TechSpot

Trojan.wow.rg

By TimeParadoX
Jun 19, 2007
  1. I was scanning for viruses earlier today and found I had 11 traces of Trojan.wow.rg on my computer located in the patch files for World of Warcraft, I did a scan about 2-3 days before that and it found nothing, what could have caused the patch files to be corrupted?

    Also can someone check my HJT log to make sure that it's not a process or something else causing it?


    I did also change my password for WoW just incase it was a keylogger
     
  2. Jamba

    Jamba TS Rookie

    I found the exact same thing today. Are you using AVG as your anti-virus program?
    I didnĀ“t know what to think of it so I just deleted the files just in case. Would be nice to know if it actually is a trojan though.
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean. Unless you`re having any other problems, you should be ok.

    I supposes it`s possible for this to have been a false positive. You could always have the patch files scanned over at Jotti`s.

    Let us know the results.

    Regards Howard :)
     
  4. TimeParadoX

    TimeParadoX TS Rookie Topic Starter Posts: 2,273

    Well I have scanned a few more AVG anti-spyware and Avast! anti-virus and I haven't found the trojan.wow.rg again.

    I also have another problem with Trojan.gen, it has been reappearing in my system a few times already, I don't know how it could be because I almost never go onto the internet except for techspot or newegg.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, mate, I think you need to follow the instructions HERE, then post the requested logfiles. We`ll then see if we can get to the bottom of this.

    Regards Howard :)

    This thread is for the use of TimeParadoX only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. TimeParadoX

    TimeParadoX TS Rookie Topic Starter Posts: 2,273

    There, Sorry I took so long but my internet crapped out yesterday so I couldn't get online till today :(


    Also I ran AVG anti-spyware / anti-virus and it didn't find anything, So I guess when I deleted the trojan.gen ( it was probably what kept generating the Trojan.wow.rg thing ) nothing started again :)
     
  7. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I noticed you have not posted your AVG anti spyware log.
    Please run an AVG Anti Spyware full system scan and quarantine the files. Pictorial instructions HERE.

    Have HijackThis fix this entry:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.
    Drag the Combofix-Do.txt over on to Combofix.exe and release.

    This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

    Thereafter, please post fresh HJT and AVG Antispyware logs from normal mode and the ComboFix log from the safe mode instructions as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of TimeParadoX only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. TimeParadoX

    TimeParadoX TS Rookie Topic Starter Posts: 2,273

    Thanks for your help Momoko

    I can't make a AVG log because I didn't detect any malware to log about :D

    Here are the other logs you asked about, for Combofix did you want me to use it in safemode or normal mode? ( I used normal mode, I sortof got confused because you just said to use combofix then at the end you said something about safe mode )
     
  9. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Your logs look clean now.

    Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

    You may also delete the C:\VundoFix Backups folder and its contents.

    Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of TimeParadoX only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. TimeParadoX

    TimeParadoX TS Rookie Topic Starter Posts: 2,273

    Thanks momok, I did all the tips in that article you linked :)
     
  11. momok

    momok TS Rookie Posts: 2,265

    Well done! =)
    Sensible online surfing habits are the best form of protection for anyone's system. I'm sure you'll be able to keep your system clean in the future.
     
  12. TimeParadoX

    TimeParadoX TS Rookie Topic Starter Posts: 2,273

    Another WoW related virus came out today, it is found inside Worldofwarcraft/fmod.dll folder and it's name Generic5.jmy

    I tried to reinstall WoW and it still appears, does anyone know how to fix?


    -Edit-

    I found the problem, apparently a AVG update from today ( or something like that ) caused the Fmod.dll file to be detected as a virus and that they will fix it in a new update coming soon.

    Source: http://forums.worldofwarcraft.com/thread.html?topicId=174613980&sid=1
     
  13. momok

    momok TS Rookie Posts: 2,265

    Ah good. Thanks for the information. It will prove useful to other members searching our forums.

    Regards,
    Your friendly momok =)

    This thread is for the use of TimeParadoX only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. xanimefanx

    xanimefanx TS Rookie Posts: 82

    not a good idea to have google toolbar or yahoo toolbar.
     
  15. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Why not?

    That doesn't really have anything to do with the topic at hand.
     
  16. TimeParadoX

    TimeParadoX TS Rookie Topic Starter Posts: 2,273

    It came with FireFox
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...