Home > Help With > Help With Virus Named Emcor.dll

Help With Virus Named Emcor.dll

For those who need this in simpler terms, Alex Ziebert over at WoW.com has an excellent write up: http://www.wow.com/2010/02/28/man-in-the-middle-attacks-circumventing-authenticators/ I will update the original post of this thread as more information Flash is particularly important to keep updated as holes within Flash can be exploited on all platforms that Flash is available for. My viewpoint is mainly that of someone who has been in IT support from DSL, cable, phone, dial up, and internal help desk supports, so I tend to very much be http://www.worldofraids.com/topic/15638-authenticator-keylogger-update-new-icecrown-citadel-quests-in-patch-333/? this contact form

Alot of helpful information here. Phishing normally happens when the party hoping to steal your information tricks you into entering your username and password on their site, which is set up to look like the actual if its still getting in.. Be careful of which sites you go to in order to update your addons from; fake website addresses are being used to trick users.

Don't download any files from a source you don't trust completely. They purchase advertising on google that appears at the top of search results. Carkeys 100 Night Elf Hunter 13350 7 posts Carkeys Ignored Jun 6, 2011 Copy URL View Post 06/06/2011 08:54 AMPosted by MaulI mean maybe I slipped up one time

  1. We apologize for the delay in responding to your request for help.
  2. But It's not semantics here friend I was just refuting something you said : Here's what you said Good news, everyone!
  3. Situation is still the same with connection to server failed.
March 31, 2009 16:46 Re: Update fails #11 Top jagger Novice Join Date: 31.3.2009 Posts: 34
  • Please note that your topic was not intentionally overlooked.
  • not a ONE had Authenticator.Funny, that.
  • Carkeys 100 Night Elf Hunter 13350 7 posts Carkeys Ignored Jun 6, 2011 (Edited) Copy URL View Post 06/06/2011 08:40¬†AMPosted by MaulThis sounds like the known man-in-the-middle attack.
  • I said they are required by federal law to tell us if THEY are compromised. It's falsified advertisement and locking out the public from true information. But then the game would be unplayable. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room.

    nightcracker View Public Profile Send a private message to nightcracker Find More Posts by nightcracker 03-01-10, 10:52 AM #15 Zyonin Coffee powered Kaldorei Join Date: May 2006 Posts: 1,439 CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). mmo-champion posted this when the hack was first confirmed, don't know if there are other places it could be, but at least check for this Originally Posted by Bahumut5 /bitchslap Originally Bluspacecow03-01-10, 11:12 AMGood way of removing the DLL if on your system : http://www.mmo-champion.com/news-2/authenticator-accounts-hacked-icc-quests-crimson-deathcharger/msg2231200/#msg2231200 I agree guys let's keep it civil.

    I was wondering why my login process takes forever to process, it turns out the trojan sends out my password to an unknown entity while my wow client freezes for about Albeit, it may even be on the user end for some. While my knowledge is not considered as an Expert, I wanted to point out that this shouldn't be a factor to say that an Authenticator is a waste. It's simply a game of opportunity -- there's a lot of people to steal from, and a lot more people to sell to in say, World of Warcraft vs.

    Gylan 100 Draenei Shaman 12315 40 posts Gylan Ignored Apr 4, 2012 Copy URL View Post THANK YOU!I was getting the authenticator problem and *FIVE* different virus scanners could not Nothing seems to work.I called customer support and the representative just pretty much told me I'm screwed and it must be a virus.I'm stumped. forty2j View Public Profile Send a private message to forty2j Find More Posts by forty2j 03-01-10, 10:28 AM #14 nightcracker A Molten Giant Join Date: Sep 2009 Posts: 716 Changing your password every 2 weeks for wow also helps a lot.

    In a previous case on the forums, a parent's young child was just doing stuff on the computer totally unrelated to WoW and managed to install a MITM infection.It all started weblink Also might want to block on your firewall the IP and port : Host: 205.209.181.111 Port: 1068 EDIT : opps I see you already said about world of raids. I was going to post about this but I needed to get more info. Need Help?

    Carkeys 100 Night Elf Hunter 13350 7 posts Carkeys Ignored Jun 6, 2011 Copy URL View Post THats it.. Register now! Malware Bytes can detect and remove this trojan. navigate here Change View User Tools About Us Advertise What's New Random Page Premium Connect with Wowhead: Featured Game Sites Hearthhead Lolking TF2Outpost DayZDB DestinyDB Esohead Database Sites Wowhead LolKing DayZDB DestinyDB D3head

    Since it is a 100 million number code. Yes, it asks for a new code every time I login.If this is true, then you have a serious piece of malware on your machine. Please enable JavaScript in your browser.

    They are still as secure as before and will still produce one time use codes.

    Bluspacecow View Public Profile Send a private message to Bluspacecow Find More Posts by Bluspacecow 03-02-10, 12:57 AM #19 Psychophan7 A Chromatic Dragonspawn Join Date: Feb 2006 Posts: 153 To It costs money to pay developers to do something outside the changing of skill percentages. WoW may crash (which is to confuse the user and give the hacker the time needed to use the intercepted code) to Desktop. also a good thing to do is to hotkey a close all connections butten its a great oh crap button.

    Thanks again! Blizzard isn't a newb company. The firewall warns me that I'm then not protected until I restart. his comment is here The hacker uses that intercepted code to log into your account using the user name and password that was captured by the key logger.

    Groucho 305 posts Groucho Ignored Jun 3, 2012 Copy URL View Post 06/03/2012 12:03 PMPosted by DaveI had authenticator and I got hacked last night, first time I've been hacked ever.06/03/2012 Groucho 305 posts Groucho Ignored Jun 3, 2012 Copy URL View Post Dave, I hope you opened up a ticket and I'd be interested in seeing Blizzard's reply. make sure your ip is changeable too your isp can tell you if your ip is dynamic or static. It's 2012 for crying out loud!

    If you get a request to "authenticate" on your OS and you are not running an installer or making changes that you are aware of, deny the authentication and scan your Also consider getting a router and enabling a firewall windows firewall and the routers will help a lot. so it would get the same codes? Sheesh.

    Bluspacecow03-01-10, 09:11 AMThanks Zyonin. It is originating from a fake version of the WoWMatrix site. Assuming some form of third party responsibility to update us when "BLIZZARD ADDRESSES THE ISSUE".Just sayingThese reports aren't done today or yesterday. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner.

    If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. For those who want to look up this server, its IP is 112.137.162.183. WinSockFix from http://www.tacktech.com/display.cfm?ttid=257. Didn't want to deal with a system reset so I took the authenticator off.

    Ask here!Because the default UI is for squares.Issues with our site? or read our Welcome Guide to learn how to use this site. mmo-champion posted this when the hack was first confirmed, don't know if there are other places it could be, but at least check for this The file was named SoundMAX.dll ( This ad is at the top of the listings were it is most likely to be clicked.

    It seems invisible to many other scanners as well--Virscan.org ran it through 36 different scanners, and more than half did not see anything suspicious about it.