Getting Started
Official links and tools
PortalPortal  HomeHome  GlossaryGlossary  CalendarCalendar  FAQFAQ  SearchSearch  RegisterRegister  Log inLog in  
WARLORDS OF DREANOR - RELEASE ON 13.11.2014

FOR THOSE HAVING CONNECTIVITY PROBLEMS CHECK HERE!

Share | 
 

 Trojan horse "TR/PSW.wow.rtv"

View previous topic View next topic Go down 
Suzhou-Alex 
SuccubusSuccubus

Posts : 204
Joined : 2008-06-22
Male Age : 45
Location : Suzhou

Character in WOW
Server: maduolan-马多兰
Name: Suzhoualex
Guild: Cow Eaters

  Tue 4 Aug 2009 - 1:22  #
Hi all,

Just want to start WOW, and my AV software popped up with an alarm that the above trojan is dedected.

All of u guys who was the last days on curse.com, should check their computers.

Important is, that u update to the latest flashplayer. But u will find a lot of forum entrys about this trojan and how to remove it if u search in google.

Anyway, this keeps me busy now and I will not feel boring
bolomas 
AdminAdmin

Posts : 1726
Joined : 2009-05-12
Male Age : 33
Location : Shanghai

Character in WOW
Server: 奥特兰克-CN1(PVP) Horde
Name: Smallearth
Guild: The Crazy waiguorens

  Tue 4 Aug 2009 - 5:46  #
Hey alex, that's fun what just happened to you caus last sunday I couldn't log into wow, the game would crash just after I enter my login informations and it was a *.dll file in my temporary folder. Strange thing is that it happened right after I downloaded an addon from wow.curse.com.

_________________
When you log on a realm type "/join english" to get in touch with the community members.
WoW English/Chinese glossary (2000+ translated words) found on wow-in-chinese.jfs-web.ch
English speakers are consolidating on the same realm for Cataclysm check this thread
Suzhou-Alex 
SuccubusSuccubus

Posts : 204
Joined : 2008-06-22
Male Age : 45
Location : Suzhou

Character in WOW
Server: maduolan-马多兰
Name: Suzhoualex
Guild: Cow Eaters

  Tue 4 Aug 2009 - 7:37  #
I had on sunday (02/08) the same. Was playing until around 10AM, then I deside to update my addons and test some new ones.

My firefox crashed several times during the curse visit. After this I couldn't lock into wow anymore. Not with chinese client and not with german one.

So I recovered my PC from the saturday point and it worked fine. But this morning I got the antivirus alarm. Hope I killed him now.

On curse.com u can find a statement about this trojan basterd.
Nous 
DragonspawnDragonspawn

Posts : 417
Joined : 2009-03-12
Male Age : 31
Location : Xu Jia Hui, Shanghai

Character in WOW
Server: CN1 / 马多兰 / PVE
Name:
Guild: Cow Eaters

  Tue 4 Aug 2009 - 7:48  #
I also had an antivirus alert last saturday. It was a .dll but I forgot the name. For me no link with curse but with it was just after i unzipped the launcher skeleton.

I will check his name tonight.


BTW: I've only AVAST and WindowsFirewall+Defender, do you think it's enough?
bolomas 
AdminAdmin

Posts : 1726
Joined : 2009-05-12
Male Age : 33
Location : Shanghai

Character in WOW
Server: 奥特兰克-CN1(PVP) Horde
Name: Smallearth
Guild: The Crazy waiguorens

  Tue 4 Aug 2009 - 8:18  #
yeah Alex exactly the same here. Actually at first I tried to launch the game with the normal wow.exe and get the startup_string error message of course.
But by chance when looking at the error log I saw there was a suspect file named 52233kou.dll in my "C:\Documents and Settings\"name of user".PRIVATE-4SFIB93.000\Local Settings" folder that was loaded as well.
At first I tought it couldn't be this, usually I don't get virus, but after reinstalling the game and still didn't solve this problem, I tried to delete it(had to use fileAssassin caus windows wouldn't let me delete it) and then the game worked again. Took me a whole afternoon to solve this, and now you say it's from curse it makes perfect sense.
I ve seen some german forums there were talking about a XXXXkou.dll file with a name similar with mine.

So here for people who wanna check if your game isn't loading a keylogger, start the game with the normal wow.exe and after it crashes watch the error.txt file(inside the errors folder) for this :

----------------------------------------
Loaded Modules
----------------------------------------

