So....Just got banned from WoW for some reason...

[EdwardOrchard]

Ya, you got hacked.
Luckily, Blizz is good about sorting out hackings (guess they'd have to be since it happens so damn often).
I got hacked a few months ago. Some douche tried to transfer my 80s to a different server, and sold off all of their gear. I logged on pretty much right after the transfers finished, was like, "WTF?" Emailed Blizz and within an hour they had my chars transferred back with their gear replaced.

Plus, the asshole was out $100+ from the transfers.

Anyways, if you don't already have it, just get the Blizzard authenticator.

 

[dropZero]

You were hacked. The same thing happened to me about a year ago. You really should use the Battle.net Authenticator. I haven't been hacked once since I started using it. If you have a smartphone, the app is totally free to download. No smartphone? You can order a physical authenticator from Blizzard's website.

 

[Stall]

Yup. Sounds like you got hacked. Immediately start scanning your comp for viruses and malware (preferably install the antivirus program on a flash drive, and scan your comp from there), look through your process list for anything you don't recognize (google EVERYTHING), and contact Blizz customer support asap. You should assume that your main comp is compromised, and I would advise against using it until you can find the problem.

For future reference: you should install a Firefox add-on called "NoScript" (if you aren't using FF, then switch to it for this reason), and consider getting a anti-virus that has active security (where it will catch anything nasty before it can get on your computer). NoScript is just amazing... it's the biggest reason I still use FF after all these years. It will give you an infinite amount more control over your browsing, and just adds so much security.

 

[LordLundar]

Step one is to get an authenticator tied to your account. It is worth the little money you spend for a physical one if you don't have a smart phone. Do not do anything else pertaining to your account until this is done.

Step two is to sweep your system. Malwarebytes and AdAware in addition to a virus scan should clear anything in your system. To be really sure, a purge and reimage might be in order, but that takes a while so it's a last ditch maneuver. Do that only if you can't find anything.

Step three, once an authenticator is attached to the account is to contact blizzard and inform them that the cause is because your account was compromised. They will verify the claim and once done, reinstate the account to the point that you last accessed it. (a number of compromised accounts tend to have their characters either deleted or stripped of everything)

 

[Lt_Bromhead]

Erm...yeah.

Just got an email from Blizzard telling me my World of Warcraft account has been banned.
I quickly tried logging into the game to see what was up, and of course couldn't. It's not a mistake and I've definitely been blocked.

The email said this;

"Reason for Closure: Terms of Use Violation -- Exploitative Activity: In-Game Chat Policy Violation - Advertisement and Spamming

This account was closed because a character on the account repeatedly abused World of Warcraft's in-game chat system. This abuse includes advertising third party services/websites and repeatedly spamming in-game chat channels. Abuse of this nature pollutes chat channels shared by all players and harms the game environment as a whole."


So before I contact Blizz to see what's happened, anybody got any idea what might have cause this?
I've not been on for a couple of days, since I was away for the weekend and have only just got back. But apart from that, I think I've only ever spoken in a public chat channel once. And I'm at level 61.

Any thoughts/tips/symptathy appreciated, chaps!

got this one time,have you tried getting in touch with Blizzard?in my case they opened an investigation and after about a month my account was restored.

Not yet, I'll be getting in touch with them today.
It was a little late yesterday when I got back and I'd been travelling for a while so I was a bit tired to concentrate.

I'll get on that right now, in fact...

 

[Lt_Bromhead]

Yup. Sounds like you got hacked. Immediately start scanning your comp for viruses and malware (preferably install the antivirus program on a flash drive, and scan your comp from there), look through your process list for anything you don't recognize (google EVERYTHING), and contact Blizz customer support asap. You should assume that your main comp is compromised, and I would advise against using it until you can find the problem.

For future reference: you should install a Firefox add-on called "NoScript" (if you aren't using FF, then switch to it for this reason), and consider getting a anti-virus that has active security (where it will catch anything nasty before it can get on your computer). NoScript is just amazing... it's the biggest reason I still use FF after all these years. It will give you an infinite amount more control over your browsing, and just adds so much security.

Step one is to get an authenticator tied to your account. It is worth the little money you spend for a physical one if you don't have a smart phone. Do not do anything else pertaining to your account until this is done.

