I recently had my account hacked and stripped, 7 accounts, about 4 80s per account. After posting here about it and running 2 different virus scans, I turned up a trojan on my sons computer. I quarentined it and deleted it. we got our accounts back 2 days later fully restored (thanks blizz!) and I had an authenticator on order. The very next day I had a ton of emails from blizz saying "Password reset" ect... i had chills as I logged in, and sure enough I had been hacked and stripped again. I logged in and initiated a claim ingame, and spent about 3 hours getting ahold of customer service. The rep was very helpfull and told me to download Malware Bytes, open wow, type gibberish in the password/account boxes, and to run a full scan. Not surprisingly, it found 2 Key.logger files on my comp, they were only detected w/ wow open and words typed in.... I removed the keyloggers, deleated all my addons at the advice of the blizz rep, and rebooted and reran the malware bytes scan w/ wow open, it came back clean.

We got our accounts back after 3 days of waiting, and did not log in untill we had the authenticator attached. Confident w/ our new authenticator, password, and Bnet acount, we played wow for a couple hours. My son got disconnected in WG, (Happens from time to time) he attempted to log in, typed in the authenticator code and hit enter, and got stuck loading w/ a "Cancel" popup box on the loading screen. he tried again w/ the same result. After about 10 minutes I logged into his account w/ out problem on my computer, only to get kicked back to desktop and an immediat email from blizz saying that the account had been locked for suspicious activity. I immediatly ran the Malware bytes scan on my sons comp and surprise surprise there was that F#$%#$ keylogger. I removed it again, but where the hell is it coming from? We just got our accounts back today and his warrior was completely stripped, they deleated all his relentless/wrathfull gear, and she was completely naked in a field.. she also happens to be the poorest char on his account, so she wasnt missing anything else other than her armor which is cannot be DE'd or sold, I guess they just wanted to be asses...

Moral of the story? Authenticator is nice, but you can still get hacked. Am I doing enough to ensure the security of my account? I sure am trying, but this keylogger thing is making me pull my hair out. My sons comp is only about 3 weeks old, Im not to keen on reformatting to get rid of it, for now we wont use that comp for wow, he will have to play on my laptop.

Nuke and pave. Update to vista/w7 and do not disable user account control. It will notify you on any installs you might not be aware of. Watch your sons internet activity better and your own as well. Do not use the same email/pw for wow with anything else on the internets. Look through your history as well as the event logs in windows. Your favorite wow porn flash game from e-baums is prolly where your getting attacked from.

Fire up a VM and do your browsing from there.

Sorry to hear that, but glad you got the accounts back.

Had you installed or downloaded any addons? If you can identify the source of the loggers others may have a higher chance of avoiding them.

Did you open up a gold buying website in your browser?

Also I hope you are mad at gold buyers.. Basically someone paid someone else to hack your account to get your gold, see any new mechano-hogs around?

Yeah, if you keep getting key loggers the authenticator won't help at all.

http://www.schneier.com/blog/archives/2005/03/the_failure_of.html

My problem after authenticator was that blizzard kept reseting my password and removing my authenticator. They produce so many emails to different departments. I had GMs doing it and call center reps. Was really annoying. I had to get on the phone and ask them to stop.

There are also farming sites sending out password change notification emails. I've been ignoring them

Sorry to hear of your troubles and glad you posted. It's always good to let the community know...

I'm getting a ton of "password reset: please confirm" emails right now (all URL's are legit) but I haven't noticed anything gone yet. I did change my password for good measure. I hope I'm not next.

I wouldn't follow those links in the email, even if they look legit

Well they are legit. I copied the shortcut and put it into notepad to see what it was, they go to battle.net/us and they are asking me to confirm a password reset by email (Like I forgot the password)

BTW, thanks to the OP for posting up the tip about getting malware bytes and launching wow and then scanning.. probably a pretty invaluable tip.

Well they are legit. I copied the shortcut and put it into notepad to see what it was, they go to battle.net/us and they are asking me to confirm a password reset by email (Like I forgot the password)

BTW, thanks to the OP for posting up the tip about getting malware bytes and launching wow and then scanning.. probably a pretty invaluable tip.

Blizzard will never ask you to confirm your password... why would they have to?? they have access to the database that it is stored in :o

The email I received asked me to confirm whether or not I requested a password reset via email like I had forgotten it.

When I did go onto battle.net and change my password they did send me an email confirming that I made an account change.

Unfortunately both emails have been removed from my email trash by now so I can't post them.

EDIT: I thought I had the original from blizzard but it was only one of the spam ones I get every day.

When I got hacked I believe they tracked my IP address to my machine and backdoored into the machine. The only way I got clear after a week of resets was to power down the modem for about 15 minutes so that it repulled a new IP address. At the same time I logged into a machine at work and setup a new email address that is only used for WoW. Both these precautions were what it took to get clear.
remember if they had a keylogger on your machine they may also have your email info and even the answer to blizz challenge questions. You need to chage "everything" on your WoW accounts from a secure machine and then nuke the OS on the two machines you are using WoW on, then with a fresh install install a good internet security app which has virus scan and a firewall. Once those have been installed then install WoW and all other apps.
As for User Account Control in Windows Vista / 7 , I always have it enabled and so it seems useless for these type of hacks due to the level they get installed at ( I presume they have the apps sit in memory until the machine is restarted and then install on bootup before UAC service starts.)
The other point I would make is to reset all bank account passwords etc that may have been accessed on these machines, remember these hackers are not just after WoW, they use stolen credit card info to transfer toons also, so protect real world info too.