Jump to content

RAT and Keylogger detection.

Armakar
By Armakar
in Troubleshooting
 Share
Posted

I made a thread about this yesturday but I want to revise what I said to see if I can get some help!

 

I have had RAT/Keylogger issues in the past, such as someone hacking my league account and somehow posting on the league of legends forums asking for people to buy my account (without me realising until I was banned).

I evidently had a keylogger ( this was on a separate machine) as nomatter how many times I changed emails and passwords I would have some account info leaked.

 

I was fine for months until 2 days ago where I recieved an email saying someone is requesting my Ubisoft password account to be changed (They never changed the password, only sent a request). I changed my password, then I recieve another password request, and then the person adds google authenticator so I can't acsess my account. In short, I contacted ubisoft, they removed authenticator, I changed my password and put my own authenticator on. I recieved ANOTHER password reset request this morning, and I am awaiting response from Ubisoft.

 

As far as I know, there are no other signs of RATs or Keyloggers on my machine. To my knowledge, none of my other accounts have been breached, I have found nothing in startup, task manager or with anti-virus/malware programs, nothing weird in programs, etc.

 

So, I have some questions and hopefully you guys can give me non paranoia biased answers! Do you think I have a keylogger/RAT?

 

On the one hand, it does seem that whoever this is is persistent, especially for an Ubisoft account with 2 games on it. They are clearly not bruteforcing, they clearly want MY account, which indicates they have a method of getting my password.

 

But, more convincingly, how the hell is this person actually on my account? Ubisoft confirmed someone outside of the UK acsessed my account, how?

I have authentication on my Email so you need access to my phone to log into my email. Ontop of that, it gives me a notification of my phone when someone wants to log into my email.

Why the hell is this guy sending password reset requests when he already has my password and (I think) doesn't have access to my email anyway?

Why did he STILL send password reset requests after I put an authenticator on my Google?

 

 

Based on the fact that (I think) nobody should be able to accsess my email, this guy maybe found a flaw to get into an Ubisoft account without the password? He never changed my password, but he sent password reset request, which makes little sense because that kind of tips me off that he's on my account.

 

 

Sorry for the long thread, I know people will ask me to reinstall windows, but with the amount of devices I have all on the same network, I don't find that to be a solution.

 

Any insight? Do you think this guy has a RAT on me or did he just find a flaw with Ubisoft?

 

Main Rig

CPU: Ryzen 2700X 
Cooler: Corsair H150i PRO RGB 360mm Liquid Cooler
Motherboard: ASUS Crosshair VII Hero
RAM: 16GB (2x8) Trident Z RGB 3200MHZ
SSD: Samsung 960 EVO NVME SSD 1TB, Intel 1TB NVME

Graphics Card: Asus ROG Strix GTX 1080Ti OC

Case: Phanteks Evolv X
Power Supply: Corsair HX1000i Platinum-Rated

Radiator Fans: 3x Corsair ML120
Case Fans: 4x be quiet! Silent Wings 3

 

 

Link to comment
https://linustechtips.com/topic/751001-rat-and-keylogger-detection/
Share on other sites
Link to post
Share on other sites
Posted

Probably Ubisoft. Give me a while and I'll link a Reddit thread relating to this. 

 

 

 

Ryzen 5 3600 stock | 2x16GB C13 3200MHz (AFR) | GTX 760 (Sold the VII)| ASUS Prime X570-P | 6TB WD Gold (128MB Cache, 2017)

Samsung 850 EVO 240 GB 

138 is a good number.

 

Link to post
Share on other sites
Posted
  • Author
5 minutes ago, themctipers said:

Probably Ubisoft. Give me a while and I'll link a Reddit thread relating to this. 

 

 

 

Thanks for the info! It did seem strange, this is a new laptop with nothing bad downloaded, and his method of getting into my account seemed like an exploit.

 

 

Thanks for saving me hours worth or reinstalling windows and all my stuff :)

Main Rig

CPU: Ryzen 2700X 
Cooler: Corsair H150i PRO RGB 360mm Liquid Cooler
Motherboard: ASUS Crosshair VII Hero
RAM: 16GB (2x8) Trident Z RGB 3200MHZ
SSD: Samsung 960 EVO NVME SSD 1TB, Intel 1TB NVME

Graphics Card: Asus ROG Strix GTX 1080Ti OC

Case: Phanteks Evolv X
Power Supply: Corsair HX1000i Platinum-Rated

Radiator Fans: 3x Corsair ML120
Case Fans: 4x be quiet! Silent Wings 3

 

 

Link to post
Share on other sites
Posted

i would install spybot

after install do update then

go to advanced options and theirs a section where you may specify what is scanned for

there is going to be 2 or 3 things that are ignored by default

make sure to check those so scanner will find

but do not use the realtime scanner that is a headache instead run scan then run the immunize engine

if furthur problems install comodo. great software but steep learning curve

message me i can help with the comodo

Link to post
Share on other sites
Posted
18 minutes ago, Armakar said:

Thanks for the info! It did seem strange, this is a new laptop with nothing bad downloaded, and his method of getting into my account seemed like an exploit.

 

 

Thanks for saving me hours worth or reinstalling windows and all my stuff :)

It isn't an exploit, it's from breached websites, etc. It's very common for people to have their details ran against websites through proxies. I won't go into detail but these bots can literally log in and set Google Authenticator. 

idk

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Troubleshooting

×