Step two is to sweep your system. Malwarebytes and AdAware in addition to a virus scan should clear anything in your system. To be really sure, a purge and reimage might be in order, but that takes a while so it's a last ditch maneuver. Do that only if you can't find anything.

Step three, once an authenticator is attached to the account is to contact blizzard and inform them that the cause is because your account was compromised. They will verify the claim and once done, reinstate the account to the point that you last accessed it. (a number of compromised accounts tend to have their characters either deleted or stripped of everything)

People seem to be going on about a "system wipe" quite a lot.

Firstly: I've no idea what this is or what it does. Sounds a little risky.
Secondly: My computer is LITERALLY brand new. I'd rather not do anything that I might screw up seriously badly... :/

 

[Titan Buttons]

Your account was hatched, maybe by a spamm bot, the same thing happened to my hotmail account I was lucky enough to have my phone number in my info so I was msn'd a message to undo the ban. My outbox was full of spamm.

 

[The Unworthy Gentleman]

Oh, reet.

This is entirely off-topic but are you from the North East of England?

OT: I suggest you just talk to Blizzard and check your PC security. I suggest you use check your system processes and check any that look suspicious by Google searching them. Most of them will be fine, but if you have something that's always running in the background, taking up 4% of your CPU, then you may have something questionable on your hands.

 

[Lt_Bromhead]

Oh, reet.

This is entirely off-topic but are you from the North East of England?

OT: I suggest you just talk to Blizzard and check your PC security. I suggest you use check your system processes and check any that look suspicious by Google searching them. Most of them will be fine, but if you have something that's always running in the background, taking up 4% of your CPU, then you may have something questionable on your hands.

Yeah, I am.

How'd you guess?

I use Yorkshire-ish slang, but I've actually got quite a posh accent for some indescribable reason... :/


Okay, will do.
Cheers!

 

[Lt_Bromhead]

Okay - so it seems I might have found something of an...untrustworthy nature...on my system.

Google searched all the processess and found this little chap lurking at the bottom:

"winlogon.exe"

Now it sounds like a winlogon executeable is normally a reliable fellow to have running, as it's your user authenticator within Windows. This is only if it's running from the System32 folder, however, and when I tried to check the properties of this file nothing happened. I tried to open the file's location, and to get it's properties, and nothing happened.
I took a gamble and tried to end the process, but I just got the message "This operation could not be completed. Access is denied". Now I'm using an administrator account, so I should have full access throughout the computer. I know that even vital windows processes let you end them, despite the possible effect on the system.

A bit worried here.

Any advice on what to do, chaps? :/

 

[Sojoez]

When I read this post my first thought was: When did I play WoW in the last 3 months?? Then I saw that the Grey Knight has a different name and all was good.

OT. Have you updated your virus scanners yet?
And I'm sure that a lot of people here can suggest free scan programs to see if you really are infested.

 

[The Unworthy Gentleman]

Yeah, I am.

How'd you guess?

I use Yorkshire-ish slang, but I've actually got quite a posh accent for some indescribable reason... :/

Only us Northerners use words like reet, it's something nobody else does. Even still, it's rare to find someone else that would use it in text.

 

[ElNeroDiablo]

Okay - so it seems I might have found something of an...untrustworthy nature...on my system.

Google searched all the processess and found this little chap lurking at the bottom:

"winlogon.exe"

Now it sounds like a winlogon executeable is normally a reliable fellow to have running, as it's your user authenticator within Windows. This is only if it's running from the System32 folder, however, and when I tried to check the properties of this file nothing happened. I tried to open the file's location, and to get it's properties, and nothing happened.
I took a gamble and tried to end the process, but I just got the message "This operation could not be completed. Access is denied". Now I'm using an administrator account, so I should have full access throughout the computer. I know that even vital windows processes let you end them, despite the possible effect on the system.

A bit worried here.

