WARNING: If you downloaded "ROTMG Easy Hotkeys" By C4pt4in 4lph4

[Royce]

Yesterday @C4pt4in 4lph4 posted a ROTMG Easy Hotkeys tool and it contained a phisher, If you used this program you are a victim!!! Change all important information when you have a chance before your personal things are stolen

I could have reported back faster but im banned for a bit for disrespect.
Anyways, I looked over it:
- It's not a keylogger, it's a .SOL stealer
- The fag who made it will have access to steam accounts because GUIDs were stolen.
- No malicious sofware was installed, it ran an operation every time someone started the app.

Royce Distraught

I used this while I had a mule logged in and lost 16 life, much less than the others. Please update the topic with this info.

Thanks to Krazy for breaking it down a little. Going to have Master decompile the file when he's awake and get a more detailed analysis.

Make sure to:
-Change any passwords related to MPGH, ROTMG, Steam, or your emails. (obviously any other accounts you may be concerned of)
-Run an anti-malware program to make sure your clean. Program doesn't seem to install anything.

[Daenerys]

Got hacked. Used all my coins + took all my WC tops. RIP.

[Distraught]

Sorry about this. Getting it sorted. That's why it's important for us to decompile every file. I suggest doing this yourself if you don't already. Here is the malicious code:

[Daenerys]

Dang. Thought it was safe, so went lazy mode.

[Distraught]

Dang. Thought it was safe, so went lazy mode.

and so did the minion who approved it. Thank god it wasn't @Royce

[Royce]

Dang. Thought it was safe, so went lazy mode.

We are getting this sorted out at the moment, it should not of been approved.

[Distraught]

If you need help removing a keylogger and such post here. Any flame will lead to this thread being closed.

[Daenerys]

Well, I deleted almost all of the remains of it. Is there a way that there is still the residue of this keylogger existing on my computer?

[MDii]

thanks certainly, but I already lost also the numerous gold and many things)))

[Distraught]

Well, I deleted almost all of the remains of it. Is there a way that there is still the residue of this keylogger existing on my computer?

There's not much to do besides change your info and run Malware Anti-bytes or something similar. @master131 if you want to elaborate.

[unsocial]

thanks for the heads up.

[[MPGH]Beex]

and so did the minion who approved it. Thank god it wasn't @Royce

Would @Royce have been able to decompile and locate this malicious code if he was the minion on at the time? This is why we need atleast one well-versed ROTMG minion.

[Jennings169]

How do I make sure I have removed it?

[carbonnade]

this is sad can't believe people do this I just hope next time we can find if someone put bad juju in :/

[Distraught]

Would @Royce have been able to decompile and locate this malicious code if he was the minion on at the time? This is why we need atleast one well-versed ROTMG minion.

It's not like it wasn't easy to catch. Trust me, you could see the suspicious string right off the back then decompile it further to understand it. Anyone would of caught this one if they actually took the steps they were supposed to. but yes this is the exact reason I agreed we needed someone familiar with the section or malicious code.

How do I make sure I have removed it?

My anti-viruses wouldn't pick it up so your manually going to have to check your processes/services under Task Manager. You can also go further by checking your registry. Any program similar to Malware Anti-bytes will clean it though.