Lately, the amount of account theft petitions has risen somewhat. If you are sharing your account, stop it. I don't care why, just stop it. It's usually impossible to restore you to the way you were before. No matter what I do, you're going to be worse off than when you started, at best. The process also takes a very long time.

There is a P99/Eqemulator targetted trojan floating around. It may be on a related website, in someone's sig, or part of a third party program distro you shouldn't be using anyway. Be wary of 'undetectable' or other grandiose claims.

These only account for a very small amount of the petitions. Most of these are the fault of the user. No matter how much you think you can trust someone else with your account, unless you can easily come within range to physically assault that person and succeed, you can't trust them.

This applies to everyone on the server. Get this done this weekend. There is no cause for alarm, but listen to me when I'm telling you that you'd rather be preventing the situation for 15 minutes than fixing it for 2 weeks+.

DO: Run an antivirus. If you really don't have one, beep me in irc and I'll get you a link to a good one. If you do turn up a trojan, get the file's created/modified date and timestamp from its properties. Then go into your browser and paste me your browsing history for that day so I can pinpoint its origin.
DO: Stop sharing your accounts with your guildmates and "friends". Right now. 9 out of 10 of the petitions that I see are people that just can't believe their "friend" would do that to them.
DO: Be absolutely honest from the start. Withholding information or bending the truth so it looks like you were innocent just wastes both of our time. I'll just figure it out anway, and if you aren't truthful with me from the start, I'm not going to invest the extra time to fix it.
DON'T: Assume that you are safe because you haven't been hacked. The related IPs have logged into a number accounts that haven't been touched yet. I've attempted to contact some of these people but we don't keep contact information for people outside of the game.
DON'T: Change your password without running an antivirus. These aren't being brute forced or guessed. They're logging right in on their first attempt.

I'll answer any questions pertaining to this, but any unrelated comments will be deleted. This thread needs to stay on topic and relevant so people can get the information they need without sifting through a bunch of crap.

Can you just post the links to your recommended antivirus for anyone who might be curious?

For a free one, I use Malwarebytes (http://www.malwarebytes.org) and would recommend it.

Malwarebytes is a good one, it's also what I've given to the people with the trojans, and it has detected it. Kaspersky is fine as well. The AV you use doesn't matter as much as whether your definitions are up to date or not. You can search online for comparisons of antivirus programs.

I use Kapersky antivirus. How do you rate it?

I use the free version of avast which is constantly up to date and I run malwarebytes from time to time.

is avast decent for a free antivirus?

Trend Micro Housecall is a good BROWSER based virus scanner that is updated as frequently, if not more, than the program based scanner/removals available for premium rates. This one is absolutely free.

That program coupled with Malwarebytes has protected my system for years and years with absolutely no issues.

Microsoft Essentials
Malwarebytes
SUPERantispyware
Spyware Blaster
Spybot Search& Destroy

Yes, I use them all and keep them all up to date. Also I use Firefox 5.0 with the following Add-ons:

Ghostery 2.5.3
Better Privacy 1.51
Adblock Plus 1.3.9
Adblock Plus Pop-up Add-on 0.2.7

After installing the Firefox Add-on's above, my Anti Spyware programs have had nothing to find for 3 weeks now... not so much as a single tracking cookie.

I've used Avast Home Free for years and have nothing but good results. You must re-register the program every year, but it's not necessary to use real contact information. Very light on the system. Auto-updates and a silent mode are available that prevents the popup notifications and alert sounds. It has detected every potential virus and I use it to scan client's drives for virii. The newest version has a firefox plugin that displays website ranking/safety.

Avast combined with Spybot Search & Destroy's feature: immunize, are a great combo.

And as Darkwulf mentioned, Firefox with Adblock plus is a great way to preemptively stop misleading or infectious advertisements from appearing on teh interwebs.

hows Norton?

Personally I hate Norton. Whether or not it finds stuff, it rapes your system to do it. I did tech-related stuff for a small period of time and Norton caused more headaches than it solved. I'm an AVG man myself. When I installed it, it was the hip free AV program to have. Not sure if that's still the case.

Good post, Uth.

I've been running just Microsoft Security Essentials on my main machine. Is it worth the time to run scans with anti-spyware software as well?

Another no brainer: DO NOT USE INTERNET EXPLORER.

I have antivir + malwarebytes running, should i only run one?

Only run one anti-virus program and one spy/malware scanner program on your computer at the same time. Several programs of the same type tend to conflict and might prevent eachother from functioning properly. Google for "good free computer protection packages" and similar phrases and you can probably find a place where someone has bundled the best free programs and made sure they work well together. If you simply install Avast, AVG, Norton and Kaspersky, you're most likely just getting them all tangled up.

Malwarebytes is good and tends to work with any actual anti-virus program. Norton is fine at catching stuff but it isn't very nice to your computer. AntiVir is alright, but the almost-always-true rule is that you're much better off paying for a product than going with the free ones.

