Hacked w/ authenticator on account

[deadguyfred]

I recently had my account hacked and stripped, 7 accounts, about 4 80s per account. After posting here about it and running 2 different virus scans, I turned up a trojan on my sons computer. I quarentined it and deleted it. we got our accounts back 2 days later fully restored (thanks blizz!) and I had an authenticator on order. The very next day I had a ton of emails from blizz saying "Password reset" ect... i had chills as I logged in, and sure enough I had been hacked and stripped again. I logged in and initiated a claim ingame, and spent about 3 hours getting ahold of customer service. The rep was very helpfull and told me to download Malware Bytes, open wow, type gibberish in the password/account boxes, and to run a full scan. Not surprisingly, it found 2 Key.logger files on my comp, they were only detected w/ wow open and words typed in.... I removed the keyloggers, deleated all my addons at the advice of the blizz rep, and rebooted and reran the malware bytes scan w/ wow open, it came back clean.

We got our accounts back after 3 days of waiting, and did not log in untill we had the authenticator attached. Confident w/ our new authenticator, password, and Bnet acount, we played wow for a couple hours. My son got disconnected in WG, (Happens from time to time) he attempted to log in, typed in the authenticator code and hit enter, and got stuck loading w/ a "Cancel" popup box on the loading screen. he tried again w/ the same result. After about 10 minutes I logged into his account w/ out problem on my computer, only to get kicked back to desktop and an immediat email from blizz saying that the account had been locked for suspicious activity. I immediatly ran the Malware bytes scan on my sons comp and surprise surprise there was that F#$%#$ keylogger. I removed it again, but where the hell is it coming from? We just got our accounts back today and his warrior was completely stripped, they deleated all his relentless/wrathfull gear, and she was completely naked in a field.. she also happens to be the poorest char on his account, so she wasnt missing anything else other than her armor which is cannot be DE'd or sold, I guess they just wanted to be asses...

Moral of the story? Authenticator is nice, but you can still get hacked. Am I doing enough to ensure the security of my account? I sure am trying, but this keylogger thing is making me pull my hair out. My sons comp is only about 3 weeks old, Im not to keen on reformatting to get rid of it, for now we wont use that comp for wow, he will have to play on my laptop.

[Starbuck_Jones]

Nuke and pave. Update to vista/w7 and do not disable user account control. It will notify you on any installs you might not be aware of. Watch your sons internet activity better and your own as well. Do not use the same email/pw for wow with anything else on the internets. Look through your history as well as the event logs in windows. Your favorite wow porn flash game from e-baums is prolly where your getting attacked from.

Fire up a VM and do your browsing from there.

[3box]

Sorry to hear that, but glad you got the accounts back.

[Pycno]

Had you installed or downloaded any addons? If you can identify the source of the loggers others may have a higher chance of avoiding them.

Did you open up a gold buying website in your browser?

Also I hope you are mad at gold buyers.. Basically someone paid someone else to hack your account to get your gold, see any new mechano-hogs around?

[heyaz]

Yeah, if you keep getting key loggers the authenticator won't help at all.

http://www.schneier.com/blog/archive...ailure_of.html

[Multibocks]

My problem after authenticator was that blizzard kept reseting my password and removing my authenticator. They produce so many emails to different departments. I had GMs doing it and call center reps. Was really annoying. I had to get on the phone and ask them to stop.

[kate]

There are also farming sites sending out password change notification emails. I've been ignoring them

[DLoweinc]

Sorry to hear of your troubles and glad you posted. It's always good to let the community know...

I'm getting a ton of "password reset: please confirm" emails right now (all URL's are legit) but I haven't noticed anything gone yet. I did change my password for good measure. I hope I'm not next.

[Owltoid]

I wouldn't follow those links in the email, even if they look legit

[DLoweinc]

Well they are legit. I copied the shortcut and put it into notepad to see what it was, they go to battle.net/us and they are asking me to confirm a password reset by email (Like I forgot the password)

BTW, thanks to the OP for posting up the tip about getting malware bytes and launching wow and then scanning.. probably a pretty invaluable tip.