I got keylogged/hacked again….
July 26th, 2016
Maybe it was a program i downloaded from that contained a keylogger or trojan or w/e, that caused me to get hacked.
Well, i got both my accounts back and did a reformat of my PC, i have installed Keyscrambler and used some extra security Firefox addons, as well as installing anti-spyware programs.
Everything seemed to be safe and fine after that, but today i found out i got hacked YET AGAIN. I’m really annoyed and smiling at this because i know i didn’t download and install any malicious programs, or go to any websites that required me to login, even if i did, i use AI Roboform and my passwords etc are all encrypted by Keyscrambler, so that’s not the case. I don’t believe it’s viruses either since i did a scan with NOD32, Ad Aware, Spybot Search & Destroy etc and found no viruses.
I also use Sandboxie so that any programs i install won’t be directly installed to my hardrive, in case there is a virus then i can just remove it with Sandboxie.
So now i have a couple of very important questions that i hope some of you can help me with, in fact if you do help me out with this, i will be sharing my RS premium, since it’s almost expired and i plan on getting a new one and hope that it won’t be stolen again.
Anyway here’re my questions:
1. Is it possible for someone to hack the RS security code without hacking the email that is paired with your RS premium? Because to unlock the security code, they will send the code to your email that you use with RS premium, which means you have to hack the email first to get the code, and then unlock it. This is what happened the first time i got hacked, my Gmail was hacked and the password was changed.
The reason i ask this is, this time, only my Rapidshare is hacked, my email accounts are still fine. Unless the guy who hacked me deliberately left my email account untouched……
2. What security programs or Firefox addons are a must have to install to prevent credentials etc from getting hacked or stolen??
3. I tried to asked Gmail & RS support to give me the email of the person who hacked me in hopes of contacting with him and sort this out, and try to find out how he hacked me, but they won’t give me his email due to their “POLICY”, which is stupid since what he did was wrong in the first place. Is there a way for me to get this guy’s email? I doubt there is actually any solutions for this.
4. Is it possible for a keylogger or anything to remain installed on your hardrive even if you do a reformat?
1. Is it possible for someone to hack the RS security code without hacking the email that is paired with your RS premium? Because to unlock the security code, they will send the code to your email that you use with RS premium, which means you have to hack the email first to get the code, and then unlock it. This is what happened the first time i got hacked, my Gmail was hacked and the password was changed. Yes, if someone has your password, they definitely have your email.
2. What security programs or Firefox addons are a must have to install to prevent credentials etc from getting hacked or stolen?? Noscript & Adblockplus is all you need. Noscript for example if you by accident click a keylog link, the keylog script won’t execute because noscript blocks every script until you allow them. And Adblock just blocks ads
3. I tried to asked Gmail & RS support to give me the email of the person who hacked me in hopes of contacting with him and sort this out, and try to find out how he hacked me, but they won’t give me his email due to their “POLICY”, which is stupid since what he did was wrong in the first place. Is there a way for me to get this guy’s email? I doubt there is actually any solutions for this.
We aren’t allowed, or don’t influence the hacking of others here at WBB. So I unfortunately can’t assist you there.
4. Is it possible for a keylogger or anything to remain installed on your hardrive even if you do a reformat?
No. The only possible way of getting hacked over & over again after reformats is if the hacker is using one of your ports to execute the keylogger. But I doubt that’s the issue.
thanks for your reply. I missed some details so i’ll post it here, the first time i got hacked, he hacked both my Gmail and RS premium. After i got everything back and sorted, and reformat my PC etc, i changed all my email passwords and changed my primary email for Rapidshare, so now i use AOL instead of Gmail. I have multiple email accounts and i use AOL because it’s the account i use as a backup, so in case it gets hacked, i can still use my other email accounts.
The thing is, my AOL account wasn’t hacked, or at least it doesn’t seem like it, since the first time my Gmail password got changed and even the names and addresses. But this time, my AOL password still remained the same……
As for addons for Firefox, i’m already using those you mentioned.
And no i’m not asking for help on how to hack others, i’m merely asking for a way to get in contact with the guy, so i can find out how he did it and be more cautious, and try to reason with him.
and could you elaborate on what the ports thing to execute the keylogger is??
I’m going to try and do a complete reformat of my hardrive, and by complete i mean using Darik’s Boot and Nuke and File Shredders to complete delete everything so that not even recovery programs can recover partitions etc. But i still need some more advice coz i knew this would happen a 2nd time since the first time i got hacked, and i was right, i had a built a good security defense and yet got keylogged somehow. I’m not sure if this is really the case, but it’s annoying me and making me feel insecure about using my laptop.
