not the only thing that can be cleaned out; skid... And if anyone needs to be in the "shame corner" it would be the person using programs cause "reputable communities" say to use it, instead of using a program cause it has survived the test of time, and passed with flying colors... And again, the person who made FRST, learned shit from me...
@default - I too said jokingly, but Deque obviously has an ego problem; and shit I always worry about my own egotism, why do skids think they know it all?
-
I just glanced over the topic quickly, but..
something else you could try... https://www.piriform.com/ccleaner CCleaner
..until this, everyone was talking about malware and you're like "try this" and next "you got me wrong , I wasn't talking about what EVERYONE else was talking." If everyone has been talking about cleaning off malware and you offer someone a softaware for clening. You don't see how it seems that you are offering it as a way to clean malware? Gee, I wonder why Deque got you wrong(as you claim).
Seriously, do you think Linux would even exist, if Linus Torvald, used what all the "Reputable Communities" used?
Well, basically Linux exists because Torvalds didn't have money for what all the "Reputable Communities" used(unix).
Besides, maybe you should check some of her other posts also and realise which one, she or you, is going to be taken as skid here. I know she is not the one, maybe you're not skid either but in your case there's nothing that would prove otherwise.
So just shut the fuck up( I will also now) and let someone who certainly knows what she is talking about to help the op .
-
@BurnThe
FaggotWicked
Post MRIs and proof farbar used shit learned from you.
Don't talk shit that your ass can't cash
What do you do? Post retarded shit online? Deque is a malware analysis at a very reputable anti-virus company.
-
@BurnTheFaggotWicked
Post MRIs and proof farbar used shit learned from you.
Don't talk shit that your ass can't cash
What do you do? Post retarded shit online? Deque is a malware analysis at a very reputable anti-virus company.
^ This
And yes if Deque ever proposed to help with a malware problem, I'd be forever thankfull. And when it comes to malware, Deque is the best on this forum. So @BurnTheWicked I'd suggest not going into troubled waters.
Just noticed this:
And one last thing... Malware, is not the only thing that can be cleaned out; skid...
^Deque, a skid ? U clearly have brain problems
What I suggest you do:
- Disappear for a month or two
- Read this: https://evilzone.org/general-discussion/for-those-who-think-that-they%27re-too-good-to-be-considered-noobs/
your situation now:
<m0rph> that's like walking into a karate dojo for the first time in your life, and challenging the 15-dan Grand Master Black Belt to a battle of death
-
Some wall of butthurt shit
Ok, I can't stand it when people get so fucking hurt when they get called wrong and starts to throw around insults. You got no right to call a reputable member like Deque a skid, being a mere member here for a day.
@People: stop derailing this thread, ohlawd.
-
How is Ccleaner not a skid tool?
BTW -
Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.
@OP
Do you or have you ever installed or ran crack/keygen software or downloaded pirate-soft?
Does anyone else have your logmein info?
Review: http://community.logmein.com/t5/Miscellaneous/email-Hacked-or-Sold/td-p/129602
Have you responded to any emails from Steam asking your to verify your account?
I just recently got an email saying that my Battle.net account was flagged for illegal activity in War Craft - that I needed to login to verify my account. The login page looked like Battle.net, but it was hosted on another site. Plus, I dont play War Craft.
Do you have anyone else living with you that would have access to your computer? Its quick and simple to run software that would dump your stored web browser credentials.
You have a lot of games installed.
You have remote access software installed.
When in doubt - format/re-partition/reinstall-os
You might want to try HitmanPro, (http://www.surfright.nl/en/hitmanpro)
you can use it for 30-days free, I suggest just running one time. I still think you ought to blow away your system and start over. Just to clear your conscious.
-
How is Ccleaner not a skid tool?
BTW -
@OP
Do you or have you ever installed or ran crack/keygen software or downloaded pirate-soft?
Does anyone else have your logmein info?
Review: http://community.logmein.com/t5/Miscellaneous/email-Hacked-or-Sold/td-p/129602
Have you responded to any emails from Steam asking your to verify your account?
I just recently got an email saying that my Battle.net account was flagged for illegal activity in War Craft - that I needed to login to verify my account. The login page looked like Battle.net, but it was hosted on another site. Plus, I dont play War Craft.
Do you have anyone else living with you that would have access to your computer? Its quick and simple to run software that would dump your stored web browser credentials.
You have a lot of games installed.
You have remote access software installed.
When in doubt - format/re-partition/reinstall-os
You might want to try HitmanPro, (http://www.surfright.nl/en/hitmanpro)
you can use it for 30-days free, I suggest just running one time. I still think you ought to blow away your system and start over. Just to clear your conscious.
I used to use cracked games before I reinstalled my OS recently to put it on my SSD. No one else used this computer. What software is the remote access
software and how do I get rid of it? After I made sure my Steam account was secured, I did a sweep with Bitdefender and HitmanPro. According to them, it looks fine. Also reinstalled the Steam client. No one else should have my Logmein Hamachi info, I just used it for Terraria but now that it has official Steam multiplayer support, I'm going to uninstall it. No sketchy emails from Steam.
-
@BurnTheWicked If you are interested to continue the discussion I will get back to you in another thread (just throw in a yes and I will open one). Otherwise we will leave it as is. You already got a lot of heat here and I want stay on topic while assisting defalt.
@defalt: The good news is that the FRST logs look clean. I just see one potentially unwanted program called Hotspot Shield. It could be a leftover. Did you have it installed at some point? Is it there on purpose?
