20
Dec
11

Curse Client Virus?

Has anyone else been infected with a virus through Curse Client this week?

I have 5 computers in my house, four with WoW installed.  We ran Curse Client on two of them and got an update of the client.  Almost immediately thereafter both computers had the same virus.  None of my other computers have the virus.

The report from my antivirus program clearly indicated that the virus was in Curse Client files, and the client no longer operated after the antivirus program cleaned the system.

I’m wondering if this was just an odd happenstance, or if Curse Client users around the county are seeing this.

About these ads

23 Responses to “Curse Client Virus?”


  1. December 20, 2011 at 8:07 am

    Haven’t updated, but thanks for the heads up! Will keep a look out now.

  2. 2 Zeenaa
    December 20, 2011 at 8:54 am

    Could be a false positive triggered by the update. Curse did something that possibly set off the advanced Heuristics of your antivirus software. I tried the curse client to manage my addons a couple years ago and because of this very same problem and some addons being messed up, I quit using it and now do it all manually.

    • December 20, 2011 at 1:59 pm

      It definitely was not a false positive. How do I know? I didn’t have any antivirus software running.

      I realized that I had a virus when it assaulted my computer, cut off my internet, blocked my access to any Windows administrator tools, prohibited access to Spybot and Malwarebytes, and filled my screen with windows falsely asking me to upgrade to Windows Security 7 or something like that.

      So it was definitely a virus. The only question is where did it come from? The antivirus report plus the timing seems to implicate CurseClient pretty specifically. However, if that was the case I’d hear of other cases.

  3. December 20, 2011 at 10:15 am

    I haven’t seen any instances of this, but please keep us posted – if it’s not a false positive, I’ll put out an alert on the Pot.

    What AV software are you using? Do other AV softwares confirm the virus?

    • December 20, 2011 at 2:04 pm

      After the virus made its presence known, it was detected and fixed with both Malwarebytes and Trend Micro HouseCall. On my other computer, it was found with SpyBot. As I said, its not a question of whether or not I had a virus, just a question of how it got there.

      I don’t keep antivirus software running in the background. My computer was 5+ years old with 1 MB of RAM. In order to run WoW smoothly I had to shut down any non-essential processes, and that includes background antivirus. I have very limited browsing activities – essentially just ESPN, CNN, Google+ and WoW sites. I don’t have a very high virus exposure.

      • 6 Zeenaa
        December 20, 2011 at 2:14 pm

        Well now..I’d say thats a good reason as any to say that it was a Trojan. If that did come from Curse, they are going to lose a lot of faith from many loyal users. I sincerely hope you got your computer cleaned out.

  4. 7 Stacotte
    December 20, 2011 at 5:37 pm

    Would be interested to know if you remember what (if any) mod updates Curse had for you prior to this awful scenario. I run 2 boxes – one Mac / one PC – and haven’t noticed this, but will certainly double check my wife’s PC since I know I ran updates on her mods within the last 7 days.

    If you recall what mods were updated, that might also help narrow down where it may have come from, if indeed it was passed through Curse.

  5. December 24, 2011 at 2:50 am

    I don’t like to jump to conclusions, but all signs are pointing to the Curse Client being the source for a virus spreading (Vista/Win7 Internet Security 2012), possibly through a malicious ad.

    Tonight after updating DBM through the client I was continually popped out of WoW because this “rogue” security software kept detecting “security threats” and proceeded to run a false “scan” to mislead me into believing that I had 29 trojans, back-doors, and other security vulnerabilities.

    These of course were all random files picked and were in no way actually compromised (other than possibly by this virus itself) but kept prompting me to register (for a large fee) to clean the “infections”.

    It hijacks your browser via proxy settings and embeds itself into your registry tagging all executable files (.exe) as security threats, making this virus very tedious to clean up.

    http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

    Follow those steps if what I’ve described is identical to the problems that you’re having. It’s time-consuming, but seems to be working (still doing a full scan via Malwarebytes). I’ll update you if I’m successful, or if I discover other news as to what is going on. (That is if I remember … 52 hour work week in 4 days … mind is mush right now)

    Nevik of the Overlores and Shattered Soulstone podcasts

    • December 24, 2011 at 10:01 pm

      That is exactly the virus I had.

      I haven’t read your lick but I did manage to get rid of it. I had to start Malwarebytes in Administrator mode, open up my Task Manager, and manually kill the virus process every time it popped up until Malwarebytes was running. Then it was all smooth.

      • December 24, 2011 at 10:02 pm

        FYI – Since this happened, several services in my Windows installation are not running. Can’t tell if this is from the virus or from what I did to kill it or from the AVG installation I did right after. In any case, I’m going to have to repair Windows =(

  6. 12 David
    December 26, 2011 at 4:24 pm

    Same here. “Win 7 Security 2012″ is the name of the virus. It’s coming from the advertisements from Curse’s ad rotation. I’ve gotten it both from the Curse client, and from visiting Curse-owned sites like ArenaJunkies.com. I just got it for the third time and cleaned it for the third time. Every single time, either the curse client was running, or I was on one of their websites.

