I need a bit of help here, I'm afraid. I've posted at the official forums but I might be able to get help here.

Long story short: are addons like Auctioneer, Power Auras, etc *supposed* to have application files in them? I know the majority don't, but are there a few special exceptions?

I ask because of the following:

- I use a Mac and thus can only contract a keylogger if I actually *install* the program

- I downloaded manually from Curse, without a client. Once or twice, I came across an addon that had an application in it (twigging off Mac and getting the popup "This has an application, sure you want to run it?" I thought nothing of it, because hey, Curse is trustworthy and I figured it was just part of the addon.

- My account got hacked on Friday. Usual tale of woe... transferred toons, stripped banks, spent emblems, yadda yadda

- I've been running around like a chicken with its head cut off trying to figure out what happened and how my account was compromised when I don't click weird links, don't download random stuff, don't use a client, don't have a stupid password, etc. A few guildies suggested it might be an addon, and when I mentioned I'd gotten a few with applications, their warning bells went off. I decided to come her to check.

Thanks in advance! I hope I'll be able to figure out what's going on soon. Again, I just need to know if Auctioneer etc are meant to have applications in them (Auctioneer has it even at its website download).

Regards!

All good addons are just text files. In fact, to be clear, there is no such thing as an addon that is also an application. There is no executable code in an addon. If you got warnings, then

a) it wasn't an addon

b) unless you know *exactly* what it is (for example Minion or the Curse Client or Ventrilo or Teamspeak) and it says it works with WoW, don't get it. chances are it is very bad for your computer

c) it was an addon, but you found it on a suspect website, and someone maliciously bundled some malware with it

If guildies suggest it was an addon, tell them they are bonk, because addons from good sites, such as Curse or WowInterface, are exactly that: good. Since you have a Mac, I will venture you have an iPod or iPhone. If you have a Touch or phone, then get the Blizzard authenticator from the iTunes store for free.

Now I admit confusion... on the one hand, you confirm that addons with executables and applications are a bad thing, but on the other you say that if I get things from Curse then they're safe. But the addons WITH executables came from Curse in the first place. I also went to Auctioneer's original website and THEIR version had an application as well.

Here's a screenshot of what I'm talking about: the same thing happened with Outfitter and Power Auras (both of which I attempted to download off of Curse)

http://img.photobucket.com/albums/v289/usagivindaloo/Picture1.png

My guildies were not so much saying that all addons are bad, but that any one with an application was bad (as, just like you say, they should NOT have an application in them). I think they were just trying to help me figure out how the heck I got a keylogger when I'm always extremely careful not to visit malicious sites and only download things that I want (the idea was that an addon might have slipped one past me because, hey, I wanted to download the addon, right? I didn't realize that applications = bad)

Also, I'll be getting an authenticator as soon as they're not sold out (I don't have an iPhone or an iPod Touch so unfortunately that's not an option at the moment).

Auctioneer does contain some .bat (DOS Batch) and .pl (Perl Script) files. They may have been flagged as executables but they are not, or better yet, can not be run by WoW automatically. They are there for upgrading, installing modules, or something like that. WoW does not provide developers a way to run an executable from within WoW so addons that are installed via a compressed file almost never contain malware.

This same question (accusation) appears very, very, reguarly in any of the large WoW forums (including this one) and the answer is always the same. Your hack was hackes MANY MANY moons ago and the hacker just waited a while to perform the actual account mining. You are doing the best thing that you can by getting the authenticator. other than that let this be a learning experience and don't rack your brain too much about where the hack originated from since there are too many possibilities to list.