Hey guys, I am shocked and puzzled as to how this have occurred.

Let me explain what happened.

I have purchased a script from Aligndude from Sythe who is confirmed to be Mat from Villavu. I have in no solid evidence that Mat did hacked me, just explaining how I ended up like this.

This is the link to his selling thread on Sythe http://www.sythe.org/showthread.php?t=1347787

The script worked like a charm and it was all good for a week then just today something very interesting happened. This script gave some command to auto-shut down my pc and with it, took contorl of the Smart Manager and hacked my bank.

The pin was useless as the hacker has direct access to the bank like it was botting.

Now, I also have some details about this. When Mat sells any script, he would have his customers create a new account on his own Website. This is the link
http://www.matsscripts.co.uk/

And here is a portion of the script which requires users to key in their account info of Mat's website.


Const
UserMs = 'Key in MatsScript user here';//www.MatsScrits.Co.Cc User
PassMs = 'MatsScript Pass here';//www.MatsScrits.Co.Cc Pass
Pouches = True;//Pouches?
AirStaff = True; //Using a Air Staff?

With it, the script needs to have this website's user and pass to even run. I do believe that he uses this to hack into his customer.

Now, I need some help if Mat may have done it or is it someone have found a way to compromise the Smart Manager.

So you're saying you used the same password on the website as you do for RS? If so, that's a pretty foolish idea.

If you PM the script to someone knowledgeable they can surely let you know if there is any malicious code included.

I'd PM mat on Sythe/SRL and talk to him about it first.

I'm pretty lost on what you are saying.
1) Script shut down your PC?
2) Script took control of Smart Manager?

If your PC is shut down, how did that happen?
Also smart manager (as far as I know) just manages opening/closing simba/smart no actual interaction with runescape itself.

Also how do you know it was the script/smart manager that did this to you? Did you see it happen or something? How do you know if wasn't something else you downloaded?

Also, if you go to C:\Simba\Includes\SRL\Logs\IPLogs it will show an image of ever IP address logged in (assuming you let simba log you in, not logged in manually).

Have you recovered the account? If so, did you take note of the last logged in IP address?

For starters, I did not use the same password one his website as my Runescape one.

I also did not enter any account information or bank pin into his script.

Here's a more detailed explanation.

I ran the script like every other normal day and it worked for 1 hours. Until then, my pc just Auto-shut (Like Force shutdown) down on its own. Interestingly, the Smart Manager was the last thing I saw before my screen went blank.

My character was in Castlewars at that time I was shut downed. During this period, I tried re-starting my computer and it just auto-shutdown like 4-5 times. It was until 5 mins later then I was able to get my computer back to normal. [Did nothing as I cannot access anything. It shut me down in 10 seconds whenever I got to my Desktop.]

When I logged back in Runescape, Alas, I was standing in the G.E with the bank hacked, even with a pin.

------

EDIT: my comment was not taken as i had intended it to be. i wrote it in a harsh manor, thus now that i am awake, i have decided to remove it. all i wanted to do was show that there is little accountability with paid scripts on other sites, and this could lead to events such as this. i am sorry if my original post offended anyone

I don't think Simba (when running SMART/Targeted to RS) can do anything outside of it.
But it IS possible that the script shut down your computer, sure.

Seeing Smart maanger last means nothing really. When you shut down with programs still open, windows just closes them all for you before shutting down, that was just 'luck'/random that smart manager happened to be last.

As for not being able to turn your computer on for an extended period of time, that for sure is not the work of simba. Sibma does not/can not auto start, open a script, and run it or block your computer from turning on at all. That is not the work of simba.

That is however pretty damn odd behavior, not being able to have computer on at desktop for over 10 seconds... sounds like you've downloaded something else malicious which may have caused it.


x3500;1013928']If you dont know how to script, why do you use a script that only the author knows wats in it. you put your full faith in the author of that script, and these things can happen when you do that. i am not saying that the script was malicious, im just sayin you are stupid for buying a script w/o knowing what the hell is inside of it. learn to script and this would never happen. many people here are willing to help, and there are tons of tutorials. the only thing holding a leecher back is laziness.

now this occured on sythe, so nothing should happen to the person on this forum. srl does not promote nor encourage script selling/buying. why are you posting this on these forums?

Meh. Do YOU know the code and exactly how ever program you use/buy works? Nah. He bought it because it was a product he was interested in, and the person seemed (and probably still is) treatable.

