First, let me explain what happens. You're surfing the net, browsing til your heart's content. Only trusted sites, ones you've been to millions of times. Maybe a malicious posting has been made, maybe a pop-up to generate revenue for their site has been added. Regardless, something new has occured and your system has just had a keylogger stored in the background. Most keyloggers are quiet. Ones that are related to World of Warcraft are VERY quiet. You can watch your resources, check your running programs, it will not show up.

Here's how to be safe.

1) If your anti-virus software*** is blasting you about trojans, clear them out, ENTIRELY. Run virus scans and spyware scans regularly (not all work because something of these loggers are homemade and fairly new).

2) Open up your processes menu (hit ctrl+alt+del and click the processes tab). Sort them by username (click the Username column at the top). Look at everything being run by you (or the currently logged in user). Notice anything strange? End any processes that you see that are not recognized. Do NOT end TaskMgr, explorer.exe, or run32.dll.

3) Open WoW. If you use the launcher, you'll notice Launcher.exe in the processes. This is normal. Ignore it. Click play.

4) This works best in windowed mode, but you can always alt+tab out or hit the windows key. Here's the sad part. You will notice wow.exe. That's a good thing. You may also notice another strange exe running. For me it was max.exe. End process the weird exe. If it closes World of Warcraft, it's a good indication that it's a key logger tied directly to the game. It may not close the game, but it's still a good idea to run a google search on it, just in case. E-Trust EZ Antivirus's website had Max.exe listed as a malicious Spyware/Trojan related file.

5) Once you have found bad file, open up the start menu, and go to "Search" then to "Find file or folders". Click files or all files and in the search criteria bar, type in the process's name. Max.exe came up listed as a prefetch (max.exe.prf98732.pfc) in my C:windows directory. This is BAD!!! It means that it waits for a specific file to be ran, then it runs. In this case, WoW. Delete it, RIGHT THERE. Change your password immediately, and without logging in, run virus scans and spyware scans again. Some people may even choose to format the computer.

***: Keep all virus definitions and spyware software UP TO DATE!!!!



This is the best way to rid yourself and play it safe. It takes very little time to get this done to you. I logged in at 10:00 AM EST and was hacked by 12:00 PM EST the same day. THAT'S 2 HOURS!!!


What to do in case you get hacked:

1) Call 1-800-59-BLIZZARD (1-800-592-5499, there are no Z's on a normal keypad). This is Billing and Account Services. You'll be on hold for a few minutes, depending on current time (they are PST). I was on hold for MAYBE 5 minutes. Tell them your account has been compromised and they will ask you a few questions and get your password reset, and a log started on the matter.

2) Once logged back in the game, and onto your character. Click the in game help icon (the question mark on the menu bar), and click on the contact a gm button. This is a character problem, so click the character category. In the field, type in your character's name and server, then tell them you have been compromised and your equipment has been taken.

3) Wait... A GM will contact you shortly. Took 10 minutes to get to me. They are very helpful and nice about it. They'll ask questions and field your questions. Watch your in-game mail and your e-mail, they'll be sending you information.

4) This may or may not occur for you. My account got banned. It's a TEMPORARY DISABLE. They do this to insure the hacker is not the one contacting them. They will then send you a document to fill out that requires a special photocopying step that I will not go into, as the documents and procedures are supposed to remain as secretive as possible.

5) Once all these procedures are done, they will unlock your account, and restoration will proceed. The restore can take as little as 3-5 days or longer at the Investigations Department's discretion.



The most important thing is PATIENCE. Believe it or not, I was in constant contact with Blizzard, and had to wait no more than 15 minutes to be contacted by TWO live people. They are nice people, and are very willing to help, so treat them with respect.

All credit goes to my friend Cyrix

Great post Ryrie. I think everyone should take some time to read this as it could save you loads of frustration and loss

ya this should get moved to customer support and stickied in my opinion i never really got keyloggers or how to spot them but this helped a lot. very nice post!

nice instructions. but they don't help me. what do you do if you're a MAC user? i doubt if there are even keyloggers for macs, but just to be safe, it wouldn't hurt to know how to check for them. and doesen't starting up through the launcher stop keyloggers, or at least detect them?