Are there other anti-spyware or antivirus programs or firewalls anyone recommends?? I’m also using Outpost Firewall Pro 2009 and MalwareBytes Antispyware.
Also, are there any password encryption addons for Firefox?
bump. Please someone give me some extra advice before i reformat, i need help urgently.
Also, can anyone recommend a good program that encrypts/masks/hide or protects your IP address? All the ones i’ve found either contain viruses or false serial keys or just plain don’t work. If you could give me the topic that actually works, that’ll be even better.
Please don't double-post, use the edit button instead. Members are allowed to double or triple post only if their previous post has exceeded the maximum characters limit.
Kindly visit our rules:
www..org/rules
Also, can anyone recommend a good program that encrypts/masks/hide or protects your IP address?
Use a free vpn.
www.itshidden.com
Are there other anti-spyware or antivirus programs or firewalls anyone recommends?
Read this tutorial
http://www.google.com?p=23831937#23831937
whats afree vpn and how can it help? please exlpain to us!
HotSpotShield
http://anchorfree.com/downloads/hotspot-shield/
1. Is it possible for someone to hack the RS security code without hacking the email that is paired with your RS premium? Because to unlock the security code, they will send the code to your email that you use with RS premium, which means you have to hack the email first to get the code, and then unlock it. This is what happened the first time i got hacked, my Gmail was hacked and the password was changed.
The reason i ask this is, this time, only my Rapidshare is hacked, my email accounts are still fine. Unless the guy who hacked me deliberately left my email account untouched......
Nope, To unlock it , he needs email password.
Most probably he left it unchanged.
2. What security programs or Firefox addons are a must have to install to prevent credentials etc from getting hacked or stolen??
KeyScramble is best.Avoid storing passwords in roboform or firefox, if u want to keep ur passwords real safe.
3. I tried to asked Gmail & RS support to give me the email of the person who hacked me in hopes of contacting with him and sort this out, and try to find out how he hacked me, but they won't give me his email due to their "POLICY", which is stupid since what he did was wrong in the first place. Is there a way for me to get this guy's email? I doubt there is actually any solutions for this.
Check it in gmail, the IP addresses of last logins? and view the log in Rapidshare?
They probably ll b in same range.[ex: 66.45.189.xxx]
If they are exact same IPs , then he probably has static IP.[we ll *assume* that he used keylogger.which means u probably downloaded some crap]
4. Is it possible for a keylogger or anything to remain installed on your hardrive even if you do a reformat?
Absolutely NO.
so now i use AOL instead of Gmail. I have multiple email accounts and i use AOL because it's the account i use as a backup, so in case it gets hacked, i can still use my other email accounts.
Gmail is the best.signup for adsense.simply make blog.blah -blah.
Main objective here is to give them ur address[verification for adsense].and verify ur phone number,
there is no way some1 ll get away with it.
could you elaborate on what the ports thing to execute the keylogger is??
Its real hard.there s no way, this is the case.
4. Is it possible for a keylogger or anything to remain installed on your hardrive even if you do a reformat?
Im going to answer this question again
Maybe he s ARP poisoning.
however u said u use only gmail, youtube [which are safe coz it uses https-all login credentials are sent encrypted] .
but wbb dosen’t use https.[Then he should hav used ur wbb acc first ] do u use same id n’ pass everywhere?
I'm going to try and do a complete reformat of my hardrive,
Ok im gonna ask u this lame Q ! do u use softwares from your backup?[which was infected already?]
@, ya i use pretty much the same login infos everywhere, same username etc for every forums. I’m changing them now however, but yes that was the case.
But what’s the gotta do with my wbb account?? It’s not related to my RS or Gmail, since the first time i got hacked, i changed the pass for all my email accounts……
and yes i do backup my drivers etc so that’s probably why, i still don’t know which one has the infected though since they’re either keygens or patches and Avast or Nod32 don’t detect any of them as viruses.
I also use Sandboxie to install all the apps there be4 i install on my system, and i use Deep Freeze as well, but somehow he still keylogged me….
some one could have just guessed your email password or got the security questions right
some one could have just guessed your email password or got the security questions right
that’s like winning lotto. No way he could’ve got bought correct.
keyloggers are tricky to find, if not almost impossible. i’d just suggest reformatting, changing all your passwords after the reformat, using keyscrambler/noscript/adblockplus for firefox, and stay careful.
and bout your ports question, i’m not sure. usually your anti virus would tell you if your ports were being accessed remotely.
ok this is REALLY weird, i just called RS support and they said my account got hacked and the password was changed on the 24th December 2009 last year, which makes sense since like i said, i did get hacked about 3 weeks ago, and later on got everything sorted on the following day, until i got hacked a second time yesterday.
