Blizzard Warns World of Warcraft Players About "Disker" Trojan Virus

Blizzard Warns World of Warcraft Players About "Disker" Trojan Virus

World of Warcraft Siege of Orgrimmar Raid

Blizzard says that PCs with the "Disker" virus may need to reformat to remove it.

Hoping to tip people off to a potential security threat, Blizzard created a posting on the World of Warcraft forums yesterday warning about a newly discovered Trojan program that has apparently been appearing on users' PCs. "We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection," said a Blizzard support forum agent. "The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them."

If users suspect that their account has been compromised, Blizzard suggests they try and track down the Trojan. "It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either 'Disker' or 'Disker64,'" said the company. According to Blizzard, it usually bears the following appearance:

Disker rundll32.exe c:usersnameappdatalocaltempw_win.dll,dw Name-PCName Startup
Disker64 rundll32.exe c:usersnameappdatalocaltempw_64.dll,dw Name-PCName Startup

Little else is apparently known about the Disker virus. According to Blizzard, it hasn't "been able to locate any anti-virus programs that will remove it" and that the only effective method so far seems to be "just reformatting your system." In turn, it's asking its customers to report back about their recent activity if they discover they have the virus.

Source: World of Warcraft

Permalink

Checked mine, clean as a whistle. Thank god -.-

An MSInfo file....? Uh...

Can anyone with more knowledge perhaps provide info on this process for the less-techy of us out there?

Mind you I don't play WoW, but still, could be reason to be concerned for other games/programs.

Sure Blizz, wipe EVERYTHING... and then, since it's a big unknown you can easily get it the same way you got it in the first place; epic solution! The only actual solution is for AV makers to update their products to detect and remove this threat, which will be quite soon.

alj:
You should not reply on AV to remove stuff good security practices such as not running as bloody admin/root all the time using a secure browser with scripts only enabled on whistled sites and blocking adverts for security reasons.(yes i know it costs content produces and that is a side effect of the reason i block them, it sucks but there is not much i can do). And blizzard still refuses to releice that linux client they had way back when, i don't think a win32 torjan would cause me many problems on that system :P that is inherent more secure to begin with.

Given how windows currently has UAC, I keep thinking someday they are going to have an Admin and then a Super Admin. Except the second they make a super admin every idiot on the planet is going to decide they need to run as Super Admin.

Chessrook44:
An MSInfo file....? Uh...

Can anyone with more knowledge perhaps provide info on this process for the less-techy of us out there?

Mind you I don't play WoW, but still, could be reason to be concerned for other games/programs.

Windows 7+: Open the start menu, type "msinfo32" and hit enter, the program should start.

Earlier: Start> Run> "msinfo32.exe"

Morti:

Chessrook44:
An MSInfo file....? Uh...

Can anyone with more knowledge perhaps provide info on this process for the less-techy of us out there?

Mind you I don't play WoW, but still, could be reason to be concerned for other games/programs.

Windows 7+: Open the start menu, type "msinfo32" and hit enter, the program should start.

Earlier: Start> Run> "msinfo32.exe"

then what I do?

Grandcrusader:

Morti:

Chessrook44:
An MSInfo file....? Uh...

Can anyone with more knowledge perhaps provide info on this process for the less-techy of us out there?

Mind you I don't play WoW, but still, could be reason to be concerned for other games/programs.

Windows 7+: Open the start menu, type "msinfo32" and hit enter, the program should start.

Earlier: Start> Run> "msinfo32.exe"

then what I do?

As the original article said: "...looking in the Startup Program section of that file for either 'Disker' or 'Disker64" which is within the software group.

Looks like I don't have it.

Won't stop me from being incredibly paranoid for the next few days though.

Well me, I just checked mine. Clean as a bell. Course I got 3 antiviruses that aren't norton or mcafee.

Thanks for the heads up, I really appreciate it. I'll check my laptop as soon as I'm home from work.

Great, now I'm worried. Ulp.

That why I like the Beta Battle.net launcher, you only have to enter your account name and authenticator pretty much the first time you install it. It exactly safer, but your not entering all that information every-time you play WoW.

My streak of never losing an MMO account or any account period to hacking continues.

Paranoid Web Browsers 4 Lyfe.

Looks like I'm clean, but I don't play WoW, so not a huge worry for me. I do have a D3 account that is rotting in the depths of unplayed games on my shelf, but they wouldn't get much from it. Maybe a few million gold worth of gear, but thats it.

Grandcrusader:

Morti:

Chessrook44:
An MSInfo file....? Uh...

Can anyone with more knowledge perhaps provide info on this process for the less-techy of us out there?

Mind you I don't play WoW, but still, could be reason to be concerned for other games/programs.

Windows 7+: Open the start menu, type "msinfo32" and hit enter, the program should start.

Earlier: Start> Run> "msinfo32.exe"

then what I do?

When you open msinfo just type "Disker" or "Disker64" into the search bar, hit enter and then wait while it does its thing.

Baldr:
That why I like the Beta Battle.net launcher, you only have to enter your account name and authenticator pretty much the first time you install it. It exactly safer, but your not entering all that information every-time you play WoW.

Pretty much this. I have been skeptical with the beta launcher until I finally installed it a few months ago. I haven't had the need to use the authenticator since which results in slim chances of getting hacked since it does the auto login everytime I run the game.

Nothing on my end which is good :)

They should have sent an e-mail out. A lot of people avoid the WoW forums like the plague. It's a cesspool of trolls, idiots, and fanboys.

BoogieManFL:
They should have sent an e-mail out. A lot of people avoid the WoW forums like the plague. It's a cesspool of trolls, idiots, and fanboys.

Because every MMO fan knows that Blizzard emails are always something to click on. Granted, when they are actually from Blizzard, your're fine, but the number of scams using some form Of Blizzard is astounding...

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here