Sajro Posted August 7, 2005 Report Share Posted August 7, 2005 chisto da znate da se pojavio wow trojan =), koliko sam prochitao na nekom sajtu redovno se nadje u onim datotekama za piratske servere i razne toolove koji se koriste za retail (obichno hackovi, za sada ni jedan addon creator nije iskoristio ovo koliko znam) PWSteal.Wowcraft is a password-stealing Trojan horse that attempts to steal the password to the "World of Warcraft" game and send it to the creator of the Trojan. Type: Trojan Horse Infection Length: 34,304 bytes, 43,008 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Technical details: When PWSteal.Wowcraft is executed, it performs the following actions: 1. Copies itself as one of the following: * %ProgramFiles%\svhost32.exe * %ProgramFiles%\rundll32.exe * %ProgramFiles%\Internat.exe Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files. 2. Creates the following file: %System%\msdll.dll Note: %System% is a variable. The Trojan locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). 3. Adds the value: "load" = "[Path of the dropped file from step 1]" to the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run so that the file runs every time Windows starts. 4. Injects msdll.dll into other running processes, including explorer.exe, so that it can monitor for passwords entered. 5. Attempts to initiate a keylogging process upon finding windows associated with "wow.exe", "Launcher.exe", "www.wowchina.com" or "signup.worldofwarcraft.com". 6. Emails the gathered online "World of Warcraft" passwords to the Trojan's author. 7. Attempts to disable processes or windows which contain the following strings, some of which may be security related: * EGHOST.EXE * MAILMON.EXE * KAVPFW.EXE * Ravmon.exe * Ravmond.exe * ZoneAlarm 8. Attempts to download and execute files from the Internet. Note: Source: symantec.com Quote Link to comment Share on other sites More sharing options...
Immortalis Posted August 7, 2005 Report Share Posted August 7, 2005 blah, nisam siguran dal moze kaspersky moze da ga detektuje, a symantec-ve proizvode ne kosristim. Nisam ga nashao u registry ,ali valjda postoji neki cleaner da budem siguran, odoh da potrazim. Quote This video contains content from Jimmy Kimmel Live, who has decided to block it in your country. [23:47] <manager-> jao dete jao dete :D chickenonaraft.kom Link to comment Share on other sites More sharing options...
Lucky Posted August 7, 2005 Report Share Posted August 7, 2005 a sta ce mu uopste passwordi naloga? da nece da se loguje na svaki redom pa vam "gasi" iste? :) Quote Link to comment Share on other sites More sharing options...
Sa1Nt Posted August 7, 2005 Report Share Posted August 7, 2005 a mozhda da ga promeni, i posle proda na ebay? :) Quote Link to comment Share on other sites More sharing options...
Sajro Posted August 7, 2005 Author Report Share Posted August 7, 2005 a sta ce mu uopste passwordi naloga? da nece da se loguje na svaki redom pa vam "gasi" iste? :) ← dobije nalog, promeni shifru, proda. za svaki account moze da dobije minimum 20e i to jako brzo ako zna gde da nudi. i to 20e samo za account, josh ako na accu ima lvl 60 likova etc.. moze da proda i za preko 200e opushteno. edit: sejnte sejnte double post @ 15:23 by saint & cyro.. ultimate combo! =)) Quote Link to comment Share on other sites More sharing options...
Sa1Nt Posted August 7, 2005 Report Share Posted August 7, 2005 ;DDD Quote Link to comment Share on other sites More sharing options...
