Foreign community at Chinese World of Warcraft
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Foreign community at Chinese World of Warcraft

For those who want to play World of Warcraft cheaper on the Chinese realms (in Chinese, English or other languages)
 
PortalPortal  HomeHome  GlossaryGlossary  Latest imagesLatest images  SearchSearch  RegisterRegister  Log inLog in  
WARLORDS OF DREANOR - RELEASE ON 13.11.2014

FOR THOSE HAVING CONNECTIVITY PROBLEMS CHECK HERE!

Share | 
 

 Trojan horse "TR/PSW.wow.rtv"

View previous topic View next topic Go down 
Gast 
Guest


Trojan horse "TR/PSW.wow.rtv" _
  Trojan horse "TR/PSW.wow.rtv" I_icon_minitimeTue 4 Aug 2009 - 1:22  #
Hi all,

Just want to start WOW, and my AV software popped up with an alarm that the above trojan is dedected.

All of u guys who was the last days on curse.com, should check their computers.

Important is, that u update to the latest flashplayer. But u will find a lot of forum entrys about this trojan and how to remove it if u search in google.

Anyway, this keeps me busy now and I will not feel boring
bolomas 
AdminAdmin
bolomas

Posts : 1726
Joined : 2009-05-12
Male Age : 42
Location : Shanghai

Character in WOW
Server: 奥特兰克-CN1(PVP) Horde
Name: Smallearth
Guild: The Crazy waiguorens

Trojan horse "TR/PSW.wow.rtv" _
  Trojan horse "TR/PSW.wow.rtv" I_icon_minitimeTue 4 Aug 2009 - 5:46  #
Hey alex, that's fun what just happened to you caus last sunday I couldn't log into wow, the game would crash just after I enter my login informations and it was a *.dll file in my temporary folder. Strange thing is that it happened right after I downloaded an addon from wow.curse.com.
Gast 
Guest


Trojan horse "TR/PSW.wow.rtv" _
  Trojan horse "TR/PSW.wow.rtv" I_icon_minitimeTue 4 Aug 2009 - 7:37  #
I had on sunday (02/08) the same. Was playing until around 10AM, then I deside to update my addons and test some new ones.

My firefox crashed several times during the curse visit. After this I couldn't lock into wow anymore. Not with chinese client and not with german one.

So I recovered my PC from the saturday point and it worked fine. But this morning I got the antivirus alarm. Hope I killed him now.

On curse.com u can find a statement about this trojan basterd.
Nous 
DragonspawnDragonspawn
Nous

Posts : 417
Joined : 2009-03-12
Male Age : 40
Location : Xu Jia Hui, Shanghai

Character in WOW
Server: CN1 / 马多兰 / PVE
Name:
Guild: Cow Eaters

Trojan horse "TR/PSW.wow.rtv" _
  Trojan horse "TR/PSW.wow.rtv" I_icon_minitimeTue 4 Aug 2009 - 7:48  #
I also had an antivirus alert last saturday. It was a .dll but I forgot the name. For me no link with curse but with it was just after i unzipped the launcher skeleton.

I will check his name tonight.


BTW: I've only AVAST and WindowsFirewall+Defender, do you think it's enough?
bolomas 
AdminAdmin
bolomas

Posts : 1726
Joined : 2009-05-12
Male Age : 42
Location : Shanghai

Character in WOW
Server: 奥特兰克-CN1(PVP) Horde
Name: Smallearth
Guild: The Crazy waiguorens

Trojan horse "TR/PSW.wow.rtv" _
  Trojan horse "TR/PSW.wow.rtv" I_icon_minitimeTue 4 Aug 2009 - 8:18  #
yeah Alex exactly the same here. Actually at first I tried to launch the game with the normal wow.exe and get the startup_string error message of course.
But by chance when looking at the error log I saw there was a suspect file named 52233kou.dll in my "C:\Documents and Settings\"name of user".PRIVATE-4SFIB93.000\Local Settings" folder that was loaded as well.
At first I tought it couldn't be this, usually I don't get virus, but after reinstalling the game and still didn't solve this problem, I tried to delete it(had to use fileAssassin caus windows wouldn't let me delete it) and then the game worked again. Took me a whole afternoon to solve this, and now you say it's from curse it makes perfect sense.
I ve seen some german forums there were talking about a XXXXkou.dll file with a name similar with mine.

So here for people who wanna check if your game isn't loading a keylogger, start the game with the normal wow.exe and after it crashes watch the error.txt file(inside the errors folder) for this :

----------------------------------------
Loaded Modules
----------------------------------------

