***Poker Tracker IDE POSSIBLE KEYLOGGER ALERT***

[Warpe]

We have reason to suspect that a piece of software known as Poker Tracker IDE may contain a keylogger or other malicious software that is being used to steal passwords to poker accounts. We don't know this for sure but players are advised to NOT download and install this software under any circumstances.

Also, many players have reported being contacted individually on MSN by someone trying to get them to install the software. DO NOT GIVE THIS PERSON ANY INFORMATION WHATSOEVER ABOUT YOUR POKER ACCOUNTS!

Related links here:

http://www.flopturnriver.com/phpBB2/...21.html#650687

http://www.flopturnriver.com/phpBB2/...60.html#675287
Be careful out there, people.

[Warpe]

Also posted on 2+2

http://forumserver.twoplustwo.com/sh...d.php?t=181440

and pocketfives

http://www.pocketfives.com/poker-for...02A00_-2795816

[mrhappy333]

didnt read yet, But is this only with new PTs or even existing ones?

[JL]

didnt read yet, But is this only with new PTs or even existing ones?

This has nothing to do with PT at all. It's a scam software called pokertracker IDE.

[poker_pup]

Thanks for the warning.

[meeloche]

http://www.flopturnriver.com/phpBB2/...hh-t69760.html

In case nobody thinks it can actually happen...

[Jack Sawyer]

Do not even visit their website for now, as we are not sure how they infect the pc

It may use something about the buffer to infect the browser, and thus the pc. Do not visit the website (or at least not on your main pc. do it in a separate virtual machine or something if you wish)

[badgers]

Do not even visit their website for now, as we are not sure how they infect the pc

It may use something about the buffer to infect the browser, and thus the pc. Do not visit the website (or at least not on your main pc. do it in a separate virtual machine or something if you wish)

Yeah exactly can someone block out all the links?

[Halv]

Do not even visit their website for now, as we are not sure how they infect the pc

It may use something about the buffer to infect the browser, and thus the pc. Do not visit the website (or at least not on your main pc. do it in a separate virtual machine or something if you wish)

Yeah exactly can someone block out all the links?

The links in this thread are auto-generated and lead to the real PT website (note how every time someone writes Poker Tracker a link is generated). I went ahead and edited out the links in the referred threads.

I visited the site back in february when the original thread surfaced (but didn't download/install anything), how worried should I be? Using Opera, AVG, ZoneAlarm, Snoopfree.

[Warpe]

From the sound of things you have to download the installer, so just visiting the site is not so bad. We don't know this for sure but it all adds up.

[badgers]

Halv there's wtill a link in page 1 of wtf ahhhhhhhhhhhhhh. I don't know how worried you should be I'm sure you're far more computer savvy than me so idk.

[Halv]

Woops, seems like I only cleaned up one of the threads, sorry. I've gone through the wtfaah thread now.

I'm running nightly scans with avg, spybot, adaware and crap cleaner, nothing has come up. I'd be a little surprised if you could get infected just by visiting the site, but I'm still gonna go the paranoid route and change all my passwords from a clean computer today. I change them all once a month anyway, now seems like a good time as any. If I was gonna go totally paranoid I would reformat, but I don't think that's called for with the information at hand.

[will641]

i just dont get it. im running system suite for spyware and virus', and it says nothing is detected.

[jyms]

try posting your task manager processes, maybe someone can spot something running that shouldn't be

[Warpe]

i just dont get it. im running system suite for spyware and virus', and it says nothing is detected.

Keyloggers work at the root so won't necessarily be detected. For all we know, they could've accessed the data while they delayed you online with that "Problem with promotional code" message.

The fact that your e-mail isn't working now is defintely a concern. Just wipe the fucker, though someone more tech savvy should tell you how.

[will641]

try posting your task manager processes, maybe someone can spot something running that shouldn't be

here is everything that is by me. i.e. not system programs

[Warpe]

Download and run this:

http://free.grisoft.com/doc/download-free-anti-rootkit/

but srsly, I'd wipe it

[Halv]

Get snoopfree as well. It'll tell you anything that tries to hook the keyboard and/or scrape the screen. http://www.download.com/SnoopFree-Pr...html?tag=lst-1

I would also look into HijackThis.

I'm with warpe tho - reformat the HD and reinstall windows.

[jyms]

I just ran that and found a keyhook in UltraMon. Does anyone know why this program needs it?

[Halv]

Typically a keyboard hook is related to a hotkey in the program. Ie "press ctrl+space to do this and that", that'll require a keyboard hook. Some applications require it for general text input, for example PartyPoker hooks the keyboard to use with the chat box (however typing bets works fine when blocked).

You'll also see programs taking screenshots when you access drop-down menus alot, I have no idea why they do it though. I typically just deny everything, then if there's a problem with using the program I'll manually allow it (if I've decided to trust the program).

[Halv]

will, check out usnsvc.exe
http://www.file.net/process/usnsvc.exe.html

[jyms]

and stop using MSN and AIM. Get Trillian. One program and not a microsoft product

[Warpe]

woot! triple post!

new Computer Security Primer post in Tools. I love the internetz...

http://www.flopturnriver.com/phpBB2/...er-t69797.html