    Running ComboFix WILL fix the issue – http://www.bleepingcomputer.com/download/anti-virus/combofix

    I’m going to e-mail these people and let them know they have a virus in their ad rotation. How they haven’t figured it out yet is beyond me. Sigh.

    • December 26, 2011 at 4:59 pm

      There is a discussion thread on the Curse Client customer service site. It consists of many people pointing out that Trend and Norton are flagging their client as infected, punctuated by the Curse people denying, denying, denying.

      I don’t think they want to hear that their client might be infected.

  7. 14 A K
    December 26, 2011 at 8:17 pm

    The virus went around my anti (panda security) and screwd my pc pretty bad… win7 security 2012 is called. Got infected after i updated curse. Didnt think it could be the cause but i got upgrade notice again today and win7 security pop’d up again. almost 1 1/2 week later? coincidence?

    • 15 A K
      December 26, 2011 at 8:20 pm

      @edit

      Just wanted to confirm ComboFix is useful for getting rid of the virus. Also, im getting a hunch to get malwarebyte’s antimalware, seems to work a lot better then panda. (and not heavy on cpu as some other solutions)

  8. 16 C Cook
    December 27, 2011 at 10:49 pm

    It was definitely a virus and it came from Spellfash in my case… It destroyed my windows and I had to re-install Windows 7 in order to get the computer back up and running… I am still not back to the way I was two days ago when it hit me…

  9. 17 Amber
    January 7, 2012 at 11:48 am

    I have also been hit with the Curse Client virus that causes “Win 7 Internet Security” to take over my computer. I couldn’t open any executable files, or task manager, or any programs besides the web page to buy their software. I had to boot up into safe mode and clean the registry of my computer, change the start-up in msconfig, and delete everything I could find related to this virus, to get my computer at least usable again. Win 7 Internet Security still pops up often, but it doesn’t control my computer the way it did. I also now constantly get redirects to different web pages displaying ads anytime I click on a link in my browser. My computer will randomly lock up and I have to do a hard reset.

    I’ve run Malwarebytes, Spybot, AVG, and none have even touched this virus. They all recognize it and say that they have deleted it, but it’s still going strong.

    I will be doing a reformat of my computer today. Thanks Curse Client! Just what I wanted to do on my Saturday off! -_- I will be avoiding your software until I see a guarantee that there is no chance of contracting a virus from you. What a fail.

    • January 10, 2012 at 8:51 pm

      Curse finally admitted that the virus came from them – not from their client, but from an advertisement that comes up while their client is running. Its still their responsibility to catch that stuff. Their stonewalling and denial before was frustrating, especially when it turns out that we were right and they were wrong.

      • 19 Zeenaa
        January 11, 2012 at 8:34 am

        It seems to be a common occurrence these days… Legitimate websites trying to capitalize on their web traffic or provide a free service or product by using Ad rotation services embedded into the website. Its these 3rd party Ad rotation services that pay out the click throughs on the Ads that seem to be getting compromised and the blame falls on the web site owner. Curse probably needs to re-evaluate who they use to put Ads into the site and the client.

  10. 20 Icon
    February 26, 2012 at 1:37 am

    same thing happening to me that how I found this forum. It is Curse and a virus (high in threat) is placed on your comp. How can you know? Well simple run a virus scan and when its detected delete it and curse will no longer work. May need to start manually install addons or by using other means other then curse.

  11. 21 Stan
    February 5, 2013 at 3:13 pm

    same thing happened here too i had to uninstall curse before i could get bck on the internet

  12. May 27, 2013 at 4:10 pm

    The effects of the oil will prevent flaking and dryness of your
    skin, and it helps to delay skin sagging and wrinkles, which will usually become more noticeable with age.

    Traditional uses include treatment of arthritis, colds and the flu, indigestion,
    bladder stones, and gonorrhea. Rosehip is essentially seen to prevent and cure many ailments that are inclusive of urinary
    bladder infections, rheumatoid arthritis, chronic diarrhea, constipation,
    infertility, dizziness, gastritis as well as enhances the function of the kidneys.

  13. June 14, 2013 at 2:45 am

    Awesome web site you’ve gotten in here.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Armory

Dinaer - 90 Assassination Rogue (US - Sen'Jin)
Derence - 90 Prot/Ret Paladin (US - Sen'Jin)
Metius - 90 Shadow Priest (US - Sen'Jin)
Liebnitz - 90 Arcane Mage (US - Sen'Jin)
Fastad - 90 Subtlety Rogue (US - Sen'Jin)
Darishin - 90 Resto/Balance Druid (US - Sen'Jin)
December 2011
M T W T F S S
« Oct   Jan »
 1234
567891011
12131415161718
19202122232425
262728293031  
Add to Technorati Favorites
website statistics








World of Warcraft™ and Blizzard Entertainment® are all trademarks or registered trademarks of Blizzard Entertainment in the United States and/or other countries. These terms and all related materials, logos, and images are copyright © Blizzard Entertainment. This site is in no way associated with Blizzard Entertainment®

Blog Stats

  • 1,215,026 hits

Follow

Get every new post delivered to your Inbox.

Join 39 other followers

%d bloggers like this: