A Plan Of Action

-

I've run just about everything I can at my computer. I've tried several free or time limited Virus Scanners, Trojan Removers, Ad scanners, Spyware Scanners. They all found nothing that would point to a culprit.

I've even put a HiJackThis log on BleepingComputer.com.

They take at least a week for their volunteers to get back to you.

I can't wait that long.

So what to do?

I'm going to reformat my hard drive and reinstall Windows and Warcraft. I've backed up everything I could think of (documents, pictures, music, etc).

Since I was running McAfee at the time I was hacked, I lost a bit of confidence in them. I realize it might not have been their fault, but I run their software to protect me from stuff like this, and I wasn't protected. I'm not sure if I'll go with something like a Norton or go a la carte and get a combination of AVG or Avast, ZoneAlarm, and Adware/Spybot. I don't mind spending some real money to get real protection.

I'm going to get Firefox with the No Script addon. I'm debating making a partition for Ubuntu and using Ubuntu when I'm doing web stuff and Windows for Gaming. That might mean I would have to dual boot the machine, which is not something I really want to do. I still need the computer to be usable by my non techy wife and daughter.

I STILL don't know how I got hacked. Was it a Mod, or a Website, or something else.

Speaking of Mods, I'm going to have to be really careful where I get my mods. I've heard both Curse and WoW Ace are not safe. I'm going to try to go with as few mods as possible. Omen, Deadly Boss Mods, Enemy CastBar, Xperl, Grid, OneBag/OneBank, ItemRack, and some sort of Damage Meter. I would love to get Auctioneer too.

I'm not sure what else I can do to keep myself safe. I don't have the cash to run out and buy a Mac, plus our vent doesn't work well with Macs anyway.

I just know I never want to go through this again.

Comments

Anonymous said…
Hiya! I've been reading your blog for a while now, and I really enjoy it! Couple words of advice on this issue.

Since you're already thinking about dual-booting Ubuntu and Windows, why not try WoW in Ubuntu with Wine and WineFix (google search: Winefix and click on the first real link). This is how I have my system setup and it works amazingly well. You do have to have a slightly beefier computer to use WoW in Wine, and the configuration can be iffy depending on the hardware you have, but check the ubuntu forums out on that, they have a ton of info on WoW and ubuntu.

As far as mods, I have roughly 200 mods installed. I use WUU (WoW UI Updater) and it works well under Linux and grabs from all the major mod sites.

The big problem right now is mods that come with exe's. People think that they can just simply click and run the exe's and they open up their system. Also, if you use an IM program that displays ads, it's very likely that the service you are using has no control over the ads, and thus could be infecting your system. firefox with Noscript is a good way to start, but doesn't resolve all problems.

I can't say that Linux is the most secure thing out there and that I'll never get hit. I always keep my guard up online. Sad to say, but I also use AdBlockPlus in Firefox so that I don't even get affected by these ads that are causing problems.

I haven't used windows at home in years, so I haven't had a chance to test any new stuff out there, but I've always hated McAfee, and Norton is worse. I always, and still do, recommend AVG, and Comodo personal Firewall, along with Adaware, and spybot.

Good luck! I know this must be a trying time for you, and it's a shame that Blizzard doesn't see the damage that this is causing the community as a whole. Try Ubuntu, I think you'll like running WoW in Linux :)
April 22, 2008 at 5:51 PM
Anonymous said…
just thought i would let you know you can get auctioneer directly from its developer at www.auctioneeraddon.com
April 22, 2008 at 5:54 PM
Ardent Defender said…
Probably make FireFox your default browser with No Script and Add Blocker and maybe remove IE if you can among all else.

I know a week or two back Curse, Ace and a few others has problems with keyloggers or trojans found in some of the ads on their site. Seems they were removed then but who knows how much damage that may have caused before it was found and to whom it infected before they removed them. Can't be too careful these days at least playing WoW. I hate to think their might be one sleeping on my PC through some odd reason.

