Author: Cyrix
7,836 Views
6 Comments
|
First, let me explain what happens. You're surfing the net, browsing til your heart's content. Only trusted sites, ones you've been to millions of times. Maybe a malicious posting has been made, maybe a pop-up to generate revenue for their site has been added. Regardless, something new has occured and your system has just had a keylogger stored in the background. Most keyloggers are quiet. Ones that are related to World of Warcraft are VERY quiet. You can watch your resources, check your running programs, it will not show up.
Here's how to be safe.
1) If your anti-virus software*** is blasting you about trojans, clear them out, ENTIRELY. Run virus scans and spyware scans regularly (not all work because something of these loggers are homemade and fairly new).
2) Open up your processes menu (hit ctrl+alt+del and click the processes tab). Sort them by username (click the Username column at the top). Look at everything being run by you (or the currently logged in user). Notice anything strange? End any processes that you see that are not recognized. Do NOT end TaskMgr, explorer.exe, or run32.dll.
3) Open WoW. If you use the launcher, you'll notice Launcher.exe in the processes. This is normal. Ignore it. Click play.
4) This works best in windowed mode, but you can always alt+tab out or hit the windows key. Here's the sad part. You will notice wow.exe. That's a good thing. You may also notice another strange exe running. For me it was max.exe. End process the weird exe. If it closes World of Warcraft, it's a good indication that it's a key logger tied directly to the game. It may not close the game, but it's still a good idea to run a google search on it, just in case. E-Trust EZ Antivirus's website had Max.exe listed as a malicious Spyware/Trojan related file.
5) Once you have found bad file, open up the start menu, and go to "Search" then to "Find file or folders". Click files or all files and in the search criteria bar, type in the process's name. Max.exe came up listed as a prefetch (max.exe.prf98732.pfc) in my C:windows directory. This is BAD!!! It means that it waits for a specific file to be ran, then it runs. In this case, WoW. Delete it, RIGHT THERE. Change your password immediately, and without logging in, run virus scans and spyware scans again. Some people may even choose to format the computer.
***: Keep all virus definitions and spyware software UP TO DATE!!!!
This is the best way to rid yourself and play it safe. It takes very little time to get this done to you. I logged in at 10:00 AM EST and was hacked by 12:00 PM EST the same day. THAT'S 2 HOURS!!!
What to do in case you get hacked:
1) Call 1-800-59-BLIZZARD (1-800-592-5499, there are no Z's on a normal keypad). This is Billing and Account Services. You'll be on hold for a few minutes, depending on current time (they are PST). I was on hold for MAYBE 5 minutes. Tell them your account has been compromised and they will ask you a few questions and get your password reset, and a log started on the matter.
2) Once logged back in the game, and onto your character. Click the in game help icon (the question mark on the menu bar), and click on the contact a gm button. This is a character problem, so click the character category. In the field, type in your character's name and server, then tell them you have been compromised and your equipment has been taken.
3) Wait... A GM will contact you shortly. Took 10 minutes to get to me. They are very helpful and nice about it. They'll ask questions and field your questions. Watch your in-game mail and your e-mail, they'll be sending you information.
4) This may or may not occur for you. My account got banned. It's a TEMPORARY DISABLE. They do this to insure the hacker is not the one contacting them. They will then send you a document to fill out that requires a special photocopying step that I will not go into, as the documents and procedures are supposed to remain as secretive as possible.
5) Once all these procedures are done, they will unlock your account, and restoration will proceed. The restore can take as little as 3-5 days or longer at the Investigations Department's discretion.
The most important thing is PATIENCE. Believe it or not, I was in constant contact with Blizzard, and had to wait no more than 15 minutes to be contacted by TWO live people. They are nice people, and are very willing to help, so treat them with respect.
|