Any advice on what to do, chaps? :/

Download a Linux ISO (Ubuntu 11.04 for the easy way), then hit PenDriveLinux.com for YUMI ? Multiboot USB Creator (Windows) [http://www.pendrivelinux.com/yumi-multiboot-usb-creator/], download and run YUMI to 'burn' the Linux ISO to a USB thumb drive (anything that's 1GB or bigger will work, 4GB is best).
Having your new USB Linux Live Drive (akin to a Live Disk but on a thumb drive instead), reboot the system and hit whichever button the boot sequance tells you to get into a Boot Selection Menu (from which one can boot from optical disc, USB drive, or an internal drive), once there select the USB Drive option and let Linux load up from the USB drive.

Now you are within Linux, and the fake winlogin.exe will no longer work, so you can go through and clear it out (if you have found where it is hiding. if not sure, open firefox and google for it againt, as you've done before here).
Once you've cleared it out (where the virus is hiding will tend to depend if you're running XP or vista/7) you can reboot the system and take the thumb drive out so Windows will boot up once again without the fake winlogin.exe running (as it doesn't exist anymore).

~~~~

I know this might seem a complex procedure, but by swapping to Linux (as a temporary OS on a live drive at least) one prevents any malicious program written for Windows from running so you can clear it out.

I myself have had a problem like this (not full-out banning, but enough that I changed the password to my B.Net/WoW account, changed the email address it was on, changed the password of the original email address, and made sure I'm the only one accessing that address), but it was somewhat easy to get control back and undo any damage done by those who hijacked my account (not to mention killed off the character they created that caused the issue in the first place).

 

[Lt_Bromhead]

When I read this post my first thought was: When did I play WoW in the last 3 months?? Then I saw that the Grey Knight has a different name and all was good.

OT. Have you updated your virus scanners yet?
And I'm sure that a lot of people here can suggest free scan programs to see if you really are infested.

Yeah, I wondered when I'd achieved some of the forum badges that you've got, then realised that wasn't me...

Yeah, I am.

How'd you guess?

I use Yorkshire-ish slang, but I've actually got quite a posh accent for some indescribable reason... :/

Only us Northerners use words like reet, it's something nobody else does. Even still, it's rare to find someone else that would use it in text.

Funnily enough, I never say "reet" etc. I only ever use them in text...

 

[Lt_Bromhead]

Okay - so it seems I might have found something of an...untrustworthy nature...on my system.

Google searched all the processess and found this little chap lurking at the bottom:

"winlogon.exe"

Now it sounds like a winlogon executeable is normally a reliable fellow to have running, as it's your user authenticator within Windows. This is only if it's running from the System32 folder, however, and when I tried to check the properties of this file nothing happened. I tried to open the file's location, and to get it's properties, and nothing happened.
I took a gamble and tried to end the process, but I just got the message "This operation could not be completed. Access is denied". Now I'm using an administrator account, so I should have full access throughout the computer. I know that even vital windows processes let you end them, despite the possible effect on the system.

A bit worried here.

Any advice on what to do, chaps? :/

Download a Linux ISO (Ubuntu 11.04 for the easy way), then hit PenDriveLinux.com for YUMI ? Multiboot USB Creator (Windows) [http://www.pendrivelinux.com/yumi-multiboot-usb-creator/], download and run YUMI to 'burn' the Linux ISO to a USB thumb drive (anything that's 1GB or bigger will work, 4GB is best).
Having your new USB Linux Live Drive (akin to a Live Disk but on a thumb drive instead), reboot the system and hit whichever button the boot sequance tells you to get into a Boot Selection Menu (from which one can boot from optical disc, USB drive, or an internal drive), once there select the USB Drive option and let Linux load up from the USB drive.

Now you are within Linux, and the fake winlogin.exe will no longer work, so you can go through and clear it out (if you have found where it is hiding. if not sure, open firefox and google for it againt, as you've done before here).
Once you've cleared it out (where the virus is hiding will tend to depend if you're running XP or vista/7) you can reboot the system and take the thumb drive out so Windows will boot up once again without the fake winlogin.exe running (as it doesn't exist anymore).

~~~~

I know this might seem a complex procedure, but by swapping to Linux (as a temporary OS on a live drive at least) one prevents any malicious program written for Windows from running so you can clear it out.

I myself have had a problem like this (not full-out banning, but enough that I changed the password to my B.Net/WoW account, changed the email address it was on, changed the password of the original email address, and made sure I'm the only one accessing that address), but it was somewhat easy to get control back and undo any damage done by those who hijacked my account (not to mention killed off the character they created that caused the issue in the first place).

