Page 3 of 3 FirstFirst
1
2
3
  1. #41
    Some reading up suggests that the trojan in this case needs the user to manually run it first.
    So it is likely masquerading as something else.
    I would treat any emails regarding beta access/patches with suspicion.
    The hearthstone beta email will contain a key, which you can then enter on the battle.net website.
    Either manually log into it, by entering the address - battle.net / eu.battle.net or via the battle.net launcher if you are using that.

    Unlike as stated in a recent email that one other poster reported, there is no need to remove your authenticator.
    I suspect that curse is not the source in this case, as it has been wrongly accused in the past.
    Quote Originally Posted by DeadmanWalking View Post
    I don't understand why we don't have flying so they tell us we will have convenient flight points. Immersion and danger? Here take some coins and fly me there while I read facebook or go take a poop.
    Quote Originally Posted by Reinaerd View Post
    T'is good to see there are still people valiantly putting the "Ass" in assumption.

  2. #42
    Bloodsail Admiral Avada Kedavra's Avatar
    Join Date
    Oct 2012
    Location
    MN - USA
    Posts
    1,189
    I will need to check when I get home, but I think im safe since i have not been anwhere questionable lately - but i guess you never knoe. I hope that it is not found to be from the real curse client or one of its addons it houses cause that would no be good...at all. not like it will have any big impact since they kinda have a monopoly on wow addons.
    “What was God doing before the divine creation? Was he preparing hell for people who asked such questions?” - Stephen Hawking

  3. #43
    Brewmaster
    Join Date
    Oct 2009
    Location
    Australia
    Posts
    1,328
    Could the source be WoWWiki again? That website does have a history of inadvertently disseminating wow-related malware through advertisements...
    Quote Originally Posted by Endus View Post
    There's nothing wrong with Keynesian theory.

  4. #44
    I did every step but when I ctrl-F I can't find the Disker/Disker64, is that a bad thing or a good thing? Does it mean I don't have the virus then?

  5. #45
    Quote Originally Posted by Anviella View Post
    I did every step but when I ctrl-F I can't find the Disker/Disker64, is that a bad thing or a good thing? Does it mean I don't have the virus then?
    If its not there after you have been on wow you do not have the virus.

  6. #46
    The Lightbringer Tharkkun's Avatar
    Join Date
    Oct 2008
    Location
    Minnesnowta
    Posts
    3,277
    Quote Originally Posted by Avada Kedavra View Post
    I will need to check when I get home, but I think im safe since i have not been anwhere questionable lately - but i guess you never knoe. I hope that it is not found to be from the real curse client or one of its addons it houses cause that would no be good...at all. not like it will have any big impact since they kinda have a monopoly on wow addons.
    If its the official curse client then all 3 of my computers would be infected. So it's either a rogue client or something else. Things like outdated Java and Flash are more than likely the culprit to be honest.

  7. #47
    Stood in the Fire Sketchy's Avatar
    Join Date
    Oct 2010
    Location
    Wet Coast, BC, Canada
    Posts
    483
    Quote Originally Posted by Imhere View Post
    Someone hacked blizzard and put this in their las test update me thinks.
    Don't pass along false information, this isn't a silly joke. A virus that forces you to reformat entirely is no joking matter.

    No one knows where it's coming from... It could be malicious third-party addons, it could be naughty banner ads that
    people are clicking and until we know 100% where it's from it's better to focus on helping people figure out what they
    need to do rather than grabbing pitchforks and torches and finding random witches to burn.

  8. #48
    Legendary! The Glitch's Avatar
    Join Date
    Nov 2009
    Location
    Litwak's Arcade Sunny Scotland!
    Posts
    6,138
    Quote Originally Posted by Sketchy View Post
    Don't pass along false information, this isn't a silly joke. A virus that forces you to reformat entirely is no joking matter.

    No one knows where it's coming from... It could be malicious third-party addons, it could be naughty banner ads that
    people are clicking and until we know 100% where it's from it's better to focus on helping people figure out what they
    need to do rather than grabbing pitchforks and torches and finding random witches to burn.
    I believe it is from a fake curse client, people that have downloaded and installed what they thought was the official curse client, but through ads and such when searching for it through a search engine. Not from the real curse client that is available on the real Curse website.

  9. #49
    Must admit that I've seen a lot of redirecting when on wowhead lately. So that site is suspect at the moment. If not for this then for some issues. Fed back to them last night about it. Hopefully they get it sorted.

    Thanks for the heads up about the trojan.

  10. #50
    Mechagnome
    Join Date
    Jan 2012
    Location
    8.6 LY away from home
    Posts
    700
    We all know from whom, and from where, these attacks originate. Why aren't charges ever brought against any of the gold sellers? This is a major drain on the resources of several very large corporations. You'd think something would be done or a bigger push would be made to bring these criminals to justice.

    I realize, in the end, it's jut a game. But like I said, millions, if not billions are spent combating this and related issues. Maybe obama could initiate a war on gold sellers, like Reagan did against drugs...

  11. #51
    There is an Update on this info. Curse client is to blame, its a fake client. thats not from curse at all. Most virus scaners and what not can remove the virus now.


    Our pleasure!

    To summarize for those of you that haven't read the green posts:

    -The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website. This site was popping up in searches for "curse client" on major search engines, which is how people were lured into going there.

    -At this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes. Should you still have issues, there is a more manual method that Ressie posted earlier in the thread.

    -Thanks to Ressie's efforts, most security programs should be able to identify this threat shortly, if not by the time I type this.

    -If you were compromised, follow the instructions here and we'll do our best to set everything right (as we always do).

    -For those of you interested in these MitM style attacks, this is the only confirmed case we've seen in several years outside of the "Configuring/HIMYM" trojan in early 2012 that hit a handful of accounts. These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time. Stay safe!


    http://us.battle.net/wow/en/forum/to...92?page=10#189
    Last edited by Noix; 2014-01-03 at 10:26 PM.

  12. #52
    Maybe they'll reactivate my account again like they did last time I got hacked.
    blah, new sig... something something

  13. #53
    Legendary! The Glitch's Avatar
    Join Date
    Nov 2009
    Location
    Litwak's Arcade Sunny Scotland!
    Posts
    6,138
    Also a Blue poster here on MMO champ forums opened a thread earlier with info.

    http://www.mmo-champion.com/threads/...urity-software

  14. #54
    The Lightbringer Tharkkun's Avatar
    Join Date
    Oct 2008
    Location
    Minnesnowta
    Posts
    3,277
    Quote Originally Posted by greysaber View Post
    We all know from whom, and from where, these attacks originate. Why aren't charges ever brought against any of the gold sellers? This is a major drain on the resources of several very large corporations. You'd think something would be done or a bigger push would be made to bring these criminals to justice.

    I realize, in the end, it's jut a game. But like I said, millions, if not billions are spent combating this and related issues. Maybe obama could initiate a war on gold sellers, like Reagan did against drugs...
    Just like the war on drugs, the war on gold sellers is not done in the USA. They are mafia style underground organizations and unless their local governments actively help us it will continue to be a cat and mouse game. If Russia and China will provide asylum to Edward Snowden then they sure as hell won't care about gold selling.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •