09-08-2006, 02:32 PM
This is something that is hitting a lot of people right now, and has affected at least two of our members. The Blizzard post regarding this is here:
http://forums.worldofwarcraft.com/thread...1914&sid=1
Essentially, this is coming from a vulnerability in internet explorer from allowing ActiveX controllers to automatically run certain scripts. It downloads a file called SVCHOS.exe (note, not SVCHOST.exe, which is a normal windows function) and adds it to your startup scripts, so it wont run until the next time you boot your machine. At that point it begins logging keystrokes and transmits them to the hackers.
It is currently being run when people click on certain links from the world of warcraft boards. I am told that if you run updates for windows and internet explorer it can correct the vulnerability, as this was a patch from a while back. This will not affect macintosh users or anyone using Firefox or Mozilla to browse. You can also disable activeX scripts in internet explorer from the Internet Options, Security menu under Tools.
You can run your windows updater from the star menu, likely the one of the top options "Microsoft Update".
Edit: I am also seeing reports that it has come from people downloading certain obscure mods (specifically one for the C'thun fight). I recommend against excessive modding, and only sticking to very well known ones that are used by a lot of people, and then only getting it from curse-gaming or that mods original site.
http://forums.worldofwarcraft.com/thread...1914&sid=1
Essentially, this is coming from a vulnerability in internet explorer from allowing ActiveX controllers to automatically run certain scripts. It downloads a file called SVCHOS.exe (note, not SVCHOST.exe, which is a normal windows function) and adds it to your startup scripts, so it wont run until the next time you boot your machine. At that point it begins logging keystrokes and transmits them to the hackers.
It is currently being run when people click on certain links from the world of warcraft boards. I am told that if you run updates for windows and internet explorer it can correct the vulnerability, as this was a patch from a while back. This will not affect macintosh users or anyone using Firefox or Mozilla to browse. You can also disable activeX scripts in internet explorer from the Internet Options, Security menu under Tools.
You can run your windows updater from the star menu, likely the one of the top options "Microsoft Update".
Edit: I am also seeing reports that it has come from people downloading certain obscure mods (specifically one for the C'thun fight). I recommend against excessive modding, and only sticking to very well known ones that are used by a lot of people, and then only getting it from curse-gaming or that mods original site.
Kosath Whitehorn
"The Tribe is my weapon. I am their shield."
"The Tribe is my weapon. I am their shield."