The thing is, they said the account username & password is still the same, and that the email wasn’t changed either, so something is definitely weird here. What’s more weird is, the email address is actually slightly different, it’s missing the numbers “500”, e.g. if my email was example500@gmail.com, the email address registered with rapidshare is example@gmail.com instead…..
also, it seems there’re 5 different IPs that used my RS account, so something is definitely weird here…….
anyway i did a reformat, in fact i used DBan & Killdisk to fully reformat my hardrive, and have now begun to install apps through Sandboxie from scratch so i can track down the ones that might have contained the keyloggers…..
edit:
ok it seems i wasn’t hacked only from yesterday, i was hacked again on Jan 7th, i checked the IP log and that ~ censored ~ downloaded tons with my RS account, i had 100GB of TrafficShare (you have to spend extra to buy it) and now i’m down to like 3GB left, i guess he changed the password yesterday only because there isn’t enough TrafficShare so he wanted to use it all up, like fully dry until there is nothing left, that’s why he changed the pass so he could use the last final leftover of bandwidth for himself…….
Ok first, i recommend using Kaspersky.
and yes there is actually ways that a virus can stay in ur pc, but thats if it copied it self into the BIO’s which is pretty much not this case. But it can.
and when you said hacked, you mean pass changed, traffic used…?
so first time ur RS and EMAIL got passes changed and u obtained them and now they got changed again or just traffic used?
and paste the IP’s here. (u can block urs with * if u want)
and are you on wifi?
what windows?
have you used and rs2rs or rapidleech sites?
You need a Software Firewall for a start. If you use Keyscrambler then keylogging is highly unlikely. It is more likely that your passwords are being stolen which shouldn’t happen if you have stopped using your browser to store your passwords as you do say that you are using Roboform. That is unless they are taking your cookies which can also be used to access accounts.
My bet is that you are using some infected software and it could be Roboform. Sandboxie will only prevent system infection but it won’t stop them sending out passwords unless the Sandbox is denied internet access, see the sandbox settings. I suspect that you are relying on your AV to tell you it’s clean and your AV is missing the infections. Trust nothing unless it has a Digital Signature! Run Keygens and patches in a Sandbox with no Admin or internet rights! Then remove the patched exe’s from the Sandbox. They could still be infected but it prevents the patch or keygen from stealing passwords and cookies. Testing things using a multi virus scanning site such as VirusTotal is better than relying on one AV.
http://www.matousec.com/projects/proactive-security-challenge/results.php
I wouldn’t use KIS, the Anti Virus isn’t good enough IMO. Avira make a much better AV but it is a bit too twitchy in a environment when set to maximum security so it really cannot be used for real time scanning of files, except for times when you are doing something that needs the highest security. I didn’t like Comodo but it has strong security so would be okay if you like it.
Remember to delete your RS unlock code from your email and make sure it is totally deleted!
Be sure the RS links that you try to download are really RS links and not some disguised phishing links. They are banned but people might still try it.
For Firefox I would recommend requestpolicy and noscript as the best combination but it will take some training before being really usable so make sure you save the settings if you re-install windows.
Keepass is one of the best password managers and when used with KeeFox, it can automate logins, none of the messing around that used to be needed. But you will have to make sure that you allow Keepass and Firefox to access what they need to, to function correctly.
A set up guide for Keepass but with KeeFox it will only be necessary for none browser/Firefox applications so you can store passwords for other applications.
http://keefox.org/
http://www.google.com?t=3362725&highlight=
As mentioned above, make sure your wifi if you use it is secure! It’s probably not that but it shouldn’t be be excluded as a possibility.
You say that your email IS different so they must of changed it. Maybe they are doing a re-direction of mail so check that in your email account Your password might be being sent to you AND the hacker.
It might be worth calling RS again and explaining what you know about the email address so they can check it again. Maybe they missed something and should be aware of it in case it happens again.
Then change the email back to what it was and make sure your email account is secure!
http://www.virustotal.com/
http://www.virscan.org/
http://virusscan.jotti.org/en
http://www.malwarehash.com/
the link below isn't working for me ATM
http://scanner.novirusthanks.org/
Ok first, i recommend using Kaspersky.
and yes there is actually ways that a virus can stay in ur pc, but thats if it copied it self into the BIO's which is pretty much not this case. But it can.
and when you said hacked, you mean pass changed, traffic used...?
so first time ur RS and EMAIL got passes changed and u obtained them and now they got changed again or just traffic used?
and paste the IP's here. (u can block urs with * if u want)
and are you on wifi?
what windows?
have you used and rs2rs or rapidleech sites?
