Tuesday, April 22, 2008

A Plan Of Action

I've run just about everything I can at my computer. I've tried several free or time limited Virus Scanners, Trojan Removers, Ad scanners, Spyware Scanners. They all found nothing that would point to a culprit.

I've even put a HiJackThis log on BleepingComputer.com.

They take at least a week for their volunteers to get back to you.

I can't wait that long.

So what to do?

I'm going to reformat my hard drive and reinstall Windows and Warcraft. I've backed up everything I could think of (documents, pictures, music, etc).

Since I was running McAfee at the time I was hacked, I lost a bit of confidence in them. I realize it might not have been their fault, but I run their software to protect me from stuff like this, and I wasn't protected. I'm not sure if I'll go with something like a Norton or go a la carte and get a combination of AVG or Avast, ZoneAlarm, and Adware/Spybot. I don't mind spending some real money to get real protection.

I'm going to get Firefox with the No Script addon. I'm debating making a partition for Ubuntu and using Ubuntu when I'm doing web stuff and Windows for Gaming. That might mean I would have to dual boot the machine, which is not something I really want to do. I still need the computer to be usable by my non techy wife and daughter.

I STILL don't know how I got hacked. Was it a Mod, or a Website, or something else.

Speaking of Mods, I'm going to have to be really careful where I get my mods. I've heard both Curse and WoW Ace are not safe. I'm going to try to go with as few mods as possible. Omen, Deadly Boss Mods, Enemy CastBar, Xperl, Grid, OneBag/OneBank, ItemRack, and some sort of Damage Meter. I would love to get Auctioneer too.

I'm not sure what else I can do to keep myself safe. I don't have the cash to run out and buy a Mac, plus our vent doesn't work well with Macs anyway.

I just know I never want to go through this again.


slayerboy said...

Hiya! I've been reading your blog for a while now, and I really enjoy it! Couple words of advice on this issue.

Since you're already thinking about dual-booting Ubuntu and Windows, why not try WoW in Ubuntu with Wine and WineFix (google search: Winefix and click on the first real link). This is how I have my system setup and it works amazingly well. You do have to have a slightly beefier computer to use WoW in Wine, and the configuration can be iffy depending on the hardware you have, but check the ubuntu forums out on that, they have a ton of info on WoW and ubuntu.

As far as mods, I have roughly 200 mods installed. I use WUU (WoW UI Updater) and it works well under Linux and grabs from all the major mod sites.

The big problem right now is mods that come with exe's. People think that they can just simply click and run the exe's and they open up their system. Also, if you use an IM program that displays ads, it's very likely that the service you are using has no control over the ads, and thus could be infecting your system. firefox with Noscript is a good way to start, but doesn't resolve all problems.

I can't say that Linux is the most secure thing out there and that I'll never get hit. I always keep my guard up online. Sad to say, but I also use AdBlockPlus in Firefox so that I don't even get affected by these ads that are causing problems.

I haven't used windows at home in years, so I haven't had a chance to test any new stuff out there, but I've always hated McAfee, and Norton is worse. I always, and still do, recommend AVG, and Comodo personal Firewall, along with Adaware, and spybot.

Good luck! I know this must be a trying time for you, and it's a shame that Blizzard doesn't see the damage that this is causing the community as a whole. Try Ubuntu, I think you'll like running WoW in Linux :)

Anonymous said...

just thought i would let you know you can get auctioneer directly from its developer at www.auctioneeraddon.com

Galoheart said...

Probably make FireFox your default browser with No Script and Add Blocker and maybe remove IE if you can among all else.

I know a week or two back Curse, Ace and a few others has problems with keyloggers or trojans found in some of the ads on their site. Seems they were removed then but who knows how much damage that may have caused before it was found and to whom it infected before they removed them. Can't be too careful these days at least playing WoW. I hate to think their might be one sleeping on my PC through some odd reason.

My drive will be clean this weekend and WoW reinstalled. At least I'll know I'm working with a clean slate. I play games on my Desktop Mac and surf on my Mac laptop or for WoW stuff.

bobpally said...

There's a very good chance that it wasn't your machine that was hacked. It was your wow account yes, but it very well could have been your friends pc instead. I looked at the precautions you stated you've taken and can't see how someone could have gotten a keylogger onto your terminal with your protections running. Because of what key loggers do to your registry and the way they run, it should have been picked up as spyware almost immediately. Norton isn't the exact answer you're looking for as it grabs too many resources on startup. I'm not a big fan of dummy proof protection suites such as Norton, or McAfee. They just steal too many resources and aren't designed for the pc savy user. I personally use a combination of different software that I can scale and customize to my own protection needs. If you're going to run Ubuntu be prepared to do a little research and alot of work to get everything working together. I wouldn't reccomend dual booting with your non techy wife also wanting to use the same pc as several conflicts can arise from her inadvertantly doing the wrong thing at the wrong time. (take it from someone who's married and shares a pc with his significant other) The best advice I can give you is to get an older pc on the cheap to use specifically for downloads and scans of software you intend to install. Don't run a single exe file from downloads on the internet unless you know exactly who published it, and know the site you're on is secure. If you use a second pc for downloads from the internet you can use all of your security tools on whatever you download to insure that your main pc will not be infected. I have been using wowinterface for a source of dls for addons for quite a while now and haven't ran into a single problem. Sometimes they lag a little in the timing of updating patches with newer ones, but overally I've been pretty satisfied that I haven't recieved any malicious software from their site. Goodluck with whatever you decide on. If there's anything I can help you with, please let me know....

Bobpally (bobnation.blogspot)

kuroshiro said...

Another thing you might consider is using something like VMware Player to run linux (or a separate windows installation) without having to reboot. If you're not familiar with VMware, it's software that lets you create a virtual machine running on top of your existing one, that's completely separate. There are a number of different products, but for what you want VMware Player is probably sufficient, since it doesn't run all the time. VMware Server is a more featureful product, but it has services running all the time which can be a drag on the system. Both are free.

Here is a virtual appliance for virus free browsing. It's an older version of ubuntu. (5.10) Here's one for ubuntu 7.10.