Kaspersky? Yeah, give your data to Russian Intelligence instead of the Chinese =)
I use AVAST! It’s free and good as far as I can tell.
Looks like you got a keylogger that searches for certain types of entries and forwards them on to somewhere else. Often China it seems. I’ve seen loggers listed on the net which grab passwords for QQ, MSN, Ebay, a selection of games, and some of the bigger asian banks, but if you’re lucky, not your bank and other personal sites.
Good luck!
Reformat, and, if you have backups and can’t pinpoint when you got trojaned, be very careful about what you restore from backup. Only restore data files (documents, MP3s, savegames, and such), being careful only to restore things that you recognize as having been created by your direct action. Do not restore anything executable from backups. Restore programs by reinstalling them from original media or redownloading them from sources you’re certain you can trust. After everything is restored or reinstalled scan with Kaspersky’s free online scan (at the least, if you don’t have a good antivirus program you can install) and Spybot.
Understand that malware writers are doing more in kernel space every day, and that, therefore, traditional antivirus solutions become less effective and trustworthy every day.
If you can’t use different passwords for every account you have, at least use different passwords for different classes of things, like message boards vs. game accounts vs. bank accounts vs. online shopping accounts.
Don’t visit guild forums or fan sites in IE. Alternative browsers are not fundamentally more secure than IE, but they are far less targetted than IE.
Say, “PC gaming is d0med, lol,” and then have a couple of drinks.
EDIT: If you’ve got one of those wonderful PCs that comes with no OS reinstallation media and instead relies on a recovery partition, do not trust the recovery partition. Once malware is in control of your system, there is no technical reason that it can’t infect your recovery partition so that you reinstall the malware when you reinstall the OS. (Even if no one is doing this yet I’d bet real money that they will be soon.) Use a trustworthy CD or DVD to reinstall the OS, even if you have to buy one.
Another thing about routers is that a lot of them have firewalls built in, and they are better than the Windows firewall, but yeah, definitely get thou self behind a router! Best Buy has the Linksys G one on sale this week at $49.
We had it happen in our guild, too. I’m guessing one of the major mod sites is unknowingly hacked and putting this keylogger onto people’s machines. The fellow who it happened to had downloaded Cartographer and Auctioneer from Curse Gaming recently.
We still haven’t gotten the stuff back that was in the guild bank as far as I’m aware.
I guess guild banks are a virtual gold mine for these people, I wonder how long they will be around if Blizzard doesn’t make good on the thefts.
You can try the TrendMicro House Call for a quick, free, online scan to see if you have a virus. Because it’s Java in a sandbox, I think the virus can’t access an executable to mess with it (such as with Norton or whatever else).
Also, A-Squared is a free trojan scanner.
You can try the TrendMicro House Call for a quick, free, online scan to see if you have a virus. Because it’s Java in a sandbox, I think the virus can’t access an executable to mess with it (such as with Norton or whatever else).
Also, A-Squared is a free trojan scanner.
Wow that sucks!
Exact same thing happened to me a few days after I re-subbed around Halloween.
In my case it was a program especially designed to steal WoW account details I must have gotten from some website (installed automatically since I never press “OK”. I work in IT). I might have had it for quite some time but never noticed since I didn’t play WoW for close to 6 months.
I scoured the WoW technical forums and downloaded an anti-virus program called “AVG” based on their recommendation. After installation it found a few copies of that password stealing program and killed them all.
What happened in WoW:
After clearing by the WoW customer support I logged in and was greeted with a warning that I violated some rule and that if this happens again my account will be gone. I suspect the hacker was advertising some gold selling website with my account or something.
All my characters but my latest ones were there. Instead of my newest char (lvl 12 mage) there was a lvl 1 from him probably used to transfer the money.
I did delete that character without logging into it because I felt it was “dirty” (didn’t think rationally back then)!
All characters but my main (lvl 70 rogue) were naked and all shit gone besides quest items and other things not vendorable (like the ZG bracers for rep). I suspect it was some script since the items that were not sellable were wildly scattered in my bank slots as if they never have been moved). Various characters had items / gold from the AH in the mailboxes (expired auctions returns).
My lvl 1 characters used for “banks” were totally empty. Everything was gone (Cloth, bars, gems, potions etc.)
My rogue was used for PVP since some marks from “Eye of the Storm” were on it. I never been there since I hate PVP.
