Virus

    Share
    avatar
    Kualija
    TC's Sheep
    TC's Sheep

    Posts : 232
    Join date : 2013-07-15
    Age : 57
    Location : Central Illinois

    Virus

    Post by Kualija on Thu Jan 02, 2014 8:59 pm

    Trojan Threat
    Originally posted by Blizzard (Official Post | Blue Tracker)Collapse
    Blizzard

    Hello,

    We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.

    If your account has been compromised recently, I'd recommend looking for the Trojan. It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either "Disker" or "Disker64". It will usually appear like this:

    Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
    Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup


    We are currently looking for more information on the Trojan. We have not been able to locate any anti-virus programs that will remove it besides just reformatting your system. If you have been recently compromised and find it on your system please reply with the following pieces of information.

    Your MSInfo.
    A list of any addons you recently installed along with where you got them.
    A list of any programs you recently installed along with where you got them.
    Any security programs you have run and their results.




    Official Blue Post Here
    avatar
    Loki
    Diabeetus
    Diabeetus

    Posts : 111
    Join date : 2013-06-27
    Age : 28

    Re: Virus

    Post by Loki on Thu Jan 02, 2014 11:08 pm

    I wonder where people are getting it. I imagine it's from a specific website / addon, but I really wonder which one. I'm just glad that I don't download addons very often and am pretty in tune with what's on my computer.

    As a side note, I'm not sure why they tell you to go to your MSinfo, msconfig for non windows 8 users actually allows you to control what is running at startup where MSinfo just shows you the stuff (at least on Cool. For windows 8 users, to control that you can just do msconfig > startup > the link they have OR ctrl + alt + delete for task manager and then go to the startup section. They moved what used to be in MSconfig to there in windows 8.

      Current date/time is Sun May 28, 2017 5:42 am