Trojan.wow.rg

[TimeParadoX]

I was scanning for viruses earlier today and found I had 11 traces of Trojan.wow.rg on my computer located in the patch files for World of Warcraft, I did a scan about 2-3 days before that and it found nothing, what could have caused the patch files to be corrupted?

Also can someone check my HJT log to make sure that it's not a process or something else causing it?


I did also change my password for WoW just incase it was a keylogger

 

[Jamba]

I found the exact same thing today. Are you using AVG as your anti-virus program?
I didn´t know what to think of it so I just deleted the files just in case. Would be nice to know if it actually is a trojan though.

 

[howard_hopkinso]

Your HJT log is clean. Unless you`re having any other problems, you should be ok.

I supposes it`s possible for this to have been a false positive. You could always have the patch files scanned over at Jotti`s.

Let us know the results.

Regards Howard

 

[TimeParadoX]

Well I have scanned a few more AVG anti-spyware and Avast! anti-virus and I haven't found the trojan.wow.rg again.

I also have another problem with Trojan.gen, it has been reappearing in my system a few times already, I don't know how it could be because I almost never go onto the internet except for techspot or newegg.

 

[howard_hopkinso]

Ok, mate, I think you need to follow the instructions HERE, then post the requested logfiles. We`ll then see if we can get to the bottom of this.

Regards Howard

This thread is for the use of TimeParadoX only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[TimeParadoX]

There, Sorry I took so long but my internet crapped out yesterday so I couldn't get online till today


Also I ran AVG anti-spyware / anti-virus and it didn't find anything, So I guess when I deleted the trojan.gen ( it was probably what kept generating the Trojan.wow.rg thing ) nothing started again

 

[momok]

Hi,

I noticed you have not posted your AVG anti spyware log.
Please run an AVG Anti Spyware full system scan and quarantine the files. Pictorial instructions HERE.

Have HijackThis fix this entry:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.
Drag the Combofix-Do.txt over on to Combofix.exe and release.

This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

Thereafter, please post fresh HJT and AVG Antispyware logs from normal mode and the ComboFix log from the safe mode instructions as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of TimeParadoX only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[TimeParadoX]

Thanks for your help Momoko

I can't make a AVG log because I didn't detect any malware to log about

Here are the other logs you asked about, for Combofix did you want me to use it in safemode or normal mode? ( I used normal mode, I sortof got confused because you just said to use combofix then at the end you said something about safe mode )

 

[momok]

Hi,

Your logs look clean now.

Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

You may also delete the C:\VundoFix Backups folder and its contents.

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of TimeParadoX only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[TimeParadoX]

Thanks momok, I did all the tips in that article you linked

 

[momok]

Well done! =)
Sensible online surfing habits are the best form of protection for anyone's system. I'm sure you'll be able to keep your system clean in the future.

 

[TimeParadoX]

Another WoW related virus came out today, it is found inside Worldofwarcraft/fmod.dll folder and it's name Generic5.jmy

I tried to reinstall WoW and it still appears, does anyone know how to fix?


-Edit-

I found the problem, apparently a AVG update from today ( or something like that ) caused the Fmod.dll file to be detected as a virus and that they will fix it in a new update coming soon.

Source: http://forums.worldofwarcraft.com/thread.html?topicId=174613980&sid=1

 

[momok]

Ah good. Thanks for the information. It will prove useful to other members searching our forums.

Regards,
Your friendly momok =)

This thread is for the use of TimeParadoX only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[xanimefanx]

not a good idea to have google toolbar or yahoo toolbar.

 

[kitty500cat]

Why not?

That doesn't really have anything to do with the topic at hand.

 

[TimeParadoX]

not a good idea to have google toolbar or yahoo toolbar.

It came with FireFox