My Account is goneFollow

Hey guys, just a heads up, my account has been stolen and the password has been changed. I am trying to sort things out with SE today but in the meantime please not that it is not me playing my character.

I'm from Garuda and my account was hacked on May 30th. My boyfriend was hacked on the same day. 2 of my linkshell mates were hacked the next day. The reason I'm posting on Seraph is because my boyfriend's account was moved to your server. His in game name is Tuffguy. He is a 75 nin and a 75 rng. He has 98+2 fishing (all done the hard way over 3 years) and 100+3 woodworking. Based on your AH history, his character is being used to buy things in order to be a fishing bot in SSG. If anyone sees Tuffguy online, please be aware that it is a hacked account being used by RMT. If you can have him jailed for it, please do so. POL's phone number has been busy for 2 hours. Their live chat has not responded for the same amount of time. We did contact POL as soon as we discovered this thievery. He was told his account would be locked. It wasn't. He contacted a GM through a friend on May 31st and was once again told his account would be locked. It wasn't. I just called a GM again from my friend's account and he told me there was nothing he could do. We are at a loss. I'm sorry his account is being used for RMT gain on your server. The ISP number that hacked my computer is 125.46.104.172. It is located in Beijing, China. The trojans that we know of that are being used to do this are:
FakeAV.100
smart.dll
rsbo.exe
kb1ss1p.dll
kb1ssp.sys
in3.dll (note if you find a program with a long name on this program it is a plugin3.dll and safe)

To anyone who uses a computer and has not been hacked yet, please check your computer for these programs.

I use Firefox, MaxRegistry Cleaner, TrojanHunter, and Norton. None of these programs were able to detect these intrusions.

To find and remove any of these files go to Start Menu > Run > type in "regedit" and click OK > Highlight My Computer > click on edit > click on find > type in FakeAV.100. Repeat these steps for all of the above programs and delete all that you find immediately and rest your POL password right away.

Note: it was my computer that was compromised and not my boyfriend's. He logged onto my computer for all of 2 minutes to switch his macros over to his and they still got him.

Be safe and good luck to everyone.

edit: I forgot another important piece of information. You should also search your entire registry for these programs. To do this follow these instructions:

Start Menu > Search > All Files and Folders > Advanced Options > search system folders, hidden folders, subfolders > type in the search field: FakeAV.100. Delete it right away if it is there. Once again, repeat all of these steps for all above malicious files.

It has been discovered that Adobe Flash Player was compromised. The older version will put the file smart.dll on your computer. I recommend updating Flash Player asap and use the above steps once again. You can update Flash Player here :

http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash&ogn=EN_US-gntray_dl_getflashplayer

I know this seems like a lot of work, and I'm sorry I didn't add the rest of this information sooner. From the horrible experiences that so many people are going through by losing their accounts, it's worth a little trouble to not become one of the many unfortunate victims.


Edited, Jun 4th 2008 1:18pm by Bouncybouncy

BTW I wish you the best of luck with your account. I didn't mean anything negative towards you. I'm just so sick and tired of being lied to by POL and the useless GM's that are supposed to be there to help us.

just got access to my account, everything is gone, just as expected so unless GMs get me most of the gear back this is gonna be goodbye ffxi

Thank you for the support guys, I was sure I am not the only one who went or is going through this. My cousins account is gone as well, the same day as mine. He for fortunate to have his frozen before his info was changed. I was not as lucky. Since all my information on the account has been replaced, I am currently going through the "Compromised Account" scenario. Being that I am out of the country at the moment you can only imagine what a pain that is. Apparently I have to provide a notarized letter from a US notary that I am who I say I am. Well in any case time will tell. I will keep you guys posted when and if I am back. In the meantime I believe I was able to get my account frozen from the hands of RMT. Thank you again for the support everyone.

Just to add to Tuff's post about the notarized form: We are sending it certified, overnight mail. This will give us a confirmation and tracking number and will require a signature upon delivery. This way SE cannot claim they never received the form.

We've also read on some forums that even people who sent in the notarized form, have all their original registration forms, and can verify the first and last four numbers of the credit card they were using are being told SE cannot verify the account was theirs. If this is the case, then SE has committed credit card fraud by charging your credit card for however many years you've played. In Tuff's case of four and a half years of playing, that amounts to over $900 charged to him with all the mules he had. Since SE has a headquarters in California, they are bound by American law and this is a Federal offense. Sue the bastards! That's what we will do.

edited due to fast typing and poor spelling :P

Edited, Jun 4th 2008 1:36pm by Bouncybouncy

funny, cause allison was on that server and switched to seraph as well.
She got a nice lu shang rod to, which never belonged to her.
However, Its not escaflownes, or crookedsparkles. I do not know where she stole the rod from. no, no, Maybe I know now.........

I'm new to these forums, but not at all new to the recent hacking b.s.

On 6/2 about 7:30am CST I was on Lakshmi, leveling my 58 drg a little before work. I get the screen about my account being accessed from another terminal, but I have to get to work so I'll deal with it in the afternoon. Yeah... well as you all know, couldn't get through to the 800 #. Logged in with my separate account and couldn't find my character online. Finally spent 2 hours waiting in LiveChat and got an SE rep who reset my passwords. I log in and find out I lost almost all my drg gear except my AF and all the gear I had for my 75 thf except for AF again and other rare/ex items. I was moved to Fenrir and my character name was changed. All said my gil/item loss was almost a mil~at least by Fenrir AH prices.

Spent all day 6/3 trying to get through to the 800# again to get the transfer fee suspended since I didn't authorize it. After being on hold for 2 hours I was told that they couldn't do anything (even though they take care of the billing portion~go figure)I'd have to contact a GM in game.

On 6/4 I waited 2 hours and got a GM that just referred me to the page about the data recovery service. Told me to come back and let a GM know if I really wanted to pursue that path.

6/5&6 Waited for a GM for 2 hours and 4 hours respectively with no luck.

6/7 Waited 3 hours for a GM to take my call, decided I wanted to take a shower. They responded when I was AFK. Made another call and waited 4 more hours and I got a GM. "You'll have to call the 800# for the charges on the unauthorized transfer..." and all the hurdles and hoops you have to pass to get them to agree to investigate your account. So, now it's been 7 days and maybe I'll get an answer to whether I get anything restored or not.

My biggest concern of all is farming for gil again with my thf. Last Nov when my original character was hacked and I got it back I took time to farm a coffer key in Crawlers when I was reported by other players that came along after I'd been there 2 hours and I was charged as stealing mobs (only 4 of them over and over) and my account was banned. Even when I explained what was going on all I got was "Sorry, you did nothing wrong but we can't open your account again. Oh, and by the way you have to go buy another startup disc, and your credit card is banned for now too." At that time I was a 75 bst, 60 war, 54 whm, 50 sam/pld/drk/smn/blm/nin, 30 blu, 25 brd/rng/mnk/thf/rdm/cor/drg/pup.

My first intention was just to warn you all, or anyone else that looks at this thread that if you're hacked you will probably get a whole new name and a new server for your character.

I want my account back...SE better be e-mailing me very soon.