0x00400000 - 0x01758000 D:\WOW CN\WoW.exe
0x01760000 - 0x01769000 C:\WINDOWS\system32\Normaliz.dll
0x03A20000 - 0x03B35000 D:\WOW CN\dbghelp.dll
0x10000000 - 0x10069000 D:\WOW CN\DivxDecoder.dll
0x404A0000 - 0x40586000 C:\WINDOWS\system32\WININET.dll
0x40B40000 - 0x40D28000 C:\WINDOWS\system32\iertutil.dll
0x45180000 - 0x452B1000 C:\WINDOWS\system32\urlmon.dll
0x4FCF0000 - 0x4FE96000 C:\WINDOWS\system32\d3d9.dll
0x58B50000 - 0x58BEA000 C:\WINDOWS\system32\comctl32.dll
0x5B090000 - 0x5B0C8000 C:\WINDOWS\system32\uxtheme.dll
0x5B3C0000 - 0x5B3C7000 C:\WINDOWS\system32\umdmxfrm.dll
0x5D0A0000 - 0x5D0A7000 C:\WINDOWS\system32\serwvdrv.dll
0x5F070000 - 0x5F13C000 C:\WINDOWS\system32\OPENGL32.dll
0x62DC0000 - 0x62DC9000 C:\WINDOWS\system32\LPK.DLL
0x6CEF0000 - 0x6CF11000 C:\WINDOWS\system32\GLU32.dll
0x6D2D0000 - 0x6D30A000 C:\WINDOWS\system32\DINPUT8.dll
0x6DE60000 - 0x6DE66000 C:\WINDOWS\system32\d3d8thk.dll
0x719E0000 - 0x719E8000 C:\WINDOWS\system32\WS2HELP.dll
0x719F0000 - 0x71A07000 C:\WINDOWS\system32\WS2_32.dll
0x71B50000 - 0x71B63000 C:\WINDOWS\system32\SAMLIB.dll
0x736B0000 - 0x736FB000 C:\WINDOWS\system32\DDRAW.dll
0x73B10000 - 0x73B16000 C:\WINDOWS\system32\DCIMAN32.dll
0x753C0000 - 0x7542B000 C:\WINDOWS\system32\USP10.dll
0x76320000 - 0x7633D000 C:\WINDOWS\system32\IMM32.dll
0x76AE0000 - 0x76B0F000 C:\WINDOWS\system32\WINMM.dll
0x76F10000 - 0x76F3D000 C:\WINDOWS\system32\WLDAP32.dll
0x770E0000 - 0x7716B000 C:\WINDOWS\system32\OLEAUT32.dll
0x77390000 - 0x77493000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x774A0000 - 0x775DD000 C:\WINDOWS\system32\ole32.dll
0x77650000 - 0x77671000 C:\WINDOWS\system32\NTMARTA.DLL
0x77BB0000 - 0x77BC5000 C:\WINDOWS\system32\MSACM32.dll
0x77BD0000 - 0x77BD8000 C:\WINDOWS\system32\VERSION.dll
0x77BE0000 - 0x77C38000 C:\WINDOWS\system32\msvcrt.dll
0x77DA0000 - 0x77E4C000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E50000 - 0x77EE2000 C:\WINDOWS\system32\RPCRT4.dll
0x77EF0000 - 0x77F39000 C:\WINDOWS\system32\GDI32.dll
0x77F40000 - 0x77FB6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77FC0000 - 0x77FD1000 C:\WINDOWS\system32\Secur32.dll
0x7C800000 - 0x7C906000 C:\WINDOWS\system32\kernel32.dll
0x7C910000 - 0x7C9C9000 C:\WINDOWS\system32\ntdll.dll
0x7C9D0000 - 0x7D1F5000 C:\WINDOWS\system32\SHELL32.dll
0x7E390000 - 0x7E421000 C:\WINDOWS\system32\USER32.dll

If you see a file named 52230kou.dll(the number can be different)in the list, then it means you'have the keylogger on your computer.

But it should be ok, because I think it makes the game crash after login so you would know it.
stItCh 
OnyxiaOnyxia
stItCh

Posts : 865
Joined : 2006-12-16
Male Location : 99% Suzhou and 1% Germany

Character in WOW
Server: MaDuoLan - 马多兰, Menethil-米奈希爾-TW
Name: Juliask-Zobun
Guild: Cow Eaters

Trojan horse "TR/PSW.wow.rtv" _
  Trojan horse "TR/PSW.wow.rtv" I_icon_minitimeTue 4 Aug 2009 - 11:33  #
Hi forget Course

Use Wow Matrix its very similar to the old WOW ACE.
I had no problems by updating from there all my addons.
bolomas 
AdminAdmin
bolomas

Posts : 1726
Joined : 2009-05-12
Male Age : 42
Location : Shanghai

Character in WOW
Server: 奥特兰克-CN1(PVP) Horde
Name: Smallearth
Guild: The Crazy waiguorens

Trojan horse "TR/PSW.wow.rtv" _
  Trojan horse "TR/PSW.wow.rtv" I_icon_minitimeTue 4 Aug 2009 - 11:42  #
But this keylogger has nothing to do with curse. It's all the websites who are at risk. The virus comes from a compromised flash advertisement. So be sure to update your flash, caus there's many things who can end on your computer when you are surfing on the net right now.
stItCh 
OnyxiaOnyxia
stItCh

Posts : 865
Joined : 2006-12-16
Male Location : 99% Suzhou and 1% Germany

Character in WOW
Server: MaDuoLan - 马多兰, Menethil-米奈希爾-TW
Name: Juliask-Zobun
Guild: Cow Eaters

Trojan horse "TR/PSW.wow.rtv" _
  Trojan horse "TR/PSW.wow.rtv" I_icon_minitimeTue 4 Aug 2009 - 13:48  #
Oh god Good lucky my P... sites are save without Flash ; )
Sponsored content 


Trojan horse "TR/PSW.wow.rtv" _
  Trojan horse "TR/PSW.wow.rtv" I_icon_minitime  #
 

Trojan horse "TR/PSW.wow.rtv"

View previous topic  View next topic  Back to top 
Page 1 of 1

Permissions in this forum: You cannot reply to topics in this forum
Foreign community at Chinese World of Warcraft  :: General -
Make a forum | ©phpBB | Free forum support | Report an abuse | Cookies | Forumotion.com