Wowhead virus alert!

(Locked)

85 Human Warrior
2830
Wowhead.com has now infected two differnt computers of mine... One a week ago when I was looking for info on Cho'Gall and today while looking at the new crafting recipes... The virus corrupted my all me EXEFILE in regestry and my csrrss file.
- Technical Support
90 Blood Elf Hunter
17510
What makes you think Wowhead caused these problems? Wowhead itself is safe, and I can't say I've heard of any recent issues with anything else there (such as ads) being malicious.

Are you running up-to-date versions of Adobe Flash and Java? Outdated plugins contain a plethora of vulnerabilities.
________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
85 Worgen Druid
1395
This is confirmed unfortunately. I was on the timbermaw hold page on wowhead and did infact get a trojan instantly after hitting the page. It was able to bypass avast. But after getting help from a tech on a pc geek site i've used in the past, it was confirmed to have come from wowhead. The trojan itself was a rogue anti virus agent called "Windows Anti Virus 2012." It was removed via malwarbytes and some registry cleanup however, avast, then avg, security task manager, and spybot could not detect it or remove it. It blocks net use and gives you alot of windows errors and fake anti virus pop ups. It's a very nasty trojan.
MVP - Technical Support
97 Draenei Mage
6645
http://www.virustotal.com/url-scan/report.html?id=745dbe7914108f9a2796a940903349e1-1312183192

Comes up as clean across the board.
Edited by Bluspacecow on 8/1/2011 2:38 AM PDT
90 Troll Hunter
0
08/01/2011 12:56 AMPosted by Flavonic
This is confirmed unfortunately. I was on the timbermaw hold page on wowhead and did infact get a trojan instantly after hitting the page. It was able to bypass avast. But after getting help from a tech on a pc geek site i've used in the past, it was confirmed to have come from wowhead. The trojan itself was a rogue anti virus agent called "Windows Anti Virus 2012." It was removed via malwarbytes and some registry cleanup however, avast, then avg, security task manager, and spybot could not detect it or remove it. It blocks net use and gives you alot of windows errors and fake anti virus pop ups. It's a very nasty trojan.


Then you need to make sure your system is completely up to date with the latest version of Flash and Java. You got nailed via advertising, which is not a WoWHead issue. Go here and update everything this site states is out of date.

http://secunia.com/vulnerability_scanning/online/

And your so called "tech" is an idiot. If what you've been nailed with is what I think it is, you're still infected with a root kit. Malwarebytes will get rid of the extra viruses that comes with it, but the core infection cannot be removed by malwarebytes.
________________________________________________
Unofficial WoW Tech Support Pages
http://www.wowpedia.org/Portal:Technical_support
Unofficial Live Support:
irc://chat.freenode.net/wowtech
http://webchat.freenode.net/?channels=wowtech
Do NOT contact me in game. Doing so guarantees an immediate ignore in game and in the forums.
@Drezbek, correct in that Malware alone will NOT, I repeat NOT get rid of the Windows AntiVirus 2012, if that is what is getting installed on people's systems via WoW Head ads. The Windows 7 version, however, appears to be removable with only Malware and basic Win-included security tools [src: bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012].

I had gotten the XP-painted [it's all the same application, with updates, ofc, but it changes the GUI to match the installed OS so it looks more legit] version installed and used a program that, for the life of me, I can NOT remember the exact name of, but it's, essentially, the same functionality and quality of RKill by Bleeping Computer.

As always, if you aren't 100% sure what you're doing, consult a professional.
MVP - Technical Support
100 Human Mage
13970
Eris please not the date on threads before posting. Bumping threads from years ago can cause confusion. If you have a issue please start your own thread.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]