Welcome
You have to register before you can post on our site.

Username:
  

Password:
  




Latest Threads
A guild games (for real this time)
Last Post: Zlinka
05-20-2020 06:34 PM
» Replies: 1
» Views: 2656
Alliance-Horde pet exchange
Last Post: Zlinka
05-16-2020 07:11 AM
» Replies: 3
» Views: 1942
Il'gynoth
Last Post: Zlinka
05-14-2020 02:51 PM
» Replies: 1
» Views: 1624
Vexiona
Last Post: Zlinka
05-07-2020 05:13 PM
» Replies: 1
» Views: 1808
Drest'agath
Last Post: Zlinka
04-22-2020 07:17 AM
» Replies: 3
» Views: 2555

Who's Online
There are currently no members online.

Keylogger scam
#1
This is something that is hitting a lot of people right now, and has affected at least two of our members. The Blizzard post regarding this is here:

http://forums.worldofwarcraft.com/thread...1914&sid=1

Essentially, this is coming from a vulnerability in internet explorer from allowing ActiveX controllers to automatically run certain scripts. It downloads a file called SVCHOS.exe (note, not SVCHOST.exe, which is a normal windows function) and adds it to your startup scripts, so it wont run until the next time you boot your machine. At that point it begins logging keystrokes and transmits them to the hackers.

It is currently being run when people click on certain links from the world of warcraft boards. I am told that if you run updates for windows and internet explorer it can correct the vulnerability, as this was a patch from a while back. This will not affect macintosh users or anyone using Firefox or Mozilla to browse. You can also disable activeX scripts in internet explorer from the Internet Options, Security menu under Tools.

You can run your windows updater from the star menu, likely the one of the top options "Microsoft Update".

Edit: I am also seeing reports that it has come from people downloading certain obscure mods (specifically one for the C'thun fight). I recommend against excessive modding, and only sticking to very well known ones that are used by a lot of people, and then only getting it from curse-gaming or that mods original site.
Kosath Whitehorn
"The Tribe is my weapon.  I am their shield."
Reply
#2
Update:

Upon reading further, it looks like you want to find any alternate of SVCHOST.exe on your computer. I have seen SVHOST32.EXE, svhost, etc. Also there was this post:

Quote:I did a little more research on the key logger I found. It installs the following files.
c:\WINDOWS\system32\bpk.dat
c:\WINDOWS\system32\inst.dat
c:\WINDOWS\system32\pk.bin
c:\WINDOWS\system32\scv.exe
c:\WINDOWS\system32\scvhk.dll
c:\WINDOWS\system32\scvr.exe
c:\WINDOWS\system32\scvwb.dll

Your filenames might be different.

I recommend visiting Blizzards computer security page here:

http://www.blizzard.com/support/wowbilling/?id=asi0462p

And this is software I installed when I had a virus a while back, recommended by Blizzard:

http://www.free-av.com/

It's slightly annoying in running updates at weird times, but otherwise seems to work well and it is free.

Finally, make sure you are actually running the blizzard launcher on startup. This is the smaller window you get where you have t o click play in the bottom right and where you get a bunch of blizzard links. Supposedly if you have this running and go to WoW.com from it, it helps detect some viruses such as this keylogger. Dont rely on it, but I know it did detect the one I had a while back. More information is available on the launcher here:


http://www.blizzard.com/support/wow/?id=aww01907p1
Kosath Whitehorn
"The Tribe is my weapon.  I am their shield."
Reply
#3
And one last thing, Blizzards FAQ on what to do if your account has been compromised:

http://forums.worldofwarcraft.com/thread...1083&sid=1

I have heard that if you update to the newest data for Mcafee it will get rid of the keylogger, but most are having to remove it manually. Formatting and reinstalling everything also works of course, if you want to be absolutely sure.

And then there is firefox. I dont use this myself, but it is not subject to the vulnerabilities that windows and internet explorer are, and will protect you from most of these things if you use it for web surfing in the future:

http://www.mozilla.com/firefox/
Kosath Whitehorn
"The Tribe is my weapon.  I am their shield."
Reply
#4
I've been using Firefox since the day I found out about it years ago. It's an amazing web browser. One of the primary reasons I switched to it was because of the security it has. Aside from that, it has really awesome functionality that makes web browsing much, much nicer. No more having to open new windows when you want to open another link for example.

If anyone isn't using it, I highly reccomend that giving it a try.
[Image: 85443.png][Image: 85444.png]
Reply
#5
Absolutely agree with Zuipol. Since I started using firefox I would never even think about going back to IE. I have way less problems with browsing, wierd things popping up on my screen, not to mention IE doing what IT wants instead of what you want it to. I love it!
Don't mess with the trees!


"I don't know the key to success, but the key to failure is trying to please everybody."

~Bill Cosby
Reply
#6
Hmm... I'm trying out Firefox, and I like for the most part except that it won't let me log into the forum! *sighs* Probably user error...
Reply
#7
It has been a long long time since i used Internet Explorer, Fire Fox is the greatest thing since the internet.

~Marie
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
This forum uses Lukasz Tkacz MyBB addons.