Right now, after i’ve done a reformat yesterday, i’m using Avira Personal, there doesn’t seem to be any trustworthy topics that i can find for premium. I checked the guide that “Ioie” linked to me and it shows Avira as the best antivirus currently, so should i stick to that or use Kasperksy? As for my firewall, i’m using Comodo Internet Security and would appreciate it if someone can link me a topic that actually has proper working crack for full version, and that it’s trustworthy.
Previously i was using Avast & Nod32, both PRO or full versions. Also, i was using Agnitum Outpost Firewall Pro, MalwareBytes Antispyware and Super Antivirus Pro, as well as Ad Aware, Spyware Doctor & Spybot Search & Destroy.
And yes, by hacked i mean pass changed and traffic used. I posted this yesterday night so you might not have read it while it’s up, but anyway I called up RS support and got my account back and they said 5 different IPs were using my RS account since Jan 7th, which meant that the guy who hacked me properly gave out my account details to 4 other people, and that they were ALL using it without me noticing. The reason is because they didn’t change my password since Jan 7th so i obviously don’t notice, also since i don’t like to login to my RS account at all, i don’t check the IP logs or the usage of my trafficshare etc, so i didn’t suspect a thing.
Plus, since i use Internet Download Manager, i just have to setup my RS account with it just once, and i can just download batch links, i.e copy & paste RS links and download all in one go straight away, so i wouldn’t notice i got hacked anyway until the links that were being downloaded don’t start to download, even though they aren’t dead, and then i suspect my account got hacked and that’s how I found out 2 days ago.
What do you mean block my IP with * ?? I was gonna download some hide IP tools but couldn’t find any reliable, now i’m being extra careful with what i downloaded and i’m going through a list of apps i used and check which one is suspicious right now, but anyway please recommend me a good tool for this, and whatever it is that you meant for me to use to block my IP.
Yes i’m on Wifi, and it’s on a secured network, i use WPA-PSK and i don’t think my wifi got hacked or anything, i checked the connections by going to my router login page and can only see me using it. I use Dlink btw.
I’m on Windows 7 Ultimate x86 build 7600.
And no i don’t use rs2s or rapidleech sites, i have no need for those since i’m on RS premium and only download stuff from this forum.
You need a Software Firewall for a start. If you use Keyscrambler then keylogging is highly unlikely. It is more likely that your passwords are being stolen which shouldn't happen if you have stopped using your browser to store your passwords as you do say that you are using Roboform. That is unless they are taking your cookies which can also be used to access accounts.
Well I never store my RS account passwords, for my emails I do but they couldn't have gotten to my RS login & pass (i changed them since the first time i got hacked), the most they can get out of by knowing my email logins is to unlock the RS security code, but still they have to know my RS to login to it......unless there is the forgot password recovery thing u can use? I'm not sure i forgot........wait actually, i remembered, previously i was using Gmail as my main email account for Rapidshare and it's also my primary email for contacting people, and when both RS & my Gmail got hacked the first time, i decided to create a new email account at AOL, so that when it gets hacked, i won't lose my primary email account or have to panic and recover that one too. Since i don't use my AOL account, i never saved the passwords in my browser, so that couldn't have gotten hacked....
And no i haven't used Roboform yet, but I said i'm planning on using it since there is a Firefox addon that i can install in conjunction with using the program, but ya i guess ur right, i don't trust it either, the topics i found were suspicious too.
My bet is that you are using some infected software and it could be Roboform. Sandboxie will only prevent system infection but it won't stop them sending out passwords unless the Sandbox is denied internet access, see the sandbox settings. I suspect that you are relying on your AV to tell you it's clean and your AV is missing the infections. Trust nothing unless it has a Digital Signature! Run Keygens and patches in a Sandbox with no Admin or internet rights! Then remove the patched exe's from the Sandbox. They could still be infected but it prevents the patch or keygen from stealing passwords and cookies. Testing things using a multi virus scanning site such as VirusTotal is better than relying on one AV.
http://www.matousec.com/projects/proactive-security-challenge/results.php
I've actually only started using Sandboxie recently, so i don't actually know how to deny internet access with it, could you help me on this? And yes i do run suspicious files in Sandboxie, including keygens & patches. And the link you gave me doesn't really have any option to open up my files and scan them, it just shows a list of good Firewall programs.....
and how can i scan or check whether a program has Digital Signature or not?? I read this somewhere for setting up Comodo properly but forgot the link....