If you're going to purchase an Anti-virus/Anti-Spyware program (which everyone really should do) then get Webroot Anti-virus with Ant-Spyware. I have been using this product for 5 years now, nothing gets thru it and it is light-weight and non-intrusive!

Microsoft Essentials
Malwarebytes
SUPERantispyware
Spyware Blaster
Spybot Search& Destroy

Yes, I use them all and keep them all up to date. Also I use Firefox 5.0 with the following Add-ons:

Ghostery 2.5.3
Better Privacy 1.51
Adblock Plus 1.3.9
Adblock Plus Pop-up Add-on 0.2.7

After installing the Firefox Add-on's above, my Anti Spyware programs have had nothing to find for 3 weeks now... not so much as a single tracking cookie.

The Men In Black are still coming for you. You can run, little rabbit.... heh heh heh.

Microsoft's AV is fine. Any free AV is fine, really. Just don't use IE, be careful on warez and pr0n sites, and don't fall for those stupid phishing scams.

PM Detected: PDM.Keylogger kernel mode memory patch Action selected by user EQGAME.EXE

downloaded this client awhile ago never had any missing stuff yet..?

PM Detected: PDM.Keylogger kernel mode memory patch Action selected by user EQGAME.EXE

downloaded this client awhile ago never had any missing stuff yet..?

http://search.yahoo.com/search?fr=msgr-buddy&ei=UTF-8&p=pdm%2Ekeylogger

PDM Keylogger is a fake threat generated by the Data Protection rogue "anti-virus" program.

Best Answer: No i don't think you should be worried as its Kaspersky being over protective and there are many quetions about this subject in their own forum.

Anyway, I am not sure what PDM Keylogger is, but I do know that NO OTHER anti-virus software has detected this except Kaspersky 2010 (Kaspersky 2009 doesn't detect it either); so it is possible that it is a false report.

Nevertheless, I suggest you to use your Kaspersky to quarantine what it says to be the PDM keylogger (quarantine, NOT delete or remove). Then if you find that it is truly a false report, you can restore it.

I use AVG 2011 for daily scans
(AVG just fooked up last month or two, when they released previous paid for services.. the program would hog the processor, the identity protection was makin so you could hardly surf)
but i just re-installed that a few days ago, after reading that those issues were resolved and so far its working fine.

I also use Malwarebytes for weekly scans+CCleaner

has anybody used/tried System Mechanic?

So is malwarebytes anti virus, anti spyware or both? I use it and adaware together. Adaware finds alot of spyware if I use internet explorer, but malwarebytes seems to ignore those(like doubleclick).

Another thing to consider doing to further protect your system is to "blackhole" traffic which you want to avoid. I do this via the hosts file. It's a very simple thing to do and can save your system when it can't access known spyware, tracking, etc. sites. Here's a link to the site which I use to get the file from They update the hosts file regularly.
Hosts File Site (http://winhelp2002.mvps.org/hosts.htm)

So is malwarebytes anti virus, anti spyware or both

It's just an anti spyware, so don't use it as antivirus. Try Microsoft Security Essentials, Avast or Avira

I've been running just Microsoft Security Essentials on my main machine. Is it worth the time to run scans with anti-spyware software as well?

Yes, it is worth

While we're at it, I thought I'd offer some additional advice.
1) UPDATE all of your software on your computer. This means the stuff other than the Microsoft software. Typical vectors which are used include Adobe software such as flash and reader, java, etc. With the flash vulnerabilities, you can infect your computer by just visiting a website which has the malicious code in it. This can include visiting trusted websites as they often serve up ad images from ad servers and some of these images have been infected with the code which in turn can compromise your computer.
2) Avoid running your computer as a user with admin rights. Difficult to do with Windows but worth it.
3) Never click on links in emails (ever).
4) Install plugins in your web browsers such as those mentioned
5) Avoid using Internet Explorer. It's much more tightly integrated into the operating system than third party browsers and is often a target for compromising systems.

While we're at it, I thought I'd offer some additional advice.
1) UPDATE all of your software on your computer. This means the stuff other than the Microsoft software. Typical vectors which are used include Adobe software such as flash and reader, java, etc. With the flash vulnerabilities, you can infect your computer by just visiting a website which has the malicious code in it. This can include visiting trusted websites as they often serve up ad images from ad servers and some of these images have been infected with the code which in turn can compromise your computer.

To achieve this you can use the following application (Secunia PSI (http://secunia.com/vulnerability_scanning/personal/))

2) Avoid running your computer as a user with admin rights. Difficult to do with Windows but worth it.

It's the same difficult in Windows, Unix, Linux or MAC. It's just a question of not loggin on computer as Administrator, not a problem of the OS

5) Avoid using Internet Explorer. It's much more tightly integrated into the operating system than third party browsers and is often a target for compromising systems.

