Blizzard Warns World of Warcraft Players About ‘Dangerous Trojan’

Blizzard Entertainment is warning World of Warcraft players that they should be on the lookout for what it calls a "dangerous Trojan" that is capable of stealing their account information – even if they are using Blizzard's WoW account authenticator for extra protection.

The company put out a message about this new security threat last night in a forum thread. Blizzard said in its post last night that once a user is infected with the malware, it acts in real time to steal World of Warcraft account information and the authenticator password at the time a subscriber uses them.

Blizzard recommends that users with compromised accounts seek out the Trojan by following these steps:

"It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either 'Disker' or 'Disker64.' It will usually appear like this:

Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup

Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup"

Blizzard is currently investigating the malware but has been unable to find any virus programs that can remove it. They say that the only way to get rid of it at the moment is to reformat your system if you are infected by it. To help Blizzard find a solution, you can reply to the ongoing support thread with the following:

"Your MSInfo. A list of any add-ons you recently installed along with where you got them. A list of any programs you recently installed along with where you got them. Any security programs you have run and their results."

Source: GameSpot

Tweet about this on TwitterShare on FacebookShare on Google+Share on RedditEmail this to someone

One comment

  1. 0
    Hevach says:

    I'd encourage anyone with the trojan to seek help before resorting to a reformat (and to make sure you're not getting that help from one of those "professionals" who just reformats for you). Everything available on this virus suggests it should be entirely removable by fairly standard manual removal methods. It does nothing special, there's no TDLFS file system, no alternate data stream files… It doesn't even particularly protect itself except by a couple task scheduler entries.

    Not being included in many/any definition updates is not the same thing as unremovable. Many variations of the FBI Moneypak virus are not detected by antivirus programs, but I've yet to discover one that's impossible to remove manually with some creative methods. Reformating is extreme, unnecessary, and often irresponsible.

Leave a Reply