I wouldn't use KIS, the Anti Virus isn't good enough IMO. Avira make a much better AV but it is a bit too twitchy in a environment when set to maximum security so it really cannot be used for real time scanning of files, except for times when you are doing something that needs the highest security. I didn't like Comodo but it has strong security so would be okay if you like it.
Remember to delete your RS unlock code from your email and make sure it is totally deleted!
Yup i always do.
Be sure the RS links that you try to download are really RS links and not some disguised phishing links. They are banned but people might still try it.
Philshing RS links?? Wow i never heard of that, i thought to be philshed you have to go to a philshing website that resembles RS.com?? How can you tell whether a link is a RS philshing link or not?? For one, i download files only from and that when i use Internet Download Manager to download all my RS files, so by just selecting and copying them, IDM brings up a window to allow me to select the RS links to download, whether i want to select a few certain ones, or select/deselect all of them, as well as showing whether the link is dead or not since it scans for the file size, but if a RS philshing link is also in the form of www.~ Dead file host ~/example, then i dunno how i can tell.....
For Firefox I would recommend requestpolicy and noscript as the best combination but it will take some training before being really usable so make sure you save the settings if you re-install windows.
Keepass is one of the best password managers and when used with KeeFox, it can automate logins, none of the messing around that used to be needed. But you will have to make sure that you allow Keepass and Firefox to access what they need to, to function correctly.
A set up guide for Keepass but with KeeFox it will only be necessary for none browser/Firefox applications so you can store passwords for other applications.
http://keefox.org/
http://www.google.com?t=3362725&highlight=
As mentioned above, make sure your wifi if you use it is secure! It's probably not that but it shouldn't be be excluded as a possibility.
You say that your email IS different so they must of changed it. Maybe they are doing a re-direction of mail so check that in your email account Your password might be being sent to you AND the hacker.
Ya, i checked already, doesn't seem to be any, i changed the password of all my emails yesterday as well.
It might be worth calling RS again and explaining what you know about the email address so they can check it again. Maybe they missed something and should be aware of it in case it happens again.
Yup i did that already.
Then change the email back to what it was and make sure your email account is secure!
http://www.virustotal.com/
http://www.virscan.org/
http://virusscan.jotti.org/en
http://www.malwarehash.com/
the link below isn't working for me ATM
http://scanner.novirusthanks.org/
oh btw, i use several email accounts so i use Pop Peeper to check all my emails, I also setup my Gmail as my primary email account to retrieve emails from the other accounts such as Yahoo or AOL, so i don’t actually login to my email accounts on my browsers a lot, since i can read and send using Pop Peeper…..
and btw thanks to everyone for their help and suggestion, my RS account expires on Feb 18th so i will keep a list of the people who helped me the most and has given me great advice, and will send you a PM with my account info, but i’m not sure how many ppl i should share this with, because sharing with more than 2 will mean the possibility that one of you might change the pass. It wouldn’t affect me because i’m planning on getting a new RS premium, so i will ditch this one and give it out to you guys, but if i share with e.g. 3 or 4 people, one of you might change the pass and the others won’t use it, so i don’t know how to make this work…….
Anyway i will give it out to a some selected people who helped me on February 1st, right now i still need it for downloading a few other files and until i got everything sorted, i’m not gonna get a new account yet, i’m gonna have to setup Paypal properly too coz i’m gonna buy one of those encryption cards for further security, right now i deleted all my Visa that is paired with my Paypal so i got to set those up too as well, but right now i’m still feeling insecure coz i feel like i’m getting keylogged.
Oh btw, is it possible for me to transfer all my RS points from my old account to my new one that i’ll be getting?? I have like 7k points in there.
Ok first, i recommend using Kaspersky.
and yes there is actually ways that a virus can stay in ur pc, but thats if it copied it self into the BIO's which is pretty much not this case. But it can.
and when you said hacked, you mean pass changed, traffic used...?
so first time ur RS and EMAIL got passes changed and u obtained them and now they got changed again or just traffic used?
and paste the IP's here. (u can block urs with * if u want)
and are you on wifi?
what windows?
have you used and rs2rs or rapidleech sites?
Right now, after i've done a reformat yesterday, i'm using Avira Personal, there doesn't seem to be any trustworthy topics that i can find for premium. I checked the guide that "Ioie" linked to me and it shows Avira as the best antivirus currently, so should i stick to that or use Kasperksy? As for my firewall, i'm using Comodo Internet Security and would appreciate it if someone can link me a topic that actually has proper working crack for full version, and that it's trustworthy.
