• Listen to a special audio message from Bill Roper to the Hive Workshop community (Bill is a former Vice President of Blizzard Entertainment, Producer, Designer, Musician, Voice Actor) 🔗Click here to hear his message!
  • Read Evilhog's interview with Gregory Alper, the original composer of the music for WarCraft: Orcs & Humans 🔗Click here to read the full interview.

Possibly Wc3 Threatening Virus

Status
Not open for further replies.
Level 8
Joined
May 7, 2007
Messages
278
I was going through my Windows Task Manager's processes and saw an unusual name:

wcsntfy.exe

I went through google to see what it was, heres some info taken from: http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BYD&VSect=T



File type: PE

Memory resident: Yes

Size of malware: 102,286 Bytes

Ports used: Random

Initial samples received on: Aug 5, 2005

Vulnerability used: (MS04-011) Security Update for Microsoft Windows (835732), (MS03-007) Unchecked Buffer In Windows Component Could Cause Server Compromise (815021), (MS03-026) Buffer Overrun In RPC Interface Could Allow Code Execution

Payload 1: Steals the Microsoft Windows product ID and the CD keys of games

Payload 2: Compromises system security

Payload 3: Terminates processes


I'm worried about it stealing my Wc3 cd keys mostly. My AVG Free scanner is not picking up anything though. Is this normal? Every site i've been to says its a virus. If you guys could help, that'd be great. The sooner I can figure out how to get this shit off my computer the better. (as you can see, i'm not that computer savy.)

Every time I try and end process, it starts back up again.
 
Level 8
Joined
May 7, 2007
Messages
278
Well, it seems that AVG found the files it's trying to infect... (it tried to infect JassCraft...wtf?) AVG says that it deleted the infections and spyware, but it's still running in task manager. Going to go download something else to find it... *sigh*
 
Status
Not open for further replies.
Top