Step 1: Disable Windows Defender. It is enabled on top of your actual antivirus software, which is not necessary.
Type services.msc in the run box of your start menu, then double-click on Windows Defender and change the startup type to disabled.
Step 2:
- Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe).
- Right click aswMBR.exe to run as administrator.
- Click Scan
- Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix.
- You will also notice another file created named MBR.dat. You can ignore that for now.
-
The rootkit scan is clean too, which is great.
Java 8 Update 45 --> this version is vulnerable. Update it: https://java.com/en/download/
And if you want to remove the Anchorfree VPN copy and paste the following lines from the code box below and save as fixlist.txt <-- the name is important!
start
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.)
C:\Windows\System32\DRIVERS\taphss6.sys
EmptyTemp:
end
It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work.
Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST64.exe and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log in the same folder (Fixlog.txt). Post the contents here.
-
Let me just add that for anyone who does not know this fine young lady above , she is to be trusted.
We are not some skidcentral but a community where we trust certain people , this is one of them.
-
Zane, next time use PM to send sensitive files, here any one can see quit a lot of information that they can use to build a picture on exploiting you. Why do you have hard drive's called ebola and aids ?
This tool look's like a really good, the amount of information it give about a system is amazingly detailed tool. My dad called me the other saying the computer was giving virus warnings, if i new about this tool then and with my limited knowledge of malware analysis. I get a more in-depth look at what was going on. All i had was event logs and netuser and avast static's. Which didn't accomplish much, i didn't really know what i was doing to be honest.
-
Zane, next time use PM to send sensitive files, here any one can see quit a lot of information that they can use to build a picture on exploiting you. Why do you have hard drive's called ebola and aids ?
This tool look's like a really good, the amount of information it give about a system is amazingly detailed tool. My dad called me the other saying the computer was giving virus warnings, if i new about this tool then and with my limited knowledge of malware analysis. I get a more in-depth look at what was going on. All i had was event logs and netuser and avast static's. Which didn't accomplish much, i didn't really know what i was doing to be honest.
Thanks for the heads-up, m8.
The rootkit scan is clean too, which is great.
Java 8 Update 45 --> this version is vulnerable. Update it: https://java.com/en/download/ (https://java.com/en/download/)
And if you want to remove the Anchorfree VPN copy and paste the following lines from the code box below and save as fixlist.txt <-- the name is important!
start
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.)
C:\Windows\System32\DRIVERS\taphss6.sys
EmptyTemp:
end
It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work.
Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST64.exe and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log in the same folder (Fixlog.txt). Post the contents here.
Here's the file, with a tad bit of editing. ;)
Staff note: Do not double post. Use the modify button if you have more to add.
-
@Deque - I apologize for the overreaction; I was tired, and in pain, not trying to make an excuse, just saying. As for continuing; that's on you, if you would like to, sure... Though to be honest; if I'm really gonna explain why I called you a skid; that I would rather just be to you. But that has nothing to do with any "heat" I have here; actually it's entirely legal heat I have to worry about.
@0E800 - It's microshit; what isn't a skid tool?
@default - If you go into to the services; on top of looking at the Windows Defender; a couple other things to alter with that...
IP Helper - Disable
IPSec Policy Agent - Disable
Netlogon - Disable
Remote Access Auto Connection Manager & Connection Manager - Disable
Remote Registry - Disable
Server - Disable or Manual
Secondary Login - Manual
Terminal Services - Disable
Terminal Services Management - Disable
TCP/IP NetBIOS Helper - Disable
Windows Media Player Network Sharing - Disable
Windows Remote Management - Disable
Windows Event Collector & Log - Automatic
Workstation - Manual
@everyone else - It's a good thing you don't trust me; I was trained to lie, I tell the truth cause I can't stand pretending. Problem is, the truth is unbelievable. Mark Twain - "Fiction is often more real then truth; cause fiction has to make sense". Hell, I was crackin biometrics in the late 90s; I was dickin around in 10gigabit ethernet networks, years before gigabit ethernet become public domain. I may be a washed up has been; but everything you see in today's technology, either came from, or started in those days... Y'all new agers, seriously need a little lesson in Old School... Read this http://phrack.org/issues/7/3.html
-
@everyone else - It's a good thing you don't trust me; I was trained to lie
Holy shit, don't cut yourself on that edge.
But thanks for the link.
-
EmptyTemp: => 18.4 GB temporary data Removed. <--- (HOLY SHIT LOL)
;D
Ok, are there any outstanding issues or any questions? Otherwise we are done now.
DelFix
- Download DelFix from here http://www.bleepingcomputer.com/download/delfix/
- Run the program via right-click as administrator.
- Place a checkmark next to the following items:
- Remove disinfection tools
- Click the Run button.
@BurnTheWicked I accept your apology. At least for me there is no need to discuss anything. If you feel the need, you can PM me or whatever you like.
-
;D
Ok, are there any outstanding issues or any questions? Otherwise we are done now.
DelFix
- Download DelFix from here http://www.bleepingcomputer.com/download/delfix/
- Run the program via right-click as administrator.
- Place a checkmark next to the following items:
- Remove disinfection tools
- Click the Run button.
@BurnTheWicked I accept your apology. At least for me there is no need to discuss anything. If you feel the need, you can PM me or whatever you like.
Nah, I'm good. Thank you so much for all the help you provided, that was awesome.
Now if only Steam could get me my fucking account back now.
-
I keep my fingers crossed that they do. :)
-
I keep my fingers crossed that they do. :)
;D