I have a keylogger on my comp that Blizzard has recognized but has not been removed by avast.
It is named “101207-Trojan-Spy.Win32.Agent.bnag”
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.
I have the same thing popping up. I spoke with Blizzard tech support and they asked me to run the scan with my log on screen up and some gibbersish in the password box, in case the start up is what triggers it. (hope the keylogger reads what I wrote!)
I ran the FULL scan and nothing was detected. A friend had me run a couple of other scans and nothing again.
David, I read what you asked for the other poster to do…It seems to be directly tied with World of Warcraft…but how can I get info on it if it isn’t there?
It depends on which on-access shield is detecting it as you are effectively saying avast doesn’t find it on a default full scan setting, which is strange.
The most common on-access shield if the File System Shield (or the web shield), and from the shields detailed view in the UI, there is a Report Log link. This contains any information on the detections.
I’m also a World of Warcraft player, and have had this message occur each time I’ve tried to open the game. I’ve tried multiple scanners, none seem to detect it.
Several people in each of my guilds are having this same issue. I have 8 characters in 8 different guilds, each guild having multiple players tell me they’re having this same thing pop up when they open World of Warcraft. I haven’t called the tech guys over at WoW HQ myself, but from what I gather from those in my guilds who HAVE called, they’re pretty useless at helping to take care of the issue.
It would be so much more useful if the pop up that World of Warcraft uses to warn of this security issue actually gave the file name and location, rather than a generic name Trojan-Spy.Win32.Agent.bnag. I’ve searched my computer for that specific name and it came up with nothing at all.
If I knew the file name and location, I’d at least use cacls command in MS DOS to prevent all users and programs from accessing or running the file, but with such little information, I can’t even do that.
It’s worth noting that every person I spoke with had the pop up happen in December, AFTER cataclysm released on the 7th. I first got this message on December 12. It’s very frustrating, and I’d like to be able to ensure that my passwords and various internet/gaming accounts are secure.
If anyone comes up with a solution to this problem, please create a detailed response in this thread so that others may give it a gander.