0x00400000 - 0x01758000 D:\WOW CN\WoW.exe
0x01760000 - 0x01769000 C:\WINDOWS\system32\Normaliz.dll
0x03A20000 - 0x03B35000 D:\WOW CN\dbghelp.dll
0x10000000 - 0x10069000 D:\WOW CN\DivxDecoder.dll
0x404A0000 - 0x40586000 C:\WINDOWS\system32\WININET.dll
0x40B40000 - 0x40D28000 C:\WINDOWS\system32\iertutil.dll
0x45180000 - 0x452B1000 C:\WINDOWS\system32\urlmon.dll
0x4FCF0000 - 0x4FE96000 C:\WINDOWS\system32\d3d9.dll
0x58B50000 - 0x58BEA000 C:\WINDOWS\system32\comctl32.dll
0x5B090000 - 0x5B0C8000 C:\WINDOWS\system32\uxtheme.dll
0x5B3C0000 - 0x5B3C7000 C:\WINDOWS\system32\umdmxfrm.dll
0x5D0A0000 - 0x5D0A7000 C:\WINDOWS\system32\serwvdrv.dll
0x5F070000 - 0x5F13C000 C:\WINDOWS\system32\OPENGL32.dll
0x62DC0000 - 0x62DC9000 C:\WINDOWS\system32\LPK.DLL
0x6CEF0000 - 0x6CF11000 C:\WINDOWS\system32\GLU32.dll
0x6D2D0000 - 0x6D30A000 C:\WINDOWS\system32\DINPUT8.dll
0x6DE60000 - 0x6DE66000 C:\WINDOWS\system32\d3d8thk.dll
0x719E0000 - 0x719E8000 C:\WINDOWS\system32\WS2HELP.dll
0x719F0000 - 0x71A07000 C:\WINDOWS\system32\WS2_32.dll
0x71B50000 - 0x71B63000 C:\WINDOWS\system32\SAMLIB.dll
0x736B0000 - 0x736FB000 C:\WINDOWS\system32\DDRAW.dll
0x73B10000 - 0x73B16000 C:\WINDOWS\system32\DCIMAN32.dll
0x753C0000 - 0x7542B000 C:\WINDOWS\system32\USP10.dll
0x76320000 - 0x7633D000 C:\WINDOWS\system32\IMM32.dll
0x76AE0000 - 0x76B0F000 C:\WINDOWS\system32\WINMM.dll
0x76F10000 - 0x76F3D000 C:\WINDOWS\system32\WLDAP32.dll
0x770E0000 - 0x7716B000 C:\WINDOWS\system32\OLEAUT32.dll
0x77390000 - 0x77493000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x774A0000 - 0x775DD000 C:\WINDOWS\system32\ole32.dll
0x77650000 - 0x77671000 C:\WINDOWS\system32\NTMARTA.DLL
0x77BB0000 - 0x77BC5000 C:\WINDOWS\system32\MSACM32.dll
0x77BD0000 - 0x77BD8000 C:\WINDOWS\system32\VERSION.dll
0x77BE0000 - 0x77C38000 C:\WINDOWS\system32\msvcrt.dll
0x77DA0000 - 0x77E4C000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E50000 - 0x77EE2000 C:\WINDOWS\system32\RPCRT4.dll
0x77EF0000 - 0x77F39000 C:\WINDOWS\system32\GDI32.dll
0x77F40000 - 0x77FB6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77FC0000 - 0x77FD1000 C:\WINDOWS\system32\Secur32.dll
0x7C800000 - 0x7C906000 C:\WINDOWS\system32\kernel32.dll
0x7C910000 - 0x7C9C9000 C:\WINDOWS\system32\ntdll.dll
0x7C9D0000 - 0x7D1F5000 C:\WINDOWS\system32\SHELL32.dll
0x7E390000 - 0x7E421000 C:\WINDOWS\system32\USER32.dll

If you see a file named 52230kou.dll(the number can be different)in the list, then it means you'have the keylogger on your computer.

But it should be ok, because I think it makes the game crash after login so you would know it.

_________________
When you log on a realm type "/join english" to get in touch with the community members.
WoW English/Chinese glossary (2000+ translated words) found on wow-in-chinese.jfs-web.ch
English speakers are consolidating on the same realm for Cataclysm check this thread
stItCh 
OnyxiaOnyxia

Posts : 865
Joined : 2006-12-16
Male Location : 99% Suzhou and 1% Germany

Character in WOW
Server: MaDuoLan - 马多兰, Menethil-米奈希爾-TW
Name: Juliask-Zobun
Guild: Cow Eaters

  Tue 4 Aug 2009 - 11:33  #
Hi forget Course

Use Wow Matrix its very similar to the old WOW ACE.
I had no problems by updating from there all my addons.
bolomas 
AdminAdmin

Posts : 1726
Joined : 2009-05-12
Male Age : 33
Location : Shanghai

Character in WOW
Server: 奥特兰克-CN1(PVP) Horde
Name: Smallearth
Guild: The Crazy waiguorens

  Tue 4 Aug 2009 - 11:42  #
But this keylogger has nothing to do with curse. It's all the websites who are at risk. The virus comes from a compromised flash advertisement. So be sure to update your flash, caus there's many things who can end on your computer when you are surfing on the net right now.

_________________
When you log on a realm type "/join english" to get in touch with the community members.
WoW English/Chinese glossary (2000+ translated words) found on wow-in-chinese.jfs-web.ch
English speakers are consolidating on the same realm for Cataclysm check this thread
stItCh 
OnyxiaOnyxia

Posts : 865
Joined : 2006-12-16
Male Location : 99% Suzhou and 1% Germany

Character in WOW
Server: MaDuoLan - 马多兰, Menethil-米奈希爾-TW
Name: Juliask-Zobun
Guild: Cow Eaters

  Tue 4 Aug 2009 - 13:48  #
Oh god Good lucky my P... sites are save without Flash ; )
Sponsored content 


  Today at 1:10  #
 

Trojan horse "TR/PSW.wow.rtv"

View previous topic  View next topic  Back to top 
Page 1 of 1

Permissions in this forum: You cannot reply to topics in this forum
Foreign community at Chinese World of Warcraft  :: General -
Free forum hosting  | © phpBB | Free forum support | Report an abuse | Create a forum on Forumotion