While browsing the wow forums today, some guy posted saying:

Splendid Picture!

ttp://site.2118.com.cn/goto.php?d=2541&urlname=PVP


I clicked on it and it brought me into some german site full or gibberish i could not understand. Other people replied to him calling him a keylogger, and Now Im scared ****less!
But when I did open the page, My Norton Anti-Virus or firewall didnt detect anything..

Can someone confirm if It is or isnt a keylogger?

update your anti-virus software and do a full scan, then get to an uncompromised computer and change your WoW password asap.

Most likely a keylogger and you should change the URL in your quote so someone doesn't click on it by accident.

and i just noticed this was posted on a brand new account. pretty clever way of spreading your keylogger lol.

Most likely a keylogger and you should change the URL in your quote so someone doesn't click on it by accident.

Ok hold on, sorry about that.

Anyways I went on my dads laptop to change my pass on the wow main site.

Right now Im running a scan on this comp.

A scan with what software?

A scan with what software?

Norton AntiVirus.

Man Im so eager to play WoW, but Im so paranoid about that possible keylogger.. :(

As you are trying to get rid of a keylogger, you should try using anti-spyware tools, not anti-virus, and to be honest Norton is fairly poor at doing that. It isn't build to protect from keyloggers primarily. Try reading and downloading some of the scanners in this sticky thread: http://wow.incgamers.com/forums/showthread.php?t=377450 Ad Aware SE Personal and Spybot S & D are strongly recommended.

Ok so far I scanned my comp with ADAware, and it found nothing but like..cookies.

My S&D Scanner found registries or something like that, and I fixed those.

So was it removed by S&D? Or did I not get a keylogger?

I'd say it should be safe to log into WoW now but I'd make sure you have your Dad's laptop handy just in case. If you get disconnected mid-game, immediately go and change your password from his laptop.

It should be safe to use the machine if those two are now doing complete sweeps and finding nothing of note. Keyloggers struggle to hide themselves well. Do you have a firewall? If you do not, seek and download Zonealarm. The most important step of any data miner, like a keylogger, is sending a transmission back to it's master at some point. A firewall sifts through your connection and questions all transmissions, only programs with autorisation may pass, and you give the clearence. As opposed to the default system where everything flows in and out, no questions asked regarding who they are or what they're transmitting, like a virus stealing information or a DOS attack being launched from your computer via a remote script. If you want to stop keyloggers, a firewall is an essential tool that should be running at all times.

Note: Windows XP and Vista have thier own, very useless firewalls. Basically a half assed job, only monitoring incoming connections, not the outbound. You could have keyloggers galore spilling hundreds of kilobytes of data every second, and Windows won't pick up on it. Thier offical stance is "It's not needed", in practical terms "We didn't want to spend our money developing better protection, and assume that one layer of security is going to work 100% of the time". Multiple layers is the key, Inbound and Outbound Firewall usage, Anti-Virus, and Anti-Spyware tools should be in the hands of all computer users. I only wish Microsoft would write such recommendations, it is almost criminal that they don't advise such free enhancements that could save millions in fraud and computer misuse cases.

Thier offical stance is "It's not needed", in practical terms "We didn't want to spend our money developing better protection, and assume that one layer of security is going to work 100% of the time". Multiple layers is the key, Inbound and Outbound Firewall usage, Anti-Virus, and Anti-Spyware tools should be in the hands of all computer users. I only wish Microsoft would write such recommendations, it is almost criminal that they don't advise such free enhancements that could save millions in fraud and computer misuse cases.

It would be criminal if they did write such a firewall and implemented it into their OS. They effectively have a monopoly on the OS market, that makes a lot of competition authorities very very wary about them. Even, if it were to make sense for them to implement something like that, then they'd get slapped with so many fines that even Microsoft would eventually go belly up.

So from a business perspective it's better if they keep their nose out of it. Even recommendations by Microsoft could be taken the wrong way, because of their position on the market.

Or to quote Ben Franklin: Best to remain silent and be thought a fool, than to open one's mouth and remove all doubt.

That's pretty much Microsoft's position.

It is one of the great pities of our time that things must be designed intentionally inferior when there is so much room for improvement yet held back by legislation. Alas.

While browsing the wow forums today, some guy posted saying:



I clicked on it and it brought me into some german site full or gibberish i could not understand. Other people replied to him calling him a keylogger, and Now Im scared ****less!
But when I did open the page, My Norton Anti-Virus or firewall didnt detect anything..

Can someone confirm if It is or isnt a keylogger?

Side note - any .cn link is highly likely to indeed contain a keylogger. Grab that firewall and tell it to keep unknown stuff from sending any data.

Additionally, you can put your password in an email to yourself from the other computer and copy/paste that one. That way you don't actually press any keys to log other than ctrl+c and ctrl+v.

Additionally, you can put your password in an email to yourself from the other computer and copy/paste that one. That way you don't actually press any keys to log other than ctrl+c and ctrl+v.

Side note that isn't 100% effective either though. There are some very sophisticated versions on the loose, that can even read the clipboard and/or virtual keyboards. So even if you see ************ then the program will read: actual password.

A non-infected stand-alone machine with full protection is about the only reasonable way to deal with this type of issue. It does require a subsequent complete scouring of the infected machine though, just to ensure that it is indeed no longer infected. And it would then indeed be prudent to subsequently provide said gaming machine with enough protection as well.