Aenigma

A Burning Legion World of Warcraft Guild

Forums || DKP || Apply

Incgamers' UICentral Trojan Infected

Talk about whatever here.

Moderators: Snow, Lemmiwinks, futureal

Incgamers' UICentral Trojan Infected

Postby Caz on Wed Jan 16, 2008 3:43 pm

Ripped from http://www.mmo-champion.com

---------------------------

Incgamers' UICentral Trojan Infected
Update : Rushster has since moved the file to a separate server to avoid this happening again. If you'd like to read more about the issue, see the thread on Incgamers here: http://wowui.incgamers.com/?p=mod&m=2106.

Cairenn, an admin of WoWInterface.com posted this thread on the official forums to warn users about a potential trojan in the latest version of incgamers'UICentral (the tool used to auto update your mods).

(4:07:58 PM) Shirik: So here's the deal. UI Central is packaged with a program "patcher.exe" which has code in it to go download an "update.exe" from a non-incgamers site
(4:08:05 PM) Shirik: update.exe is then immediately run
(4:08:51 PM) Shirik: update.exe proceeds to install itself as wzcsvbc.dll
(4:10:01 PM) Shirik: It installs that from a remote site if possible, and if that fails it will instead use its own copy
(4:10:26 PM) Shirik: It then registers itself with lsass.exe so that it can be resident at every startup while remaining hidden
(4:10:43 PM) Shirik: After all that's complete, update.exe attempts to delete itself and shut down

Now luckily for everyone (in one sense) it is the same one as showed up previously. Therefore, we already know how to get rid of it.

If you're using this software, I suggest that you read the whole thread and check your system to make sure it's not infected.
Image
User avatar
Caz

 
Posts: 684
Joined: Mon Aug 01, 2005 1:04 pm
Location: Washington DC

Return to Public Discussion

Who is online

Users browsing this forum: Google [Bot] and 8 guests

cron