Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

CAUTION: UICENTRAL and wow.incgamers.com user

Forum Avatar
Kraqule
#0 - Nov. 29, 2007, 2:11 a.m.
Blizzard Post
As per request I am REPOSTING from the general board.


After being on the telephone with Blizzard and 7 hours of virus scanning later I finally found to root cause to why my key bindings and UI settings were not being saved. As Blizzard stated it was a trojan.

Luckily I keep around all install packages for situations like this and scanned my recently installed files and the last one I would expect to be a problem was. It is my opinion UICentral is the payload for a trojan that is designed to hijack WoW account information. This opinion is backed by 2 scans of 2 different UICENTRAL install packages. As you will notice the newer one has less hits than the older as "someone" is changing the trojan to try to avoid detection. No wonder Blizzard is having so many issues with account theft when the people providing the problems are so in tune with the community.

Here are the 2 Virus scan reports courtesy of virustotal.com:

File Setup_20070331.zip received on 11.29.2007 00:15:51 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 8/32 (25%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.11.29.0 2007.11.28 -
AntiVir 7.6.0.34 2007.11.28 -
Authentium 4.93.8 2007.11.28 -
Avast 4.7.1074.0 2007.11.28 -
AVG 7.5.0.503 2007.11.28 -
BitDefender 7.2 2007.11.28 Trojan.Generic.75196
CAT-QuickHeal 9.00 2007.11.28 -
ClamAV 0.91.2 2007.11.28 Trojan.Delf-2177
DrWeb 4.44.0.09170 2007.11.28 DLOADER.Trojan
eSafe 7.0.15.0 2007.11.28 suspicious Trojan/Worm
eTrust-Vet 31.3.5334 2007.11.28 -
Ewido 4.0 2007.11.28 -
FileAdvisor 1 2007.11.29 -
Fortinet 3.14.0.0 2007.11.28 -
F-Prot 4.4.2.54 2007.11.28 -
F-Secure 6.70.13030.0 2007.11.28 Trojan-Downloader.Win32.Agent.eyx
Ikarus T3.1.1.12 2007.11.28 Trojan.Win32.Agent.FO
Kaspersky 7.0.0.125 2007.11.29 Trojan-Downloader.Win32.Agent.eyx
McAfee 5173 2007.11.28 -
Microsoft 1.3007 2007.11.28 -
NOD32v2 2692 2007.11.28 -
Norman 5.80.02 2007.11.28 -
Panda 9.0.0.4 2007.11.28 -
Prevx1 V2 2007.11.29 Generic.Malware
Rising 20.20.21.00 2007.11.28 -
Sophos 4.23.0 2007.11.28 -
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.28 -
TheHacker 6.2.9.144 2007.11.28 -
VBA32 3.12.2.5 2007.11.28 -
VirusBuster 4.3.26:9 2007.11.28 -
Webwasher-Gateway 6.6.2 2007.11.28 -

THE VERSION FOR DOWNLOAD TODAY:

File UICentralSetup-1194307582.zip received on 11.29.2007 00:26:43 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 3/32 (9.38%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 54 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.11.29.0 2007.11.28 -
AntiVir 7.6.0.34 2007.11.28 -
Authentium 4.93.8 2007.11.28 -
Avast 4.7.1074.0 2007.11.28 -
AVG 7.5.0.503 2007.11.28 -
BitDefender 7.2 2007.11.28 -
CAT-QuickHeal 9.00 2007.11.28 -
ClamAV 0.91.2 2007.11.28 -
DrWeb 4.44.0.09170 2007.11.28 DLOADER.Trojan
eSafe 7.0.15.0 2007.11.28 -
eTrust-Vet 31.3.5334 2007.11.28 -
Ewido 4.0 2007.11.28 -
FileAdvisor 1 2007.11.29 -
Fortinet 3.14.0.0 2007.11.28 -
F-Prot 4.4.2.54 2007.11.28 -
F-Secure 6.70.13030.0 2007.11.28 -
Ikarus T3.1.1.12 2007.11.28 -
Kaspersky 7.0.0.125 2007.11.29 Heur.Invader
McAfee 5173 2007.11.28 -
Microsoft 1.3007 2007.11.29 -
NOD32v2 2692 2007.11.28 -
Norman 5.80.02 2007.11.28 -
Panda 9.0.0.4 2007.11.28 -
Prevx1 V2 2007.11.29 Heur
Forum Avatar
Slouken
#14 - Nov. 29, 2007, 5:52 a.m.
Blizzard Post
/bump

I haven't personally verified this, but as always you should never download any AddOn package that contains an executable unless you completely trust the source.