Really good post bud, very informative... Can anyone suggest a viable and efficient (free is nice too) Anti-Virus that works well. Thanks!

There are quite a few companies that make good antivirus software. Matter of preference I suppose. I would recommend, before opening any file, to scan it using this website: http://virusscan.jotti.org/. You have to be careful as lots of times it will give you a false alarm especially when scanning hacking software.

Hijack this is a very useful program for this type of stuff as well.

Also check out Whatsrunning. google em both, very good programs for cleaning your computer. Gotta be careful tho so you dont hose your computer.

Great post....I wish I read this two months ago. Trojans suk and are extremely hard to get rid of completely.

Jotti is garbage.. 14 scanners while virustotal has like 31...

http://www.virustotal.com/

the amount of scanners doenst matter at all in my opinion its the quality of the scanner not the amount ;) also a good software virus scanner is AntiVir PE Classic the free version catchs alot of trojans i have/had on my computer

thanks i just printed this out and put it on my wall :D

Guys you should all know that keylogger can be everything used to hack WoW and asks you for your password.


I hope you all know GM Power hack does not exist in real. Its a keylogger (that's why it sais it works only on retail) because it asks for you password, wrinting your password ans pressing logging means an e-mail sent to the maker of this crap with your world of warcraft account username and password.
A GM Power hack will never exist. And if it does for private servers it could be avery malware you can think of. There could be a GM Power hack but only if an employee from Blizard company has access to its database and wants to make hacks for the public. And if he/she does something like that he/she will get jailed. And also HP,MP,Levels,gold, stats and items are all client sided and can't be changed. Though there is WoWEmuhacker that hacks the games with the data which is included to your PC. That's why there's not a gold hack or God Mode out.

There is also the legendary "Stat Changer" which is best ###### i ever heard of. There's no such thing as that. Downloads can be fatal for your PC and your WoW Account and if you buy it then you must be stupid. Never existed so wait until there's proof of its exist. If you ever saw someone changing his stats he/she has used CE(Cheat Engine) or T-Search( Trainer Maker Kit Searcher) and nothing will happen into the game. BECAUSE EVERYTHING IS CLIENT SIDED.

Be carefull with your downloads, they could be fatal and never download Stat Changers or anything that can change or hack client sided values. I hope my post was helpful.

What can i say i am an WoW Addict =D
It's the cheapest drug in stores ;)

spybot search and destroy good program!

anyway do never buy the stat changer or any other stat changer because it's just a scam to steal your money. www.wowstatchanger.com is the biggest scam that wow has ever seen. Blizzard is so stupid that she cares how to clsoe all Private server in the world and not how to stop hackers from hacking it lol

Great post here. And I'll put some focus on the above mentioned suggestion to reformat your pc. I know not every normal gamer knows how to do this, may be new territory for some, but in some cases it's best to learn how and be better safe than sorry.

First thing is to ALWAYS make a back up of all important data. Be it pictures, documents, programs, anything that you would miss if worse came to worse. I keep all of my back ups on an external USB hard drive, this includes media, music, logs, pictures, and more. You might also consider burning pertinent data to disc.

I usually reformat my pc every couple of months. I completely rewrite the hard drive and reinstall my operating system from scratch. I also keep a back up of drivers and system programs so I have less to download after each restore.

There's several reasons I do this, one is for system optimization. Over time it's easy to weigh the Windows operating system down with programs, registry entries, and what not. Utility optimization can help this to a degree, but sometimes nothing's better than a clean start.
Secondly, I do this for security reasons. Wiping the hard drive of all data, including any harmful or malicious software which has somehow worked it's way past my defenses. Just make sure to keep copies of game installers, updates and what have you.. redownloading all your favorite games isn't a fun or entertaining way to spend a day, lol.

yeah his post was very helpful i hope lot's of people will read this b4 they do something stupid xD

aww this is for Wow si there anything like this for maplestory :?