My drive will be clean this weekend and WoW reinstalled. At least I'll know I'm working with a clean slate. I play games on my Desktop Mac and surf on my Mac laptop or for WoW stuff.
April 22, 2008 at 10:40 PM
bobpally said…
There's a very good chance that it wasn't your machine that was hacked. It was your wow account yes, but it very well could have been your friends pc instead. I looked at the precautions you stated you've taken and can't see how someone could have gotten a keylogger onto your terminal with your protections running. Because of what key loggers do to your registry and the way they run, it should have been picked up as spyware almost immediately. Norton isn't the exact answer you're looking for as it grabs too many resources on startup. I'm not a big fan of dummy proof protection suites such as Norton, or McAfee. They just steal too many resources and aren't designed for the pc savy user. I personally use a combination of different software that I can scale and customize to my own protection needs. If you're going to run Ubuntu be prepared to do a little research and alot of work to get everything working together. I wouldn't reccomend dual booting with your non techy wife also wanting to use the same pc as several conflicts can arise from her inadvertantly doing the wrong thing at the wrong time. (take it from someone who's married and shares a pc with his significant other) The best advice I can give you is to get an older pc on the cheap to use specifically for downloads and scans of software you intend to install. Don't run a single exe file from downloads on the internet unless you know exactly who published it, and know the site you're on is secure. If you use a second pc for downloads from the internet you can use all of your security tools on whatever you download to insure that your main pc will not be infected. I have been using wowinterface for a source of dls for addons for quite a while now and haven't ran into a single problem. Sometimes they lag a little in the timing of updating patches with newer ones, but overally I've been pretty satisfied that I haven't recieved any malicious software from their site. Goodluck with whatever you decide on. If there's anything I can help you with, please let me know....

Bobpally (bobnation.blogspot)
April 23, 2008 at 11:21 AM
Kuroshiro said…
Another thing you might consider is using something like VMware Player to run linux (or a separate windows installation) without having to reboot. If you're not familiar with VMware, it's software that lets you create a virtual machine running on top of your existing one, that's completely separate. There are a number of different products, but for what you want VMware Player is probably sufficient, since it doesn't run all the time. VMware Server is a more featureful product, but it has services running all the time which can be a drag on the system. Both are free.

Here is a virtual appliance for virus free browsing. It's an older version of ubuntu. (5.10) Here's one for ubuntu 7.10.
April 23, 2008 at 12:58 PM
Post a Comment

Popular posts from this blog

Goblin versus Gnome Engineering in Cataclysm

-
I’ve made some changes based on the comments, and may continue to do so. As I worked up my Hunter’s Engineering, I got to the point of choosing between Goblin and Gnome Engineering. I’m doing this with an eye towards Cataclysm. I found very little help in several web searches, so I thought I would use my own reasoning as a guide to others who might be facing this choice. There was some talk about removing specializations from professions which would remove the choice entirely. I actually hoped this was route the developers would take. The profession specializations have been removed from Leatherworking, Tailoring, and  Blacksmithing. They have NOT been removed from Engineering or Alchemy. Jewelcrafting, Inscription, and Enchanting never had specializations to begin with. As of this writing (11.27.2010) Goblin and Gnome Engineering are still in play. However, there are no known Goblin or Gnome specialization recipes for 80 to 85, and if you base it on the materials needed the last Go
Read more

Cataclysm Profession Bonuses

-
Image
I mentioned towards the end of my last post that I would be switching my Hunter from Skinning to Engineering. Well the little caveat I made about not gimping myself turned out to be pretty important. I had a brief Twitter conversation with Fiest the Rogue. If you care about high end PVE raiding, you need to be following @ FiesttheRogue . He is a tremendous resource and very helpful. He gave me a link to an EJ article and explained to me that for melee DPS and Hunters Engineering is not competitive with what is provided by the other professions. Its fantastic for casters apparently, but I'm not a caster. Other classes can get equal STR or INT to the AGI you see here. Tanks have the option for Stamina. Alchemy - mixology (longer, better flasks), Alchemist Stone (special trinket - Mastery), and Flask of Enhancement (special flask +80 AGI) Blacksmithing - socket bracers, gloves (2 extra gems ~=+80 AGI) Enchanting - Ring Enchants (AGI to two rings ~= 80 AGI) Inscription -
Read more

Raid Comp Tool

-
Image
Thanks to Matticus to telling me about this on Twitter. mmo-champion has produced a new Raid Composition tool, you can see it here: http://raidcomp.mmo-champion.com/ On the left you have all 30 'classes'. Every spec of every class is presented. In the center are your groups. I have no idea why they have this set up with 8 groups. You'd only ever see 8 groups (40 players) in AV and you have almost 0 control over the composition in that arena. Then on the right you have the raid buffs, and a count of Healers, Ranged, Melee, and Tanks. You drag the class from the left and drop it on the raid group slot. Your count is increased, and the buffs that you have covered light up in green. Let me pick a class/spec completely at random. Protection Paladin. There. Say you pull over a Protection Paladin and put them in group 1. Your Tank count goes to 1 and you can see Mana Restore (Judgement of Wisdom), Melee Attack Speed Slow (Judgement of the Just), and Healing Received (Impro
Read more