Account Hacked, what software and cleanup did you use?

[jinkobi]

You might have got hacked through 2 recent techniques listed on MMO Champion. The Flash player or the Google Ads vulnerabilities.

http://www.mmo-champion.com/

For the whole story check out MMO champions front page and read these 2 sections below.

Important - Adobe Flash Player Vulnerability

Quote from: Lucytr (Source)
A critical vulnerability has been discovered in Adobe Flash Player 10.0.45.2 and Adobe Reader/Acrobat 9.x, and could potentially be used to target World of Warcraft players and accounts. The newest available version of Adobe Flash 10.1, Release Candidate 7 (available at http://labs.adobe.com/technologies/flashplayer10/), does not appear to contain this vulnerability, and we recommend that everyone upgrade their Flash player as soon as possible. Earlier versions of Adobe Reader and Acrobat, specifically version 8.x, do not appear to contain this vulnerability, either.

For more information, please visit Adobe.com: http://www.adobe.com/support/security/advisories/apsa10-01.html

Get an Authenticator if you haven't got one already. Get your very own guard dog and secure your account at the same time. Visit http://us.battle.net/security for more info!

I would also like to add that this is NOT a virus. The only way to protect yourself from this kind of vulnerability is to keep your system up-to-date in all ways, including Flash.



Curse Client Google Ad Scam
A few months ago a couple of people got hacked because of malicious google ads redirecting to fake armory pages. (See this news)

The same problem is now affecting the Curse.com client that many of you use to update and download addon.

[crowdx]

Well I use the Curse Client to update my add ons, I have never used any link from the client but I do use it to update my addons.
My machines run windows updates automatically each day but I am not 100% sure about the Adobe stuff, they may have not been 100% up to date, but I do not surf a lot on these computers and so I would think the vulnerability is when these apps hit sites that take advantage of the exploit?
I have been using Bitdefender as a virus scanner but after the hack I tried a few others including AVG and NOD32, I do not like McAfee and Norton so stayed clear of them. I also used a couple of the previously listed apps in this thread for trojans and keyloggers.

[crowdx]

So the plot thickens, I was busy boosting toons in scholo and the RAF accounts got disconnected. When I tried to log in it kept giving me an incorrect password. When I checked the email associated with the account it reflected that there was a password reset request.
I quickly did a second reset got back into the account and changed the password. When I then went to log back into the toons it told me that the accounts were suspended.

So my confusion here is that I did a fresh install, changed all the Bnet passwords and the main accounts email (did not change the RAF email) and ran multiple virus scanners including several of the ones listed in this thread.

Maybe they just tried to reset the password to get into the account? There is an authenticator on all accounts and so maybe that is all they got to do from previously collected data?

This has been very traumatic, and when I try to call I get a message to just call back later, so much for customer service!!!

FRUSTRATED!!

[moosejaw]

When you do your system scans have the wow login screen up and type in some jibberish. Some of the malware won't show itself until wow.exe is active.

[jinkobi]

So the plot thickens, I was busy boosting toons in scholo and the RAF accounts got disconnected. When I tried to log in it kept giving me an incorrect password. When I checked the email associated with the account it reflected that there was a password reset request.
I quickly did a second reset got back into the account and changed the password. When I then went to log back into the toons it told me that the accounts were suspended.

So my confusion here is that I did a fresh install, changed all the Bnet passwords and the main accounts email (did not change the RAF email) and ran multiple virus scanners including several of the ones listed in this thread.

Maybe they just tried to reset the password to get into the account? There is an authenticator on all accounts and so maybe that is all they got to do from previously collected data?

This has been very traumatic, and when I try to call I get a message to just call back later, so much for customer service!!!

FRUSTRATED!!

This is some very weird stuff crowd...Especially if you formatted and everything I don't even know how it'd be physically possible unless you reinfected yourself from backups.

You need the help of the Customer Service forum then they can at least see where the logins are coming from and maybe more insight to what's going on.

[MiRai]

This is some very weird stuff crowd...Especially if you formatted and everything I don't even know how it'd be physically possible unless you reinfected yourself from backups.

You need the help of the Customer Service forum then they can at least see where the logins are coming from and maybe more insight to what's going on.

I've been told a virus could potentially hide in the memory. That's why you're supposed to do a full system shutdown and flip the power switch off [or unplug the PSU] and wait like 30 seconds to make sure all the power was removed from the board. But infecting yourself from backups is quite possible too.

[crowdx]

Well the really strange part to me is that to do a password reset on this latest Bnet account it needs a challenge question answered which I have not used in a long time and no would ever guess due to being an answer from back home when i was a child.
At this point I am wondering is it an issue with blizzards authentication servers.
I have tried multiple times to call them and keep getting a call back again later message, which is ridiculous.

[jinkobi]

Do you have any roommates or other people with access? Or gremlins, poltergeists, living on an indian burial ground?

I meant the Customer Service forum to at least get some feedback. The only way to get through by phone is spam redial then they put you in a queue where you wait. Spam redial like it's a radio contest.

[crowdx]

nope, I am the only ones with access to these computers.

[raylion]

So the plot thickens, I was busy boosting toons in scholo and the RAF accounts got disconnected. When I tried to log in it kept giving me an incorrect password. When I checked the email associated with the account it reflected that there was a password reset request.
I quickly did a second reset got back into the account and changed the password. When I then went to log back into the toons it told me that the accounts were suspended.

So my confusion here is that I did a fresh install, changed all the Bnet passwords and the main accounts email (did not change the RAF email) and ran multiple virus scanners including several of the ones listed in this thread.

Maybe they just tried to reset the password to get into the account? There is an authenticator on all accounts and so maybe that is all they got to do from previously collected data?

This has been very traumatic, and when I try to call I get a message to just call back later, so much for customer service!!!

FRUSTRATED!!

Have you tried Kaspersky virus checker? You can get it for a free 30 day trial but I would consider it the best out there (switched from Norton years ago as it was finding viruses Norton couldn't see). If you want a thorough check I would recommend a full scan with that (I use the Internet Security version).

http://www.kaspersky.co.uk/trials

EDIT: I should add it does more than virus checking, it's also a full firewall and detects keylogging etc.