I'm from Garuda and my account was hacked on May 30th. My boyfriend was hacked on the same day. 2 of my linkshell mates were hacked the next day. The reason I'm posting on Seraph is because my boyfriend's account was moved to your server. His in game name is Tuffguy. He is a 75 nin and a 75 rng. He has 98+2 fishing (all done the hard way over 3 years) and 100+3 woodworking. Based on your AH history, his character is being used to buy things in order to be a fishing bot in SSG. If anyone sees Tuffguy online, please be aware that it is a hacked account being used by RMT. If you can have him jailed for it, please do so. POL's phone number has been busy for 2 hours. Their live chat has not responded for the same amount of time. We did contact POL as soon as we discovered this thievery. He was told his account would be locked. It wasn't. He contacted a GM through a friend on May 31st and was once again told his account would be locked. It wasn't. I just called a GM again from my friend's account and he told me there was nothing he could do. We are at a loss. I'm sorry his account is being used for RMT gain on your server. The ISP number that hacked my computer is 22.214.171.124. It is located in Beijing, China. The trojans that we know of that are being used to do this are:
in3.dll (note if you find a program with a long name on this program it is a plugin3.dll and safe)
To anyone who uses a computer and has not been hacked yet, please check your computer for these programs.
I use Firefox, MaxRegistry Cleaner, TrojanHunter, and Norton. None of these programs were able to detect these intrusions.
To find and remove any of these files go to Start Menu > Run > type in "regedit" and click OK > Highlight My Computer > click on edit > click on find > type in FakeAV.100. Repeat these steps for all of the above programs and delete all that you find immediately and rest your POL password right away.
Note: it was my computer that was compromised and not my boyfriend's. He logged onto my computer for all of 2 minutes to switch his macros over to his and they still got him.
Be safe and good luck to everyone.
edit: I forgot another important piece of information. You should also search your entire registry for these programs. To do this follow these instructions:
Start Menu > Search > All Files and Folders > Advanced Options > search system folders, hidden folders, subfolders > type in the search field: FakeAV.100. Delete it right away if it is there. Once again, repeat all of these steps for all above malicious files.
It has been discovered that Adobe Flash Player was compromised. The older version will put the file smart.dll on your computer. I recommend updating Flash Player asap and use the above steps once again. You can update Flash Player here : http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash&ogn=EN_US-gntray_dl_getflashplayer
I know this seems like a lot of work, and I'm sorry I didn't add the rest of this information sooner. From the horrible experiences that so many people are going through by losing their accounts, it's worth a little trouble to not become one of the many unfortunate victims. Edited, Jun 4th 2008 1:18pm by Bouncybouncy