Sajro Posted August 7, 2005 Author Report Share Posted August 7, 2005 blah, nisam siguran dal moze kaspersky moze da ga detektuje, a symantec-ve proizvode ne kosristim. Nisam ga nashao u registry ,ali valjda postoji neki cleaner da budem siguran, odoh da potrazim. ← za sada nisam nashao cleaner ali kazu da su svi vetji antivirusi (kaspersky spada u tu grupu naravno) apdejtovali svoju bazu sa definicijom za ovaj trojan josh dvadeset i nekog maja kada je prvi put otkriven.. nema da brinesh, samo uradi full system scan i opushteno. ovo sam vishe postovao za one koji vole da skidaju botove, hackove, keyloggere.. sada je gomila takvih hack programa u stvari wow trojan etc. bash sam sada probao, googlovao sam wow botove i nashao neki warez sajt, skinuo bot.. kada ono taj trojan! =))) nemo' se zajebavate! edit: takodje kada skidate addonove, bez obzira koliko ste sigurni da tu nema nichega opet pogledajte folder i proverite da li ima nekih .exe fajlova, chisto za svaki sluchaj! Quote Link to comment Share on other sites More sharing options...
Immortalis Posted August 7, 2005 Report Share Posted August 7, 2005 (edited) ma updaetujem ja av svaki dan , ali sumljam zato shto ga nisam nashao pod tim imenom u enciklopediji virusa :) Edited August 7, 2005 by Immortalis Quote This video contains content from Jimmy Kimmel Live, who has decided to block it in your country. [23:47] <manager-> jao dete jao dete :D chickenonaraft.kom Link to comment Share on other sites More sharing options...
Immortalis Posted August 7, 2005 Report Share Posted August 7, 2005 (edited) dupli post Edited August 7, 2005 by Immortalis Quote This video contains content from Jimmy Kimmel Live, who has decided to block it in your country. [23:47] <manager-> jao dete jao dete :D chickenonaraft.kom Link to comment Share on other sites More sharing options...
pimpin` Posted August 7, 2005 Report Share Posted August 7, 2005 pa realno ne moze nishta da uradi sa accountom osim da ga ugasi jer postoji password recovery pitanje... a registry proveravam manuelno vec duze vreme i nemam nikakve probleme sa virusima i trodzancima Quote uvek moze bolje... Link to comment Share on other sites More sharing options...
Lucky Posted August 7, 2005 Report Share Posted August 7, 2005 a jest, na prodaju sam zaboravio. Hvala kolege! Quote Link to comment Share on other sites More sharing options...
pimpin` Posted August 8, 2005 Report Share Posted August 8, 2005 kako da ga proda? kad cesh ti zeljno za 5 sekundi da promenish password... Quote uvek moze bolje... Link to comment Share on other sites More sharing options...
Immortalis Posted August 8, 2005 Report Share Posted August 8, 2005 ma ko zna, mozda je neka zloba brishe charove i tako to :)) Quote This video contains content from Jimmy Kimmel Live, who has decided to block it in your country. [23:47] <manager-> jao dete jao dete :D chickenonaraft.kom Link to comment Share on other sites More sharing options...
coll Posted August 8, 2005 Report Share Posted August 8, 2005 ma ko zna, mozda je neka zloba brishe charove i tako to :)) ← zloba nego sta ! Jednog mog ortaka devojka zamolila da joj donese pice ili tako nesto, i za to vreme mu obrisala lvl 60 Maga i lvl 56 Druida ... kao da bi imao vise vrmena za nju i da batali komp. Decko je nabacio gadnog "trojana" irl :/ Quote sex, drugs and bio food! Link to comment Share on other sites More sharing options...
omg Posted August 8, 2005 Report Share Posted August 8, 2005 I koje je skilove ortak upotrebio protiv ribe kad mu je obrisala likove? Bas me zivo interesuje Quote Link to comment Share on other sites More sharing options...
Immortalis Posted August 8, 2005 Report Share Posted August 8, 2005 pa lepo poshalje ticket gm-u i objasni mu stvari , imaju oni backup. Mada trenutna reakcija , hmm, mogu da zamislim lol ! :) Quote This video contains content from Jimmy Kimmel Live, who has decided to block it in your country. [23:47] <manager-> jao dete jao dete :D chickenonaraft.kom Link to comment Share on other sites More sharing options...
amoskg Posted August 8, 2005 Report Share Posted August 8, 2005 Ladno bi je roknuo 100%... Quote Link to comment Share on other sites More sharing options...