No respecc to PVP though.
Blizzard said I should contact a GM in-game to start getting shit back so I opened a ticket. That one was hanging for 1 hour until it was escalated with a note that only some special GMs would be able to help. After waiting for 3 hours I logged out.
Next day I found an in-game email saying that I need to be online when they will try to restore items. I opened a ticket again and this time after around 2 hours I was contacted by a GM. After making sure I had enough bag space / getting some bags back he did restore tons of my items (I keep most of my weapons even back from MC / ZG and other stuff).
I then had to logon some of my other characters and each one got stuff back. At the end I got around 4000g back (the amount I had in gold on my chars). Low level char items were not restored though.
The GM was very friendly and professional. I was not blamed for my mistake and I was very happy getting stuff back (mainly quest rewards like fishing poles that otherwise would have been impossible to get again). Basically all quest rewards and soulbound items are back but not consumables and other stuff like plants or pots.
Seems they can’t restore them or didn’t bother (which is ok for me).
Some items were allocalated to the wrong char (bags mostly) but that was ok as well since I could sort it out myself.
Overall a pleasant surprise in customer support. Might have helped that I was calm and friendly as well since I couldn’t blame anyone but myself.
I assume the hacker got about 5000g-6000g from my filled account and probably hit a jackpot in his eyes. Also I had the feeling he had fun playing my nicely geared rogue in PVP which probably saved my items on that char. I think it might have been a good idea to log on that new char because maybe there was still shit on it that he couldn’t sell or were returned but I didn’t think about that back then.
Anyways I’m able to play WoW again and level my warlock to 70 so all is good. I learned a lesson and will have anti-virus up now for good.
Hope you get a speedy recovery, too by Blizzard.
I have a router + Zonealarm and I still got hit.
I don’t reckon we’re seeing hacks in downloads. Injected malware into websites I think. There was a common exploit of some version of forum software I heard about, and if you were running IE when you browsed it, you were stuffed. Message: Don’t blame the downloads necessarily, and even the most innocent browsing might not keep you safe.
Everything seems pretty much covered here, but I would like to stress the fact that most malware comes from browsing. Best tip there is to always have updated AV and browser, and to run a firewall at all times. NEVER disable AV or FW to connect, or to download anything. Firewalls are tricky in that they take some time to tune to your needs and how you work, but better to take that time. If you don’t want to get involved, windows firewall is pretty ok. And as Jason (i think) said: Vista is a good upgrade for security reasons.
And why your banking hasn’t been affected. Could be a number of reasons, but my guess is that many target WoW because of the risk to reward ratio: security is less strict, and the risk is practically zero (for the attacker) but the reward is pretty good (you can sell this stuff for real money).
Stealing money from your bank account ups the risk a lot, but doesn’t guarantee a higher reward.
Good rule of thumb:
Never use an administrator account to play games or execute any other potentially insecure software (free demos, apps, d/ls et cetera).
In general, if you can afford one, keep an isolated machine to run financial operations and important email.
Stock up on canned goods as well.
Thanks for the suggestions all. I ran Spybot, AdAware, and PC Tools Antivirus yesterday, and all they caught was a bunch of cookies and one potential browser hijacker (which wasn’t doing anything that I ever noticed), no keyloggers. I’ll run AVG and Kaspersky today. And I am connected directly to my DSL modem – I had a router for a long time, but started plugging in directly about a year ago when I took my home network down because I didn’t need it anymore. So I’ll go back behind the router at Jason’s suggestion (I had no idea it added any security at all). And I’ll change important passwords from my work computer later today.
I still can’t figure why they’d hit just WoW, but I guess Wheelkick’s risk-vs-reward idea makes sense. It’s not like the FBI is going to come after you for my Dagger of Awesomeness or whatever. Another possibility that occurred to me is that someone at Blizzard with access (authorized or unauthorized) to password info might be selling passwords to people on the outside. Because it really does seem like all they have is my WoW info.
Hey, when you get everything squared away, make sure to send me your new WoW password. I only have your old one, at the moment.
Ha ha, I just sent the FBI to your house! Who’s stupid NOW, Sones?!?
It wouldn’t be the first time the FBI have visited my house because of you. True story!
But this time they’re going to shoot you.
Ben Sones doesnt sound like a very African-American name? Maybe it’s Latino?
Ben is the dog’s name.