Hacked...Curse Client the Culprit?

#0 - June 20, 2010, 3:34 p.m.

Hello:

My account was hacked back on June 2nd, and I just got it back today. During the down-time, I spent an awful lot of time tracking down the source of the leak from my machine, and found something interesting. Utilizing Mark Russinovich's rootkitrevealer, I found 15 "Curse Client" files hidden from the Windows API. I used Icesword to delete them.

This is the only suspicious activity I've found on my laptop, and believe me....I've looked EVERYWHERE. I can think of no viable reason for curse to lock its "Curse Client" out of the API, which means I've also uninstalled it as well.

I'm posting here in an effort to aid others in the same prediciment.

Kudos to Blizzard for having all of my gear/items/gold waiting for me in my mailbox when I finally got back in, and damn them to hell for not answering the phone for three weeks!

Enjoy!

Aredek

#2 - June 20, 2010, 3:41 p.m.

I'm afraid that from afar this is not something we are able to diagnose, Xaniphera. That being said, there has been some talk of hackers mimicking popular addons and addon websites to trick players into downloading malicious software. As a result, you may want to make sure that the client you downloaded and the website you visited is legitimate.

For more information on how to secure your computer and recover your account, please review the following resources:

What to do if Your Account Has Been Compromised:
http://us.blizzard.com/support/article/30796

Account and Computer Security:
http://us.blizzard.com/support/article/30794