Previously i was using Avast & Nod32, both PRO or full versions. Also, i was using Agnitum Outpost Firewall Pro, MalwareBytes Antispyware and Super Antivirus Pro, as well as Ad Aware, Spyware Doctor & Spybot Search & Destroy.
Avira is very good but very twitchy around software, hell it even says my own program bANbUSTER is infected
You don’t need cracks for Avira, finding a working key is the best bet. That’s what I use but my key runs out in a couple of months but it’s lasted quite a long time.
Don’t use Kaspersky, it’s not very good. I used to use it before Avira but wouldn’t go back now, it misses too much IMO and the AV tests show it.
You don’t need cracks for Comodo, it doesn’t require them as it is free to use or was the last time I used it which was two or three months ago. I don’t like it myself so I returned to Outpost after re-trying it recently. Comodo didn’t give the level of control I like.
And yes, by hacked i mean pass changed and traffic used. I posted this yesterday night so you might not have read it while it's up, but anyway I called up RS support and got my account back and they said 5 different IPs were using my RS account since Jan 7th, which meant that the guy who hacked me properly gave out my account details to 4 other people, and that they were ALL using it without me noticing. The reason is because they didn't change my password since Jan 7th so i obviously don't notice, also since i don't like to login to my RS account at all, i don't check the IP logs or the usage of my trafficshare etc, so i didn't suspect a thing.
Plus, since i use Internet Download Manager, i just have to setup my RS account with it just once, and i can just download batch links, i.e copy & paste RS links and download all in one go straight away, so i wouldn't notice i got hacked anyway until the links that were being downloaded don't start to download, even though they aren't dead, and then i suspect my account got hacked and that's how I found out 2 days ago.
What do you mean block my IP with * ?? I was gonna download some hide IP tools but couldn't find any reliable, now i'm being extra careful with what i downloaded and i'm going through a list of apps i used and check which one is suspicious right now, but anyway please recommend me a good tool for this, and whatever it is that you meant for me to use to block my IP.
Don’t bother, it won’t help you.
Yes i'm on Wifi, and it's on a secured network, i use WPA-PSK and i don't think my wifi got hacked or anything, i checked the connections by going to my router login page and can only see me using it. I use Dlink btw.
I'm on Windows 7 Ultimate x86 build 7600.
And no i don't use rs2s or rapidleech sites, i have no need for those since i'm on RS premium and only download stuff from this forum.
You need a Software Firewall for a start. If you use Keyscrambler then keylogging is highly unlikely. It is more likely that your passwords are being stolen which shouldn't happen if you have stopped using your browser to store your passwords as you do say that you are using Roboform. That is unless they are taking your cookies which can also be used to access accounts.
Well I never store my RS account passwords, for my emails I do but they couldn't have gotten to my RS login & pass (i changed them since the first time i got hacked), the most they can get out of by knowing my email logins is to unlock the RS security code, but still they have to know my RS to login to it......unless there is the forgot password recovery thing u can use? I'm not sure i forgot........wait actually, i remembered, previously i was using Gmail as my main email account for Rapidshare and it's also my primary email for contacting people, and when both RS & my Gmail got hacked the first time, i decided to create a new email account at AOL, so that when it gets hacked, i won't lose my primary email account or have to panic and recover that one too. Since i don't use my AOL account, i never saved the passwords in my browser, so that couldn't have gotten hacked....
How can they get your RS unlock code if you don’t keep it in your email? You say you haven’t used Roboform so how are you storing your passwords and doing your logins? Storing the passwords in the browser is the usual way of doing it unless you manually login for every site for each visit or use a password manager. Check your firefox options–>security–>saved passwords. I’d be surprised if there was nothing there. As I said they could even steal your cookies to login if you run some infected software. Running your browser Sandboxed hides the cookies away in a place that Malware won’t find it. But make sure that you delete ALL passwords and cookies by running your browsers unsandboxed first and deleting cookies/passwords!
And no i haven't used Roboform yet, but I said i'm planning on using it since there is a Firefox addon that i can install in conjunction with using the program, but ya i guess ur right, i don't trust it either, the topics i found were suspicious too.
