- This topic has 3 replies, 3 voices, and was last updated 16 years, 5 months ago by
.
-
Posts
-
Hi there, I am hoping to receive some help as I am dealing with a major problem with AIM. I’m trying to help a friend who has an AOL/AIM Screename. In the past year, the password and security question has been hacked 4 times (presumably by the same person). Three of those times have occurred in the past month and two of those on the same day (yesterday).
I’m not sure how this person is getting the password and then able to reset the security question. My assumption is that to reset the security question they are going through Live Help, but it doesn’t explain how they’re getting the password as you need that as the first step.
At any rate, each time that the password has been stolen, I have been able to help my friend reset it. The problem now is that there seems to be something really strange going on with the screename’s buddylist.
On the buddylist there is now a grouping that appears to be of screenames of friends that ther hacker has. I have tried to delete this list, but it won’t delete. I’m assuming that the hacker somehow attached a third-party application to the screename as whenever the hacker is chatting, it pops up a window on my friend’s end and he can see the conversation occuring.
I’m not sure if I am explaining this clearly, but does anyone know of a way to fix/stop this?
Any information that could be passed along would be greatly apprecaited.
Just thought I’d send an update and state that I was able to delete the problem of the buddylist group. Apparently it was an AIM Group Blast and in order to delete it, I had to visit blast.aim.com.
Now if I could only find out how the hacker keeps getting my friend’s password.
In addition… does anyone know where/how to change the alternate contact email in AIM? The hacker changed this as well and I can’t seem to find an option to change it back.
The person may have been able to install a keylogger on the machine. This could have been done if they have direct access to the machine, or if a link was unwittingly clicked in an IM or email. Keyloggers will track every keystroke and the information is then available to the person who installed the program. They are generally set to run silently so the person does not know they are there.
Keyloggers can be difficult to detect depending upon just what was installed. Malware and virus programs may detect the simple ones, but the “better” the keylogger the harder it is to detect.
I would strongly suggest going to a forum like that found at What the Tech or Geeks to Go and provide the required logs. A person trained in malware removal will assist you in trying to determine what is on the machine and will offer free help to try and remove it if possible.
Before trying to change the email address I would find out if someone is tracking what the user is doing. It will do no good to change it if they are simply going to steal it again.
If this is a paid AOL account you can contact their customer service for assistance. If not, I’m not sure how to change the email but I’ll do some searching. A quick Google did not produce any helpful results. If it was an older AOL account you should be able to log into the master account and maybe make changes, but if it’s a newer free account that probably won’t work.
Try resetting the password and not having it saved on any of the computers which it is used on. If the password is saved, anyone with access to the computer(s) it’s saved on can copy/paste the hashed password and login on a different computer. They won’t have the actual password, but the hash can still be used to login…older versions of AIM stored saved passwords in plain text, AIM4 and early AIM5 builds I believe.
- You must be logged in to reply to this topic.