help, account has been hijacked

Live forum:


04-11-2004 21:04:03

OK here's how it goes

I clicked (even though I don’t remember) a link of a file that auto extracted itself into my c\windows\system32 folder and camouflaged it self along with its most of its decencies as “iexplorer.exe” I have intercepted this files and quarantined them so that it will not execute, however it logged every website, every keystroke, and it took pictures of my screen. I feel violated and I want justice to be served however it is very difficult to do this on the internet. This person broke into most of my accounts I have (Gmail, PayPal, Yahoo and my account on http// I have proof that he did this. How ever my conclusion might not be 100% accurate but it is true. I have included logs, pictures and files for verification.

He first got my computer to upload all the logs that the key logger had made for the day or whatever it was set to, this program connected to an ftp server (ACCESS,2004/11/03,033104 -500 GMT,iexplorer.exe was blocked from connecting to the Internet (,N/A,N/A) the criminal created an ftp account on so that he could not be tracked. I then tried to log in to my http// account ( only to find that that the user no longer existed, I could understand this, I think went to my referral link to find out that someone other than me has changed the account email= and password. The referral link for my account is http// , it is no longer registered to and password. The referral link for my account is http// , it is no longer registered to but to , I have no idea who this person is, what I do know is that someone change the account information without my authorization. I tried emailing centric about this problem but the email simply bounced back.

When I though I had this the worse of this attack my brother tells me that he has seen unauthorized payments being sent to from his account, I immediately took action and tried to cancel those payments but it was too late, I called paypal and they simple cancelled the subscription he will get his money back they said but he has to sign an some documents first, nevertheless I have included on this posts various Pictures, Logs, etc.. That proves that this is true. I cannot include the logs of the keystrokes, WebPages and pictures taken by the program for my own protection. Note that I did not have a firewall when this spyware was installed into my machine other wise I would have known what was going on, until I found some strange file that should be where it was (iexplorer.exe on c\windows\system32\, this file is never located there it is located on c\progra~1\internet explorer and the file size where no where the same plus the true file is IEXPLORE.EXE, I only noticed this because this key logger crashed now and then and it became suspicious to me and as you can see the logo of this file is not the one of internet explorer itself (IE has an E where as this file has a movie strip thing as the icon).
I tried emailing the email that was registered on my mp3 account, I DID GET A RESPONSE, he said that he had no idea of this ( i dont beleive him) i have included logs of this aswell along with the ip from where the email was sent from.)

I would highly appreciate if someone from Centric can help me and get my account back.

Ip blocked moments after i had disbaled the keylogger

My conclusion on how this keylogger worked on my computer and how it reported back to the attacker


05-11-2004 07:08:51

Lesson 1 Don't download RANDOM SH!T

FACT If you download random shit, you have a high probability of downloading a virus.


05-11-2004 09:18:35

Unfortunately you're probably just out of luck. Other people have reported this and the response was that gratis/offercentric couldn't do anything about it.



05-11-2004 09:33:35

From the email you got back, save it and view all headers to get his IP address, (well unless he is using a proxy) and contact the police as soon as possible and they will most likely do something about it, even if it is a proxy they can track proxy logs.


05-11-2004 18:16:47

Reformat your computer IMMEDIATELY and do not go to any important sites or type your password. funnypants4u has done this to many people.


05-11-2004 19:57:57


someone has seriously gotta stop this guy.. speeddevil, is Alberto Ramirez your name or his?


05-11-2004 20:57:35

i am alberto ramirez, and my computer is fine now, i just want that account back -|