Immortalis Posted August 8, 2005 Report Share Posted August 8, 2005 ja se stvarno plashim sebe shta bi uradio kad bi se tako neshto meni desilo :) Quote This video contains content from Jimmy Kimmel Live, who has decided to block it in your country. [23:47] <manager-> jao dete jao dete :D chickenonaraft.kom Link to comment Share on other sites More sharing options...
batina Posted August 8, 2005 Report Share Posted August 8, 2005 ja nikad nisam digao ruku na zhensko, ali nogu..... rogue ima kick, pa coll preporuchi drugaru da to nauchi... :))))))))hahahahahahahahaha Quote nema te logike koja ce me zaustaviti Link to comment Share on other sites More sharing options...
batina Posted August 8, 2005 Report Share Posted August 8, 2005 (edited) offtopic: trazeci gore navedeno nasao sam neki: - AIM instant messenger cookies (data: cnkng.exe) i - nwiz (data: nwiz.exe /install) znali ko sta je to tacho, poshto sam proshli put obrisao neshto shto nisam smeo, pa je usledeo reinstall.. inache AdAware ga ne detektuje Edited August 8, 2005 by batina Quote nema te logike koja ce me zaustaviti Link to comment Share on other sites More sharing options...
Nothingman Posted August 8, 2005 Report Share Posted August 8, 2005 Da bi se izbegli takvi problemi najbolje je devojci isprichati prichu kako je onaj lik ubio druga zato sto je prodao mach koji mu je ovaj pozajmio p.s. ne secam se koji je mmorpg u pitanju... Quote Link to comment Share on other sites More sharing options...
Immortalis Posted August 8, 2005 Report Share Posted August 8, 2005 Heh , znam za tu pricu ,bilo u sk, zato su blizzovci izmislili soulbound iteme :). Quote This video contains content from Jimmy Kimmel Live, who has decided to block it in your country. [23:47] <manager-> jao dete jao dete :D chickenonaraft.kom Link to comment Share on other sites More sharing options...
pimpin` Posted August 8, 2005 Report Share Posted August 8, 2005 (edited) ja bi je onda iz***** da mesec dana ne moge ni da se ustane a kamoli da hoce vishe "vremena za sebe" drolja ima koliko hocesh... ne treba ti ona shto brishe lvl60 likove Edited August 8, 2005 by pimpin` Quote uvek moze bolje... Link to comment Share on other sites More sharing options...
New Order Footman (NWO) Posted August 8, 2005 Report Share Posted August 8, 2005 (edited) kako da ga proda? kad cesh ti zeljno za 5 sekundi da promenish password... ← U WoW-u je ceo sistem sa accountima jako lose uradjen sto se tice bezbednosti, mozes ako imas sifru da udjes na account i promenis sve podatke osim jednog (ime i prezime) i security questiona (ali ni od njega nema vajde kad mozes da promenis e-mail nalog na koji stize nova sifra). Da spomenem da deletovanje charactera ne moze da izazove trajnu stetu posto je vrlo lako preko in-game ticketa GM-ovima povratiti obrisane likove, gadno je kad pored toga sto obrise lika proda i sve predmete na liku koji se takodje na slican nacin mogu povratiti iz baze podataka ali je malo komplikovanije i cesto ostanes bez itema ako se to desi, u tom slucaju gilda bi bila fer da ti pomogne da farmujes nove iteme :) Ovo je izgleda uradjeno zato da bi se ljudi isparanoisali i ne bi davali sifre svojim ortacima posto je ceo sistem mnogo normalnije odradjen u Warcraftu III gde su nalozi besplatni pa su ipak zasticeni na taj nacin sto je e-mail adresa TRAJNO vezana za account tako sto moras da potvrdis na toj e-mail adresi da si promenio adresu ako to hoces da uradis te uvek mozes povratiti account sem ako ti ne udju i na e-mail nalog kada mogu da promene adresu vezanu za nalog. Edited August 8, 2005 by New Order Footman (NWO) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.