Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Blizzard Customer Support warns of dangerous Trojan [Updated]

Blizzard Customer Support Agent Jurannok has taken to the forums to warn players of a dangerous Trojan -- a virus that can enter players' accounts even if they have an authenticator. Update -- A solution has been found.
Jurannok
Hello,

We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.

If your account has been compromised recently, I'd recommend looking for the Trojan. It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either "Disker" or "Disker64". It will usually appear like this:

Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup

Jurannok
We are currently looking for more information on the Trojan. We have not been able to locate any anti-virus programs that will remove it besides just reformatting your system. If you have been recently compromised and find it on your system please reply with the following pieces of information.

Your MSInfo.
  • A list of any addons you recently installed along with where you got them.
  • A list of any programs you recently installed along with where you got them.
  • Any security programs you have run and their results.

Support Forum Agent Kaltonis has also confirmed that this applies to both mobile and key fob authenticators, and nor is there a way to spot it before it goes live, yet. In the meantime, if your account has recently been compromised, look for the Trojan. And if you should discover it, exercise extreme caution.

As Jurannok says, they haven't yet found an anti-virus program that will remove it. And, of course, a trojan such as this could compromise your online security in many other ways outside your WoW account. In the meantime, do your best to stick to the account security advice given by Blizzard. It can't hurt.

There is not currently any advice from Blizzard on what to do about it, with the exception of the note that the only way they have found to remove it is to re-format your system.

Update -- A solution has been found.

Filed under: Account Security

Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories

Joystiq

Massively

Engadget