#0 - April 30, 2008, 9:04 p.m.
I wanted to give you guy a heads up regarding a discovery that a recent version of Fraps was infected with the SpyLock software, which lead to the Trojan called Trojan.Crypt.FKM.Gen being installed in a Microsoft applicaiton, which in turn was used to key log several accounts, some of which belong to a few friends of mine. This resulted in the standard bad and evil things hackers do to accounts. I believe you are helping them restore their gear and gold now, and I'm sure you all will give them the help they need, etc...
However, I know that you occasionally investigate such things. As such, I wanted to be sure to give you guys the heads up:
The article I wrote for WoW Insider is here: http://www.wowinsider.com/2008/04/30/virsus-infected-fraps-steals-account-information/
A complete virus scan follows. Perhaps this can be of use.
Best of luck in fighting the hackers,
Adam.
Avira AntiVir Personal
Report file date: Wednesday, April 30, 2008 12:22
Scanning for 1244024 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: TARDIS
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
[SNIP]
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '34' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Fraps\fraps.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.SpyLocked.J
[NOTE] The file was deleted!
C:\Program Files\NetMeeting\mstinit.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[WARNING] The file could not be deleted!
C:\System Volume Information\_restore{BDE22EC4-7ABA-4C59-83FE-DBF075850A07}\RP423\A0031148.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.SpyLocked.J
[NOTE] The file was deleted!
End of the scan: Wednesday, April 30, 2008 13:16
Used time: 53:35 min
The scan has been done completely.