I believe it is a very strong possibility that some versions of AOMD are transmitting network packets out to an unknown destination. At the very least, it is CERTAIN that I have one on my system, and AOMD 3.0 is by far the most likely source.
System Background: Very new PC, less than 3 weeks old running a legitimate purchased copy of Windows XP Home Edition. Absolutely nothing transferred from my old system. Never put a floppy or a burned CD in it. Connected to the internet through a 3M cable modem. No anti-virus software installed on this PC at any time. Very very little installed or downloaded on this PC at all in fact. Details to come later in this post.
Events leading me to the conclusion I stated above:
I was playing AO. My girlfriend called, and asked me to log onto AOL and check my email. I minimized AO, logged onto AOL, did some email things, and logged back off within 10 minutes.
Less than an hour later, my girlfriend calls back, very upset. She says she had -just- sent me an IM on AOL saying "Hi". Supposedly, I responded "Busy. Later.". She asks "Are you okay?" Whoever is logged in as me responds "I'm never okay." and logs off.
I spend some time assuring her I had been playing the game and was not logged into AOL at that time, nor did I have any such conversation with her at -any- time. Obviously, someone has my AOL password (it was a rare last name in a different language followed by a random number, not "God" or "Sex" or something equally stupid). I minimize AO again, log on and change it to something completely different, then log off (on the phone with her, so she knows I logged off). I resume playing the game, disturbed, but not sure what I can do about it at this point without more facts.
Not 20 minutes later, she calls me and says "Your screenname was just on -again-. This time there was no response to my IM. Then your screenname logged off."
Now I am -VERY- disturbed. I had -just- changed my password to something completely different and whoever just logged in as me got a hold of it -immediately-. The password I changed it to was not one I had used anywhere else.
It is obvious that something is transmitting my keystrokes out over the internet. So I took stock of everything I have installed on this PC since I installed Windows XP and related drivers.
1) Anarchy Online 7-day trial version, downloaded from official AO site. Not a likely source for an aggressive packet transmitter to some antisocial punk who is "never okay".
2) AOL 7.0, from official AOL site. Ditto.
3) Nano Nanny. Possible, but not nearly as likely as option #4.
4) AOMD 3.0. A program DESIGNED and MEANT to sniff packets.
Hopefully, most will agree that I am not simply jumping to rash conclusions when I evalute #4 as the most likely source of my problem.
The following are web site addresses as taken from my Internet Explorer History, under "3 Weeks Ago". (I am not transforming these addresses into links because I don't want someone randomly clicking them and downloading).
I followed this link from these boards to find AOMD:
http: //kuren.org/ao/aomd
That link now looks different. At the time, 3 weeks ago, the AOMD 3.0 version was the primary link from this page. You will note that as of my posting there is a small link called "Where is version 3.0?". In it, he identifies why it has been removed (I hoped it was because the virus had been detected, sadly, no) and also says "Use at your own risk, run virus checkers and stuff". I did not, because it is very very rare that I download executables from the internet (I think NN and AOMD are the only two executables from an unofficial source I have downloaded in, oh, 4 years or so). I in NO WAY SHAPE OR FORM am saying that whoever sponsors the website is aware that version of the program has a virus. I have no idea who did this. But that someone did, and that there's a packet transmitter associated with something related to AO, seems pretty certain.
IMPORTANT NOTE: Sadly, I cannot be absolutely certain whether or not I actually had AOMD up and running when I minimized AO to log into AOL. It is indeed VERY possible that I did, I do know I was mission shopping very close to both times I logged into AOL. Hopefully, it is only transmitting packets when I actually have AOMD up and running. That is a slim hope though, as there is nothing that would have prevented whoever wrote this program to have the packet transmitter set itself up to start on bootup.
These are the -actual- links, according to my IE history, that I downloaded my version of AOMD from:
Executable:
http: //kuren.org/ao/aomd/AOMD3.0beta.zip
The supposed source code link posted just under that link was:
http: //kuren.org/ao/aomd/AOMD3.0betasrc.zip
I would send an email to whoever is running the kuren.org site, but I don't see an email link on his page. If I missed it, please let me know.
I will be doing a full format of my hard drive soon. I am very worried about downloading -any- versions of AOMD now, and the thought of mission shopping without any version of it makes me rather ill (the AO interface is horrid, or I wouldn't have used AOMD to begin with).
Anyways, I invite any and all responses. Maybe someone can read the above and come up with a more likely source for how someone got my password given the facts I've presented. I do believe my analysis and conclusions are pretty logical though.
If someone cares to investigate, and needs more information (such as my Ctrl-Alt-Delete process list, registry entries, etc.), I will be happy to oblige. I won't reformat my hard drive just yet in order to leave such investigation open to possibility. I just won't enter any personal information that I haven't already entered since I became aware of the packet transmitter.
Crychton
67 Engineer, Rubika2
Qwinn Bladesmith
40 Paladin, Master Weaponcrafter
DAOC, Percival Server
P.S. By the way... assuming for a moment that packets are only being transmitted when I have AOMD up and running, would an antivirus program even find a problem? If it tried to set itself up as bootable, maybe, but if it's only working when I run AOMD I wouldn't think any virus software would catch it.