Yeah avoid using Internet Explorer 6 or 7 like Firefox 2. You can perfectly use IE8/9 without any problem.

I would like to throw in my two cents.


In addition to getting a good scanner, use Firefox and get the NoScript addon. I will warn that NoScript does become somewhat annoying when you visit sites for the first time, since it literally blocks all scripts. Your first visits to sites like YouTube will require you to add both youtube.com and ytimg.com to the exception list (which is as easy as clicking the NoScript icon and saying "Allow <insert address here>").

For me, the security benefits of NoScript far outweigh the minor inconveniences (many sites work fine with all scripting disabled), and I haven't had a single piece of adware or malware on my system since I started using it.

One thing thats been helpful to me as well is to use opendns.org for my nameservers. They block many malicious websites dns lookups. You could still run into hacks etc that they dont block (eg: stuff thats specifically targetted to p1999 perhaps) - but for the most part they block all the big stuff.

Its especially great for kids etc who you dont want to stumble on to pr0n

Its especially great for kids etc who you dont want to stumble on to pr0n


Meh that just saves me awkward talks later.

Some things that haven't been mentioned yet. Be extra wary of public computers. God knows what the idiot before you did. This includes family computers used my multiple people. This is especially true if they also play on the server and the infection vector is something associated with community resources or otherwise aimed at p99. As an example, my wife uses the computer I'm on now. She tends to download any and everything that even mildly sparks her interest. That makes the computer she uses for that a very poor choice for playing. Scanning BEFORE logging into ANYthing is something I've done since we started sharing computers and i ran my first weekly scan.

Also any community resources or sites that ask for permission to do things to your computer should be told no. Wiki's and guide sights should not need permission to run scripts on your computer, if they ever do that's a huge red flag to gtfo that site. As real as silent install or sploit install malware and virsus threats are, far more often I see people who clicked yes to "Prz let our script faceroll your computer". Just like in real life, if they're asking for trust they shouldn't need to fulfill your interactive needs DON'T give it to them. Would you give your credit card to a stranger to prove you're not a robot / 18? Then why would you do that online? A good test is to mentally put "have credit card" wherever the action they're requesting is. If that makes you uncomfortable, click no.

I like ClamAV.

Comodo has pretty much everything I could ask for in a security suite package and I didn't have to pay a dime for it.

Easiest thing to be a little safer:
Close your internet browser before logging into EQ.

Something that I didn't see noticed, and for most people it is common sense, but don't use your account name and password on other systems as well. for example if my game account is user-name: L33tGamer and a password of: R0xxorzB0xxorz, then I shouldn't use that same user-name and password on this website, or any website.

where the heck do i go to change my password?

http://www.eqemulator.org/

Log in with your eq emu account.

Click the login server accounts link on the left side. Click the change LS server password link.

are you talking about eqemulater server accounts or p99 accounts? shortly after I got my bard corpse recovered on p99 I'm unable to log into that server account to even play on any other servers.

Hello there, My account with the character Vashti Bunyan (Druid level 49) and the monk Whisper ( Monk level 40 ) Were banned recently for alleged two boxing.
I have my account information on a small notepad on my desk at home. To my surprise, my brothers friend took down the information. ( says my brother ) and later used my character to port him and his friends. I believe this is what resulted in my ban and this has broken my heart.. I love everquest, I love project 1999 and I love to do everything in my power to enhance the servers experience. If you could please consider my appeal.. I've tried my best to get my characters the reputation, and the belongings they have. ( I will also kick the little shit out of my house, and put up my account information.. ) I had no idea any of his friends played here.

Thank you.

-Native

You guys are too nice, if they chance it and get screwed should be there problem not ya'lls.

Hello there, My account with the character Vashti Bunyan (Druid level 49) and the monk Whisper ( Monk level 40 ) Were banned recently for alleged two boxing.
I have my account information on a small notepad on my desk at home. To my surprise, my brothers friend took down the information. ( says my brother ) and later used my character to port him and his friends. I believe this is what resulted in my ban and this has broken my heart.. I love everquest, I love project 1999 and I love to do everything in my power to enhance the servers experience. If you could please consider my appeal.. I've tried my best to get my characters the reputation, and the belongings they have. ( I will also kick the little shit out of my house, and put up my account information.. ) I had no idea any of his friends played here.

Thank you.

-Native

Oh damn, I haven't heard a legit 'my brother did it' excuse in YEARS!

It just struck me that there could easily be a keylogger in a Titanium torrent. That'd be a good place to look. I'm sure most players acquire their Titanium that way, and it'd be a piece of cake for some shithead to put up a tempting torrent for hundreds of people to download and then steal an account every now and then. I have the discs and I never had any problems.

Can I get some help with an account that was eaten a while back? Password changed on EMU and P99; everything. Petitioned it, they banned the account but said they couldn't do anything else...

ditto