Do not use Pricemod from WoWEcon ...

A

Allanon

Moderator
Hey all, I just finished updating my anti virus (AVG) and got an alert from it regarding the WoWEcon.exe

"Resident Shield reports Trojan horse PSW.Generic3.JGW on WOWEcon.exe"

Until I figure out if this is an error on the part of AVG (it does happen) or in fact there is now a trojan attached from their site, please avoid running it.
 
Someone has posted this issue up on Grisoft's forums here without a response at this time. I do highly recommend you change your password if you use this mod. I will post any follow-up as I find out. It is my guess this is a false positive but on the heels of so many trojans and accounts being cleaned out, it doesn't hurt to be cautious.

I have also emailed wowecon, I'll share more as I find out.
 
Last edited:
Ok, I used a recommended virus submission engine and these are the results ...

Scan taken on 27 Feb 2007 20:34:36 (GMT)
AntiVir Found TR/PSW.WOW.PS.1
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found PSW.Generic3.JGW
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-PSW.Win32.WOW.ps
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-PSW.Win32.WOW.ps
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing

At this point, I am treating it as a trojan, I'd suggest you should as well.
 
This has been an issue for a while now. Their site was compromised or the owners posted this purposely. I have tested it by downloading it(my firewall scans all downloads against two virus engines) and it gets nailed every time.
 
Not sure what you mean by its been an issue for a while but thanks for the information. I have updated the various forums and sites and we'll see where this lands. I am not a friend of fearmongering so until I get an official response from WoWECon and/or confirmations from other reliable sources, I am suggesting people change their passwords as a minimum and stop using the exe itself.

This is always the risk when running apps downloaded from the Internet. It is always a balance of risk and trust. I am still optimistic that this is a false positive. Do a google search on anti virus false positive, it is quite enlightening. It doesn't change the fact you should take precautions.
 
now my two virus engines(clamav and authentium) could be wrong...always scan any downloads with at least one virus engine if not two..:)
 
Morning all, I did get a response from Wowecon this morning ...

"Hi,
We're aware of this issue. As far as we can tell, some (but not all)
virus scanners are mistaking our WOWEcon.exe for a small trojan horse
virus that was recently release. We are looking into what we can do to
stop WOWEcon.exe from being identified this way, as well as thoroughly
verifying that our software is virus-free. We will post an update on our
site when we know more. We're sorry for the inconvenience. Thank you for
your patience.

Maciej Babinski
WOWEcon Team"

It is likely this is a false positive but feel free to use or not use at your own discretion.
 
One word - WOW, talk about integrity, this was just posted on WoWEcon's main page ...

"Virus alerts, Launcher source code now available 28-Feb-2007 10:24:12 AM
A few virus scanners have recently started identifying our launcher executable as the Trojan-PSW.Win32.WOW.ps virus. We have contacted these vendors and are investigating the issue. Right now we believe this is simply a mistaken false-positive match, but we take account security very seriously and have disabled binary downloads until we are sure that is the case.

In light of the increasing amount of malware targeting WoW players, we have decided to release the source code for our launcher executable to the community. This code has already been reviewed by the staff at Curse Gaming, and we hope it will provide increased peace of mind for our users. Source code can be found on our downloads page or here.

Thank you for your continued patience,
The Wowecon Team"

Based on this, I will be disabling the heuristic engine in AV to have it stop telling me this is a virus. Outstanding response folks from Wowecon, I tip my hat at you for full disclosure.
 
Last edited:
Contact of AV vendors, disabling binary downloads and the source code. They must love their users. I have not heard of this being done before from any other company. I am impressed with them.
 
so were saying that they have investigated, and found that WoWecon is in fact safe to use then?
 
bah. my AVG locked up the wowecon.exe and now i can't restore it. i have to wait on wowecon.com to release the binary installer again :(
 
well at least you'll have the vendor prices and slightly outdated (but not by much) actual AH prices on items. Oh, just as a reminder, if you disabled the heuristic engine in AV, turn it back on now :)
 
You must log in or register to reply here.
Back
Top