Gehackte Accounts: Das Problem ist vermutlich ein Trojaner

Zur Zeit gibt es wieder vermehrt Meldungen von Spielern, dass ihre Accounts gehackt wurden. Blizzard führt dies nun auf einen Trojaner zurück vor dem euch nicht einmal eure Authenticatoren schützen. Der Trojaner arbeitet in Echtzeit und stiehlt euch bei der Eingabe der Account-Informationen auch euren Authenticator-Code.

Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup

Blizzard empfiehlt, dass ihr ein MSInfo File erstellt und dort dann nach “Disker” oder “Disker64″ sucht. Die entsprechenden Zeilen sollten folglich wie oben aussehen. Laut Blizzard erkennt zur Zeit leider keines der Virenprogramme den Trojaner.

Zitat von: Jurannok (Quelle)
Hello,

We’ve been receiving reports regarding a dangerous Trojan that is being used to compromise player’s accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.

If your account has been compromised recently, I’d recommend looking for the Trojan. It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either “Disker” or “Disker64″. It will usually appear like this:

Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup


We are currently looking for more information on the Trojan. We have not been able to locate any anti-virus programs that will remove it besides just reformatting your system. If you have been recently compromised and find it on your system please reply with the following pieces of information.

  • Your MSInfo.
  • A list of any addons you recently installed along with where you got them.
  • A list of any programs you recently installed along with where you got them.
  • Any security programs you have run and their results.