Source : http://millenium.speka.net/FauxRhum/vie ... php?t=9895
Décrit sur le site de SYMANTEC (antivirus norton), un virus spécial wow.
Ce virus est un "ver" qui piste votre mot de passe WoW et le communique au créateur du virus...
Il s'appelle PWsteal.woW. Voici sa description et la technique pour le detecter et l'enlever "à la main" (en anglais). Sinon payez vous un bon anti virus...
http://search.symantec.com/custom/us/query.html
suffit de mettre PWSteal.Wowcraft
Résultat
Discovered on: July 30, 2005
Last Updated on: August 01, 2005 02:52:08 PM
PWSteal.Wowcraft is a password-stealing Trojan horse that attempts to steal the password to the "World of Warcraft" game and send it to the creator of the Trojan.
Type: Trojan Horse
Infection Length: 34,304 bytes, 43,008 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Technical details:
When PWSteal.Wowcraft is executed, it performs the following actions:
1. Copies itself as one of the following:
* %ProgramFiles%\svhost32.exe
* %ProgramFiles%\rundll32.exe
* %ProgramFiles%\Internat.exe
Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
2. Creates the following file:
%System%\msdll.dll
Note: %System% is a variable. The Trojan locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
3. Adds the value:
"load" = "[Path of the dropped file from step 1]"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the file runs every time Windows starts.
4. Injects msdll.dll into other running processes, including explorer.exe, so that it can monitor for passwords entered.
5. Attempts to initiate a keylogging process upon finding windows associated with "wow.exe", "Launcher.exe", "www.wowchina.com" or "signup.worldofwarcraft.com".
6. Emails the gathered online "World of Warcraft" passwords to the Trojan's author.
7. Attempts to disable processes or windows which contain the following strings, some of which may be security related:
* EGHOST.EXE
* MAILMON.EXE
* KAVPFW.EXE
* Ravmon.exe
* Ravmond.exe
* ZoneAlarm
8. Attempts to download and execute files from the Internet.
Note: Source: symantec.com
(Gathered from www.dawnguild.net)
http://securityresponse.symantec.com/av ... craft.html
ça craint
Mais cette info est dispo depuis plusieurs semaines sur le forum général de wow 