I recommend you use Keepass from the Keepass website, it is freeware and the strongest password manager available with no risks of infected software. Get KeeFox extension for Firefox and your good to go. But you might have to ensure that you make a firewall rule for Keepass and Firefox. Firefox needs localhost (127.0.0.1) outbound port 12535 to communicate with Keepass. With Windows 7, a brand new install, I needed to make a rule for Keepass too as it was using other ports but on Win XP I only have the rule for Firefox.
http://keepass.info/
http://keefox.org/
http://www.google.com?t=3362725&highlight=
My bet is that you are using some infected software and it could be Roboform. Sandboxie will only prevent system infection but it won't stop them sending out passwords unless the Sandbox is denied internet access, see the sandbox settings. I suspect that you are relying on your AV to tell you it's clean and your AV is missing the infections. Trust nothing unless it has a Digital Signature! Run Keygens and patches in a Sandbox with no Admin or internet rights! Then remove the patched exe's from the Sandbox. They could still be infected but it prevents the patch or keygen from stealing passwords and cookies. Testing things using a multi virus scanning site such as VirusTotal is better than relying on one AV.
http://www.matousec.com/projects/proactive-security-challenge/results.php
I've actually only started using Sandboxie recently, so i don't actually know how to deny internet access with it, could you help me on this? And yes i do run suspicious files in Sandboxie, including keygens & patches. And the link you gave me doesn't really have any option to open up my files and scan them, it just shows a list of good Firewall programs.....
and how can i scan or check whether a program has Digital Signature or not?? I read this somewhere for setting up Comodo properly but forgot the link....
This first one might not be necessary with Windows 7 but worth checking all the same/ The 2nd pic shows the internet option. But checking this won’t let software connect to the internet so you won’t know it’s safe to use outside a Sandbox. You won’t get a Firewall prompt for internet access by Malware in such a Sandbox.
The link WAS for firewalls. I did say VirusTotal which is one site which does scanning using multiple AV engines, the links ended up further down. Here they are again:
http://virusscan.jotti.org/en
http://www.virustotal.com/
http://www.virscan.org/
http://scanner.novirusthanks.org/
or a faster way can be to hash your file and then check the file hash on this site, better for larger files as it doesn't require uploading large files. But I still prefer uploading them for most stuff.
http://www.malwarehash.com/
See this link for info about Digital Signatures>
http://www.google.com?t=3050812
I wouldn't use KIS, the Anti Virus isn't good enough IMO. Avira make a much better AV but it is a bit too twitchy in a environment when set to maximum security so it really cannot be used for real time scanning of files, except for times when you are doing something that needs the highest security. I didn't like Comodo but it has strong security so would be okay if you like it.
Remember to delete your RS unlock code from your email and make sure it is totally deleted!
Yup i always do.
Be sure the RS links that you try to download are really RS links and not some disguised phishing links. They are banned but people might still try it.
Philshing RS links?? Wow i never heard of that, i thought to be philshed you have to go to a philshing website that resembles RS.com?? How can you tell whether a link is a RS philshing link or not?? For one, i download files only from and that when i use Internet Download Manager to download all my RS files, so by just selecting and copying them, IDM brings up a window to allow me to select the RS links to download, whether i want to select a few certain ones, or select/deselect all of them, as well as showing whether the link is dead or not since it scans for the file size, but if a RS philshing link is also in the form of www.~ Dead file host ~/example, then i dunno how i can tell.....
It’s unlikely but it could happen but file link checkers such as the greasemonkey file link checker wouldn’t check them so the link wouldn’t be marked as working. If you copy links and one has a slightly different url to the regular RS one then your Download manager tries to download them it can forward the login details to the server and the server could in theory captcha the login details.
http://1234.~ Dead file host ~/files/1234/file.rar
or http://rapidsnare.com/files/1234/file.rar
Would you spot the last one if it was among a set of real links when your eager to get your Movie? http://~ Dead file host ~/files/85433102/Hot.New.Movie.part1.rar
http://~ Dead file host ~/files/86314526/Hot.New.Movie.part2.rar
http://~ Dead file host ~/files/90240792/Hot.New.Movie.part3.rar
http://~ Dead file host ~/files/72714426/Hot.New.Movie.part4.rar
http://rapidsnare.com/files/86130412/Hot.New.Movie.part5.rar
http://~ Dead file host ~/files/30284782/Hot.New.Movie.part6.rar
http://~ Dead file host ~/files/29754042/Hot.New.Movie.part7.rar
A part from my browser window>
For Firefox I would recommend requestpolicy and noscript as the best combination but it will take some training before being really usable so make sure you save the settings if you re-install windows.
Keepass is one of the best password managers and when used with KeeFox, it can automate logins, none of the messing around that used to be needed. But you will have to make sure that you allow Keepass and Firefox to access what they need to, to function correctly.
