1. #1

    Looking for Help with Malware Removal

    Hello all. I have been having some serious issues with what I believe to be malware/malicious software on my computer. About a month ago my WoW account was compromised (hacked), and I received warning saying that my gmail account had received suspicious log in attempts. After running scan with AVG and MalwareBytes, both yielded nothing, so I decided to do a clean install of windows for a guaranteed solution (my computer is very new and I mainly just had WoW, Skype and Ventrilo installed, so it seemed like a relatively simple solution.)

    Well yesterday I wake up to find that my account had been hacked again. I might add that I have a mobile authenticator, and somehow this is still happening. Anyway, I perform an account recovery and get back my items/characters and begin to perform more scans. I used AVG Free Scan, Spybot Search and Destroy, Super AntiMalware, and Malware Bytes. Every single one found no threats. I also downloaded HiJackThis and posted my logfile on Tech Support Guy forums yesterday, but no one has responded. Anyway, today I receive another e-mail from blizzard saying that multiple individuals have provided sufficient evidence that the account belongs to them, and that they are locking my account until they are able to determine who the account is properly registered to (me.) So I am kind of in a panic.

    The main parts that confuse me:
    How was my WoW account hacked through an authenticator?
    How did the malware seemingly persist through a complete reinstallation of Windows 7? Or did I somehow procure the malware again?
    And of course: how do I get rid of it if nothing seems to detect it??

    Anyone who can help I would be so grateful, I have no idea what to do at this point.

  2. #2
    I am Murloc! Cyanotical's Avatar
    Join Date
    Feb 2011
    Location
    Colorado
    Posts
    5,312
    a root kit can persist through HDD wipes, but rootkits are extremely rare (you have better odds of getting struck by lightning after winning the lottery) and they are stealthy enough to bypass pretty much all AV programs

    but, i would guess that your phone has malware
    Last edited by Cyanotical; 2012-11-16 at 11:58 PM.

    i7-4790K | Z97 Class. | 8GB DDR3-2133 | GTX-690 Quad SLI | RAIDR | 512GB Samsung 830 | AX1200 | RV05
    Dell U2711 | Ducky Shine3 YoS | Steelseries Sensei | Xonar Essence One | KRK RP8G2s

  3. #3
    I've had boot sector viruses, trojans that were identifiable with Spybot - it just couldn't fix them. I've actually had 2 of them, and Spy bot both times found them. YOu didn't actually say you formatted your HD. You need to do that if you haven't. It's possible that your old computer was compromised around the time you got the new one. Either way, whoever hacked it, has your information. The fact that it got compromised again means nothing in regards to the safety to your computer. One compromise was enough and it allowed them to reset your information as many times as they want. It says right in your post "Blizzard sees multiple party's claiming to have ownership."

    Whatever you do, get a real authenticator. These new fuckin Google phones are so much like computers they are susceptible to malware too. Don't use the same password for your Gmail and your WoW login etc...

    Format your HD
    Reinstall Windows
    Buy an authenticator
    Get account back = profit

  4. #4
    I am Murloc! Cyanotical's Avatar
    Join Date
    Feb 2011
    Location
    Colorado
    Posts
    5,312
    also, did you change your password and mobile authenticator after blizzard was hacked?

    http://us.blizzard.com/en-us/securityupdate.html

    i7-4790K | Z97 Class. | 8GB DDR3-2133 | GTX-690 Quad SLI | RAIDR | 512GB Samsung 830 | AX1200 | RV05
    Dell U2711 | Ducky Shine3 YoS | Steelseries Sensei | Xonar Essence One | KRK RP8G2s

  5. #5
    May want to call Blizzard instead of relying on emails. Did you check to make sure the emails aren't a phishing scam?

  6. #6
    Mechagnome RaZz0r's Avatar
    Join Date
    Dec 2009
    Location
    sweden
    Posts
    518
    tbh the emails your getting sounds like scam i get several emails every day telling me that i need to prove that im the correct owner of the account etc like this for example

    http://i.imgur.com/QBESF.png

    and this

    http://i.imgur.com/SD0vB.png

    the look legit but if you look in the bottom left you can see that the link in the email leads to a non official site
    witch will steal your account info and or install a keylogger on your computer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •