Since this is still a problem, I thought I'd post a reminder to people to be careful about what they download. The following
post is taken from Blizzard's
Customer Service Forum:
Key-loggers which steal account names and passwords continue to circulate. We remind players to be especially vigilant when being directed to external websites and to update the security on their computers. The following sticky has a bit of information that we have compiled to help ensure your computer is up to date, and secure. We have recently decided to break this long read up into a few smaller posts; making it easier to take in. This also allows us to link to specific portions for a player that may only need to see one segment, and not the whole post.
Table of Contents:
|
In addition to Blizzard's post, we have a very helpful sticky thread in our Chit Chat forum by Tsurani that has a lot of great info and links about computer security,
here.
That being said, you can rest assured that we continue to do everything we can to try to provide you with the safest downloads possible. Our approval process for any mod on the site (new
or even just an update) continues to be a manual process for precisely this sort of reason. For those of you who aren't aware of our process, any mod that is submitted to the site, whether brand new or an update, goes to a file moderation queue. One of the site staff downloads the mod to their computer, runs virus and spyware scans on it, checks to make sure there are no executable files* of any type in the compressed folder and only after everything checks clean is the mod approved for download by our users. In addition to our manual scans upon upload, we also have automatic virus and spyware scans of our
entire database
every night. It may take us a little bit longer that way and makes more work for us on our approval process, but we feel it is important enough to warrant the time and effort.
*Yes, there are some executables on the site, however the only way an executable is ever allowed on the site requires the author submitting their source code for us to decompile first, to verify precisely what it does and that it is safe for our users. If someone isn't willing to submit their source to us, their mod doesn't get on our site.
Finally, I have to warn you that unfortunately someone apparently uploaded a trojan to incgamers.com which has made its way to their UICentral automatic downloader/installer. You can see the post concerning it, complete with all the technical details of what the trojan does,
here. I know that Rushster has been made aware of it and I have no doubt that he is taking the appropriate steps to deal with it. However, if you have used incgamers' UICentral in the last couple days, you really should consider running a full system virus and spyware scan.
If you discover you did get infected, the following steps should completely remove it from your system (courtesy Zappam, over on incgamers' forums,
here):
1. Boot in Safe Mode.
2. Click on Start > Execute. Write regedit.
3. Go to HKEY_LOCAL_MACHINE > SYSTEM > ControlSet001 > Services > WZCSVC > Parameters.
4. Change ServiceDll value to "%SystemRoot%\System32\wzcsvc.dll" (without quotes).
5. Go to C:\WINDOWS\system32\.
6. Click on Tools > Options > View then untick "hide system files".
7. Delete mouse.dll and wzcsvbc.dll. Reboot.