Yeah script selling is not allowed/condoned at SRL, but if a member at SRL is scamming elsewhere, action should be taken here at SRL too to stop it.

I am certain this is a rat. the guy shutting you down so he has time to get everything from you bank, not denying that this could have been matt, but i think that guy would already be rich enough to not even waste his time hacking peoples accounts.

x3500;1013928']If you dont know how to script, why do you use a script that only the author knows wats in it. you put your full faith in the author of that script, and these things can happen when you do that. i am not saying that the script was malicious, im just sayin you are stupid for buying a script w/o knowing what the hell is inside of it. learn to script and this would never happen. many people here are willing to help, and there are tons of tutorials. the only thing holding a leecher back is laziness.

now this occured on sythe, so nothing should happen to the person on this forum. srl does not promote nor encourage script selling/buying. why are you posting this on these forums?

So you are saying if a member here is hacking accounts on another site, we should allow him to continue to be a member in our community? That doesn't make any sense. I am in no way saying Mat's script has any malicious code, just hypothetically. Also, an overly aggressive post like that is not going to make him want to learn scripting any faster.

But on topic. I would think that the script could shut down your computer once, but wouldn't that terminate the script and prevent it from continuously restarting the computer?

I truly appreciate all the responds and help I have been getting. I do admit that I should have learnt scripting myself and this is a lesson learnt the hard way.

I am sorry that I have broken some rules on this forums but I just need some tips from the experts as to how did this happened. As for downloading something malicious, I've only downloaded an SPS file and a Version 4 of the script from Mat's site.

Thanks once again for all the help I have received.

Most of us/I'm saying we don't think its Simba/anything Simba related.

Simba can possible shut down your computer, but it definitely can't continuously shut it down/keep from you staying on it.

Dude that is for my server to allow scripts to go online if a mod want to see my script they can do..
I do that to help stop people passing it round, I can show you my user lists if you want to see them and see my databases and what im storing if you want, do go accusing me of stuff that I am not doing!
The Script never shuts down ur pc.

Most of us/I'm saying we don't think its Simba/anything Simba related.

Simba can possible shut down your computer, but it definitely can't continuously shut it down/keep from you staying on it.

Alright! Thanks for shedding some light into this matter.

I am just cracking my head as to how this can happen...

Dude that is for my server to allow scripts to go online if a mod want to see my script they can do..
I do that to help stop people passing it round, I can show you my user lists if you want to see them and see my databases and what im storing if you want, do go accusing me of stuff that I am not doing!
The Script never shuts down ur pc.

I am sorry if I sounded harsh to you but you are my only suspect in this case, unless someone have found a way to do this...
I am glad that you responded here too, I mean no harm to you.

GodGensis.

All your UserMs and PassMs is to allow the script to login to my server. Thats all.
And also where is the proof that I hacked you? Making Slanderous comment which is deformation of character which is a crime in my country So you will show me your solid proof it was me, Also I can show everyone Mod+ All my files that have script link outs and they can see they are doing nothing. About your Account!
Also, I have over 40 users all using the scripts.
Also what is the IP the mods can check against me.
E:And show them the webpages taking the information.

I really dont think Matt would do that. I dont even think IF he could do that.

Maybe run a scan from malwarebytes?

You have propably RAT ,you should scan your computer.
Mat has nothing to do with it.

I really dont think Matt would do that. I dont even think IF he could do that.

Maybe run a scan from malwarebytes?

Yes I have and there was no malicious threats been detected.

I can 99.9% promise you it was a RAT. I've seen Mat's code, I've deobbed it, and there is nothing malicious in there. The Username/password that you send in the code is only so it can connect to his server, grab values, and go on.

I'd reformat your computer, RATs are not detected by AV software.

Propably java FUD

Yes I have and there was no malicious threats been detected.

Use MalwareBytes Anti-Malware (http://www.malwarebytes.org/)

Also download Advanced Task Manager (http://www.innovative-sol.com/taskmanager/)

Alright thanks guys!

A mod can close this now. I am convinced that Simba does not play a role in here.

And Mat, I am sorry about my accusation.

I can 99.9% promise you it was a RAT. I've seen Mat's code, I've deobbed it, and there is nothing malicious in there. The Username/password that you send in the code is only so it can connect to his server, grab values, and go on.

I'd reformat your computer, RATs are not detected by AV software.

Concurred, what you discribed sounds 100% like a rat. As Kyle said reformat and change all your passwords.