Posted at http://wow.warcry.com
"Tsurani posted on 20 Dec 2006, 02:01 PM
If you visited ui.worldofwar.net in the last few days you might want to scan your hard drive with the latest antivirus definitions. We have been informed that at this time the key logger was removed from the ui.worldofwar.net homepage.
The key logger itself was in an iframe embedded from an ad that was running on their site
The key logger planted a file called ntldr.exe on your C: drive There is however ntldr.dll please do not get them confused. You need the ntldr.dll to boot your PC to a desktop. A great free online scanner can be located at Trend Micro"
Well, it got me. At 11:45 a.m. CDT someone logged into my account.
The below security virus programs will not detect ntldr.exe which might be located in your c:\ root directory, as it was on mine.
Symantec Client Security 12/20/2006
AVG 268.15.26/594 12/20/2006
Kaspersky 6.0 (downloaded today from their site)
Just removing the ntldr.exe and trying to login with a new password did not work. I had to reinstall a fresh copy of WoW before, another new password was accepted.
Patching as of now, not sure how much was taken, if any at all.
Bob
"Tsurani posted on 20 Dec 2006, 02:01 PM
If you visited ui.worldofwar.net in the last few days you might want to scan your hard drive with the latest antivirus definitions. We have been informed that at this time the key logger was removed from the ui.worldofwar.net homepage.
The key logger itself was in an iframe embedded from an ad that was running on their site
The key logger planted a file called ntldr.exe on your C: drive There is however ntldr.dll please do not get them confused. You need the ntldr.dll to boot your PC to a desktop. A great free online scanner can be located at Trend Micro"
Well, it got me. At 11:45 a.m. CDT someone logged into my account.
The below security virus programs will not detect ntldr.exe which might be located in your c:\ root directory, as it was on mine.
Symantec Client Security 12/20/2006
AVG 268.15.26/594 12/20/2006
Kaspersky 6.0 (downloaded today from their site)
Just removing the ntldr.exe and trying to login with a new password did not work. I had to reinstall a fresh copy of WoW before, another new password was accepted.
Patching as of now, not sure how much was taken, if any at all.
Bob