- Dec 14, 2005
- 2,256
There is currently a key logger/trojan being distributed by the wow.incgamers.com website. Though the website is not purposely distributing the virus (I hope), their website was compromised by a hacker which uploaded virus downloads attached to the current UI Central mod installer (maybe more downloads from the site, I just found two different trojans in the ui central program, and will never go back to that site to check other downloads). If you downloaded p_20070331.zip which is still on their archived section of their website. Then the below pertains to you.
DESCRIPTION OF THE VIRUSES
Current Version of UI Central
Version of the Trojan http://www.f-secure.com/v-descs/trojan-downloader.shtml description
Older Version of UI Central
The second version of the virus that is also being downloaded by executing an older version of UI Central had WOW with in the name of the virus
which is a 2006 version of the wow key logger.
How To Check if you have the virus
Easy way is, your interface is resetting, but just to make sure. Follow the below steps.
If you use F-Secure Anti Virus. It will detect it, but it will only remove a partial of the virus. Not the part that will reinstall its self.
You can check your registry by doing the following.
1. Click on Start > Run > Write regedit
2. Go to HKEY_LOCAL_MACHINE > SYSTEM > ControlSet001 > Services > WZCSVC
If the WZCSVC is inaccessible or is empty then you have the virus.
HOW TO REMOVE THE VIRUS
Reinstall OS - Sorry, but is the only way since this virus completely changes 3 or 4 registry entries and
completely removes one. Not counting the files that it installs on to your computer.
_________________
DESCRIPTION OF THE VIRUSES
Current Version of UI Central
Version of the Trojan http://www.f-secure.com/v-descs/trojan-downloader.shtml description
Older Version of UI Central
The second version of the virus that is also being downloaded by executing an older version of UI Central had WOW with in the name of the virus
which is a 2006 version of the wow key logger.
How To Check if you have the virus
Easy way is, your interface is resetting, but just to make sure. Follow the below steps.
If you use F-Secure Anti Virus. It will detect it, but it will only remove a partial of the virus. Not the part that will reinstall its self.
You can check your registry by doing the following.
1. Click on Start > Run > Write regedit
2. Go to HKEY_LOCAL_MACHINE > SYSTEM > ControlSet001 > Services > WZCSVC
If the WZCSVC is inaccessible or is empty then you have the virus.
HOW TO REMOVE THE VIRUS
Reinstall OS - Sorry, but is the only way since this virus completely changes 3 or 4 registry entries and
completely removes one. Not counting the files that it installs on to your computer.
_________________