> OlympusNS wrote:
> Man, this kind of stuff is just rediculous...
>
> I think the real problem is with "ebay"... if they wouldn't let people sell gold and their characters, it wouldn't be so profitable to hack peoples accounts.
>
> I trust CG, and im sure the admins here will come up with something to keep this from happening, at least as much as possible.

well ebay did that just now, banning all sales of virtual goods:

http://wow-en.curse-gaming.com/general-news/756/ebay-bans-auctions-of-virtual-goods/

Here's my problem. I stupidly downloaded and ran the file (yes, I know. Stupid!). I followed the advice given and deleted said files.

But everytime I reboot my machine, the process scvhost.exe is in the Windows Task manager. How do I get rid of it?

Any help is appreciated in advance.

you sure it's scvhost.exe and not svchost.exe?

scvhost.exe is the virus

svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs

Help!!!

I ended up getting this stupid keylogger on my other PC. I have tried everything to get rid of it and nothing is working. For some reason it won't even let me reformat my Hard drive. Any suggestions???

Try this:

http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.removal.tool.html

or this:

http://www.2-spyware.com/remove-w32-hllw-gaobot.html

ok, tyvm. Hope it works

Personally I never open any addon that is a .exe because of the risk. The only time I ever do is when it is a trusted user and they have never done this kind of thing before.

The best thing you can do is as soon as you down load an addon scan it with your AV and if possable you antispyware as well for not all key loggers fit under the virus catogory and hence not all are picked up by your AV.

> Zinor wrote:
> > kadolar wrote:
> > It's getting so bad...
> >
> > Perhaps addons that are .EXE should be quarantined for a short period? Requires vetting from a 2nd curse-user? Someone with X curse points or less can't post EXEs ?
> >
> > Has to be a better way...
> I will actually consider something like this. We need a better way to control spammers since we can't obviously moderate the site 24/7 as sooner or later something will slip through while people are sleeping.
>
> With our next site push we are putting live levels with which we want to increase uses access on the site on a level basis. I will talk it over w/ the guys and see if we can't come up with a solution.

-points
-original poster of the first addon

Does curse-gaming not keep a log of the files that are uploaded and by who? If so, wouldnt a simple solution be just to ban the ip of the people of upload trojans?

I congratulate the staff of curse gaming for keeping the majority of the files that are uploaded clean.

Personally I would never run an executable addon, addon developers should make sure to create a '.zip' version as well for the people that do not trust executable files, especially with all the keyloggers that have been appearing lately.

Yes, but do you check every single folder in the zip to make sure it only contains .TOC, .LUA, XML files and doesn't have an .EXE, .COM, .SCR, .VBS hidden a few directories deep? I haven't gotten into programming AddOns yet but I can't imagine it is too hard to execute a program once the use has put it on their hard disk drive. .ZIP files are hardly more secure than .EXE installers.

Even if programs are .exe they don't just magically execute themselves by being just placed on disk. Something must run them. So, imagine, it is hard enough.

A keylogger was found in this mod too.
http://wow-en.curse-gaming.com/files/details/6668/pvp-enhancement-v5/

I don't have any of the mentioned files, but my account just got hacked on WoW, and I lost all the gear from a couple of 40s and a couple of 30s. That was really bloody expensive. Blizz says they're looking into it, but...

It was about 21 January when I DLd a bunch of new addons from here, and last Friday my account was mysteriously closed. When Blizz turned it back on, all my toons were nekkid (and Forsaken, especially when nekkid, don't look so good). It was just like being robbed; all my toons were parked by mailboxes, all my gear, money and bags from bank and inventory just gone. Even sold off my clothes.

There's a special place in hell, right in between child molesters and the furnace, for hackers.

A few days ago I downloaded ATLAS addon which contained a keylogger embedded in the zip (virus scan did not pick it up, unfortunately). Within a few hours my WOW account pwd was changed and by the time I got back in to it, all my characters/items/gold were GONE.

Do NOT report to Blizzard that an addon got your account compromised or Blizzard will close your account for allowing someone else (even though unauthorized) to access your account (forbidden by the EULA you agreed to when installing WOW). If you report it to Blizzard, you'll likely end up loosing your account PERMANENTLY, as I did, for violating the terms of use for WOW.

Addons really enhanced gameplay for me with WOW..but I never considered the consequences and how addon use, while condoned by Blizzard, is also grounds for getting your account permanently banned, if Blizzard so chooses. BE FOREWARED and be careful.

After some research online, I've discovered that there are MANY unhappy ex-WOW users that have experienced similar circumstances. Be careful when asking a GM for help, as an "investigation" puts your account up for close scrutiny (your activity log) and is liablle to get your account banned for violating the "essence" (Blizzard's term) of the game.

Atlas is one of the most reputable and used addons for World of Warcraft. I guess I have to ask a few questions of you before you go blaming Atlas for getting you hacked.

1. Is this the actual version of Atlas from Curse or some off site one.
2. Was there a sort of executable in the file that you had to run to install

> ramon1984 wrote:
> I got a question..
>
> like 3/4 months ago i had 60 priest full epic on hakkar.
>
> I got hacked pretty bad and lost all my items.. I downloaded al my addons from this site.
> I dont wanne start over knowing that it cna happen again because it rly sucks :P...
>
> Is it safe already tot play wow with addons again from curse?
> Or is there any scan tool or something else to detect if i hav ethis keylogger...
>
> mayb still on my pc? im gonne reroll new wow char on Saturday xD
>

yeah its dead simple ... don;t use any addon that involes and "EXE" file I don't use any exe files for anything that I don't know come from a reliable source.

Any normal mod loads after logging in anyway, so as long as it has no "exe" file in it your safe afaik

I totally agree. Not only is this happening to people in my guild, but WOW isn't doing enough to enforce and penalize people who steal money and hack accounts from people whether maliciously or for profit.

I believe that I had keylogging scripts installed from this site that send out emails and then phish your account for information. Luckily I caught it before replying, but I have been getting attacked recently. I am an adult, but I believe that this is common that people spread add on knowledge in game then turn around and harass the very people that they "help" not only harassing them via phishing emails and keylogging scripts stealing your personal information but also harassing you in game because they get banned for stealing your gold.

I could put up a list of addons but I am not going to bother as I don't know who it was. However, I think that some of the problems are that a quaranteen might be a good idea. Also lletting people only use certain formats and then there is not confusion about installing the addons particularly ones where you have to changed account information. I had a guy on here with a twinked rogue addon that looked great, but his instructions were atrocious and then he copped an attitude when I asked him to elaborate. I should have just reported the guy and his account addon crap but I let it slide and now I am hitting my head.

> Eldredd wrote:
> Atlas is one of the most reputable and used addons for World of Warcraft. I guess I have to ask a few questions of you before you go blaming Atlas for getting you hacked.
>
> 1. Is this the actual version of Atlas from Curse or some off site one.
> 2. Was there a sort of executable in the file that you had to run to install

I echo this 100%. I've never heard of Atlas ever having this issue as it is one of the most reputable and longest running mods period.

Just as a warning

Kalitassa, who is NOT the author of either addon, has just uploaded 2 trojan files named after Atlas and KTM, and he is deleting all the posts made on the fake addons page warning people about it