Unbelivable that people allways try to destroy the game for others.!
http://forums.wow-europe.com/thread.html?topicId=31483341&sid=1
dont know what to say!
Hmm.. Was this what happend to Shadowelf?
Important information......
Read the thread I may happen to you....
http://aszune.xsa.ch/forum_posts.asp?TID=6770&PN=1
CG stand for Curse-Gaming site.
Posted yesterday, and since just about every thing has the problem, id sujest ppl not DLing any UI mods atm <_<
Think so, but he got hacked 9 times or something.
well i've became a victim, of this as well, and neither norton av or avast av have detected anything foul on my system, check for svch0st.exe but none, so not sure where or how i got it since i've not done any ui mods or visited either site for a while but *shrugs* beware peeps.
Just advice you as other peeps have said dont if u have to update any UI mods and change your password asap.
As naked chars isnt funny, whats worse is the :ranting2: mofo that got into my account delted too of my 60 toons damm them!
*prays to god a gm can fix this*
:boxing: chinese farmers
(ps i dont hate chinese just chinese gold farmers)
Do what I do. Save your password to a notepad doc or something, and just copy and paste it in everytime, if its a keylogger, wouldnt it just see what is actually pressed on the keyboard not copy and pasted? :P But yeah.. it sucks, happened to one of my good RL mates last night (Dalto) pretty shitty tbh.
SoG have seen 3 members now affected by this type of hacking. All 3 had their accounts stripped bare and all their hard earned epic gear & gold disappear. Be careful out there folks.
TL.
Ads there have been shown to be using a vulnerability to deliver a trojan to your system.
If you have visited recently, check your processes for svch0st.exe and g0ld.exe and also scvhost.exe
Those are the main processes the trojans have been using.
Supposedly this will be fixed soon, but due to the nature of the attack itself, i wouldnt and wont trust the site for some time yet.
DO NOT GO TO
ui.worldofwar.net
(see i didnt make a link) its F....d
linked off http://aszune.xsa.ch/forum_posts.asp?TID=6737&PN=1 for more information
thinks to delete if you have them!
svch0st.exe
g0ld.exe
scvhost.exe
Be suspicious! When you extract an addon package check its content for executable files.
They can appear to users to be useful or interesting programs. Avoid opening files with extensions such as .bat, .exe, .com
besites if you ever had a ingame wisper, ore mail about money selling website's. REPORT IT TO A GM, these are suspected to be the once to do this and sell you the money. with your one gear that got DEed. (not sure about this though)
----------------------------------some help to delete the crap-------------------------------------
Just killing them wont make much difference, you have to run uber spywear/virus scans on your pc, and quick.
One thing through is to disable your system restore. There isnt much point in removing nasty programmes if windows has a backup >.>
Enable it again after you have got rid of everything.
If your various scans dont pick anything up (even through you found the proccesses running) then you can try going to :-
Start
Run
regedit
once your in registery edit click on the 'edit' tab and go to 'find'. type in svch0st.exe or g0ld.exe or scvhost.exe... whatever you found running and hit 'find next'.
If you find it, delete it.
Keep hitting 'find next' untill there are no more results.
Then go to
Start
Find
and search for it again - all files and folders including hidden ones etc.
Same goes, find it delete it.
This is just part of what i did after finding something in my registry, although please note do not remove random stuff from your regisery just because you dont know what it is, only remove the things noted above. You can do major damage to your pc especially with the system restore turned off.
If in doubt, give someone a call that is really good with computers. Hope this helps!
-----------------------------------------------------------------------
hope this helps a bit
Quote from: Sinap;152254Do what I do. Save your password to a notepad doc or something, and just copy and paste it in everytime, if its a keylogger, wouldnt it just see what is actually pressed on the keyboard not copy and pasted? :P But yeah.. it sucks, happened to one of my good RL mates last night (Dalto) pretty shitty tbh.
i wouldnt recomend saving any PWs on your drive, but if your sure your comp is save set wow to save the account name, then they only get a password, and not the account name, making it useless.
Whats fun 'bout this... Sigh if I could get me hands on the *******s. :ranting:
Quote from: Bastet;152453i wouldnt recomend saving any PWs on your drive, but if your sure your comp is save set wow to save the account name, then they only get a password, and not the account name, making it useless.
Yep, save the account name, and I hid my password pretty well in amongst another random word document :P
hmm.. I just checked my processes and I got like 7 different scvhost.exe thingies running.. But I got no idea which one of em to delete.. They doesn't show in neither search nor registery.. I have always used the 'save account name' option and so far nothing have happend.. but if that exe-file is what they use I wouldn't mind getting rid of it soonish..
EDIT: just read through the aszune forum, and I quote "svchost is fine, you have lots of them running under all kind of identities as normal in windoze XP. Thats why people have chosen to disguise the trojan as something similar you wont notice."
so its the svch0st.exe thats the corrupted one and Im free of thieves atm..
Quote from: Nefertem;152524hmm.. I just checked my processes and I got like 7 different scvhost.exe thingies running..
I assume that was just a typo, cause if you really have 7 s
cvhost.exe processes running, you should be worried.
svchost.exe is just fine, scvhost.exe and svch0st.exe are nasty stuff :smile:
Don't know much about keyloggers, but couldn't you hit a few keys before targetting the password field to fox it?
Quote from: Maus;152566Don't know much about keyloggers, but couldn't you hit a few keys before targetting the password field to fox it?
But then you have a load of random letters in your password and to delete em you need to erase which they can probably see when you press the delete button, dunno though, not a Keylogging expert myself here either.
Quote from: Maus;152566Don't know much about keyloggers, but couldn't you hit a few keys before targetting the password field to fox it?
Keyloggers are very simple programs that do
exactly what the name says: they log
every keystroke you make on the keyboard. If that keystroke is a letter, a number, some kind of control/function key doesn't matter.
Of course this will generate quite a lot of data, but it's not hard to make programs to filter out what you want. And if you know what to look for it isn't too hard either.
The things you can do to prenvent this, is to keep at least a sowftware firefall running (can reccomend ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)) and be suspicious about what you let through it.
Using the "remember my username" feature as mentioned by Bastet isn't a stupid thing either, but getting hold of your username isn't most likely too difficult, so don't rely only on this.
Also don't install any kind of silly addon you find. Stick with the well known and much used. It also doesn't hurt to look through the addonfolder before you copy it into your WoW directory: these addons shouldn't contain
any kind of executable files (.exe, .bat, .com and so on).
http://www.microsoft.com/technet/security/Bulletin/MS06-054.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx
Microsoft have released a security patches for IE for exactly this type of graphic exploit. The fixes above should help.