A set up guide for Keepass but with KeeFox it will only be necessary for none browser/Firefox applications so you can store passwords for other applications.
http://keefox.org/
http://www.google.com?t=3362725&highlight=
As mentioned above, make sure your wifi if you use it is secure! It's probably not that but it shouldn't be be excluded as a possibility.
You say that your email IS different so they must of changed it. Maybe they are doing a re-direction of mail so check that in your email account Your password might be being sent to you AND the hacker.
Ya, i checked already, doesn't seem to be any, i changed the password of all my emails yesterday as well.
It might be worth calling RS again and explaining what you know about the email address so they can check it again. Maybe they missed something and should be aware of it in case it happens again.
Yup i did that already.
Then change the email back to what it was and make sure your email account is secure!
http://www.virustotal.com/
http://www.virscan.org/
http://virusscan.jotti.org/en
http://www.malwarehash.com/
the link below isn't working for me ATM
http://scanner.novirusthanks.org/
oh btw, i use several email accounts so i use Pop Peeper to check all my emails, I also setup my Gmail as my primary email account to retrieve emails from the other accounts such as Yahoo or AOL, so i don't actually login to my email accounts on my browsers a lot, since i can read and send using Pop Peeper.....
and btw thanks to everyone for their help and suggestion, my RS account expires on Feb 18th so i will keep a list of the people who helped me the most and has given me great advice, and will send you a PM with my account info, but i'm not sure how many ppl i should share this with, because sharing with more than 2 will mean the possibility that one of you might change the pass. It wouldn't affect me because i'm planning on getting a new RS premium, so i will ditch this one and give it out to you guys, but if i share with e.g. 3 or 4 people, one of you might change the pass and the others won't use it, so i don't know how to make this work.......
Anyway i will give it out to a some selected people who helped me on February 1st, right now i still need it for downloading a few other files and until i got everything sorted, i'm not gonna get a new account yet, i'm gonna have to setup Paypal properly too coz i'm gonna buy one of those encryption cards for further security, right now i deleted all my Visa that is paired with my Paypal so i got to set those up too as well, but right now i'm still feeling insecure coz i feel like i'm getting keylogged.
Oh btw, is it possible for me to transfer all my RS points from my old account to my new one that i'll be getting?? I have like 7k points in there.
I don’t think that is possible. If the account closes you will lose them unless you can make enough to make a new account.
I don’t need a RS account, I very rarely download from there.
How can they get your RS unlock code if you don't keep it in your email? You say you haven't used Roboform so how are you storing your passwords and doing your logins? Storing the passwords in the browser is the usual way of doing it unless you manually login for every site for each visit or use a password manager. Check your firefox options-->security-->saved passwords. I'd be surprised if there was nothing there. As I said they could even steal your cookies to login if you run some infected software. Running your browser Sandboxed hides the cookies away in a place that Malware won't find it. But make sure that you delete ALL passwords and cookies by running your browsers unsandboxed first and deleting cookies/passwords!
Trust me, i did delete my anything that is important on my email, i never keep anything like VISA, Paypal or Rapidshare information on there. The fact they the guy hacked my email is probably enough to get the RS unlock code, since all you do is request the code and it'll get sent to the email.....you can request a new one if you forget or lost the last code, so it doesn't make a difference anyway.
Yes i did check the saved passwords in Firefox, and yes i do store a few logins in there but not my Rapidshare or my email, not the one i use for Rapidshare at least.
I clear my cookies with Ccleaner every 2 days. Anyway i've setup Keepass now thanks to your awesome guide, but i still need help setting it up for Internet Download Manager, please help me with this new topic i created separately here:
http://www.google.com?p=28891698#28891698
and even though i'm only using Windows 7, i don't have to setup any ports.....i'm not sure if i setup correctly but i did follow your guide, i just login using Keefox and it takes the entries i created in Keepass and logs in, that's fine right? In fact, Keefox saves any login form information you enter and that will be saved in as an entry in Keepass, so i don't think we really have to setup the entry in Keepass first. I also checked the saved form built-in manager in Firefox and the passwords etc are encrypted and is saved by Keefox, so i guess it's working right?
are you sure you don’t want the rs premium? Well you can still have it if you want, thanks for your help man, i really appreciate it
I don’t know if this has been covered in the above walls of text, but at the top of Gmail select “create filter” and then “show filters”.
If the hacker had access to your e-mails it’s possible he could set a filter so that your RS details are forwarded to him as well as you.
ya, i checked the filters and forwardings and POP3 & IMAP mail setup, it’s clean.