A fair warning to all FFXI PC players
Lately an RMT group has been releasing a trojan on FFXI community sites and have hijacked several Final Fantasy XI accounts.
Yesterday a couple of my own LS mates have become victim to this.
For now the following has been confirmed:
For now Somepage has been confirmed to have this trojan up on their website.
Do not visit Somepage!
Other pages that have been rumored to be infected are ffxiah and wikipedia but these are unconfirmed for now.
The trojan installs itself onto your computer without you noticing and sends the encrypted file which saves your Playonline ID and password.
(So far most people infected use Internet explorer, I haven't heard about people using firefox getting hacked.)
The possible leak and sollution:
Basicly:
Try to find the following:1. Run > Regedit
2. Select My Computer
3. Edit > Find(Top bar drop down)
4. Enter the name of the file.
5. Find
The should all be under the following string:in3.dll
rsbo.exe
kb1ss1p.dll
kb1ss1p.sys
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
If they are remove these string immediately, and change your POL password! You are infected and risking to lose your character!
Note that there is an rsbo there under that string that is not the trojan, look specificly for rsbo.exe!!
Lastly: DO NOT SAVE YOUR PLAYONLINE PASSWORD!