Um.... Could I ask a professional to do that for me?

That seems like the kind of complex thing that I would mess up so unbelieveably badly...

 

[dfcrackhead]

Check your pc out Lt_Bromhead, You may have a keylogger on yer system.

How does one detect such a thing, may I ask?

Use you anti-virus scan, norton, McAfee, widows defender and run a full scan. I hope you got a firewall and virus protection on your pc dude at least. Also be sure to check the email where it's been sent from sometimes hackers will send an false email to you in hopes you may open it. There is more information on the blizzard website, check my account may have been comprimised page.

Oh, reet.

Yeah, I've got the necessaries. Was just wondering if there was an extra special way of detecting one.

I'll start scanning now.

And I'll get onto Blizz ASAP.

MALWAREBYTES! I cannot stress this enough, it is excellent, it is free and it catches just about everything. I work for an IT company and it's our secondary scanner program after Kaspersky(But that one costs money, TOTALLY WORTH IT). Scan your computer for viruses and keyloggers and make sure to have a firewall active to atleast try and prevent hacks

 

[suitepee7]

How secure was your account on a 1-10 scale?
Might you have given your account information away in a fake e-mail once by chance?
I've had that happen to me, when I receive an e-mail (from someone who was not from Blizzard) saying they were Blizzard asking for my information via email, and I gave it to them, soon after being hacked...
If you really have NO clue why though it was closed, get in contact with Blizzard ASAP.
Although I've only had my account locked, not closed when something has happened.

But other than that, I'm not sure... :/ Best of luck!

Totally secure.

Didn't tell nobody nuthin', and I didn't even write down username and password (I've got a good memory for those sort of things, so I don't need to usually).

Sounds like a hack then, considering what everyone has been saying.

Thanks for the advice then, guys.

the easiest way they get you is by sending you an email saying something on your account has changed, or that you need to check something on your account, and will include a link onto your email. then when you try logging in to that link, it will say the password/username combo is incorrect. this is because it is not a battle.net login, and when you try logging in, it keeps your information and voila, you have handed over your account details to a hacker.

it sounds stupid, but its happened to many a player, including myself. the alternative as somebody has already said, is a keylogger. scanning and fixing your computer should sort that out though.

just remember, if you recieve ANY emails from blizzard/battle.net, never click the links, always go to your account through the login section of the WoW website. otherwise, good luck getting your acc back ^^

 

[ElNeroDiablo]

Okay - so it seems I might have found something of an...untrustworthy nature...on my system.

Google searched all the processess and found this little chap lurking at the bottom:

"winlogon.exe"

Now it sounds like a winlogon executeable is normally a reliable fellow to have running, as it's your user authenticator within Windows. This is only if it's running from the System32 folder, however, and when I tried to check the properties of this file nothing happened. I tried to open the file's location, and to get it's properties, and nothing happened.
I took a gamble and tried to end the process, but I just got the message "This operation could not be completed. Access is denied". Now I'm using an administrator account, so I should have full access throughout the computer. I know that even vital windows processes let you end them, despite the possible effect on the system.

A bit worried here.

Any advice on what to do, chaps? :/

Download a Linux ISO (Ubuntu 11.04 for the easy way), then hit PenDriveLinux.com for YUMI ? Multiboot USB Creator (Windows) [http://www.pendrivelinux.com/yumi-multiboot-usb-creator/], download and run YUMI to 'burn' the Linux ISO to a USB thumb drive (anything that's 1GB or bigger will work, 4GB is best).
Having your new USB Linux Live Drive (akin to a Live Disk but on a thumb drive instead), reboot the system and hit whichever button the boot sequance tells you to get into a Boot Selection Menu (from which one can boot from optical disc, USB drive, or an internal drive), once there select the USB Drive option and let Linux load up from the USB drive.

Now you are within Linux, and the fake winlogin.exe will no longer work, so you can go through and clear it out (if you have found where it is hiding. if not sure, open firefox and google for it againt, as you've done before here).
Once you've cleared it out (where the virus is hiding will tend to depend if you're running XP or vista/7) you can reboot the system and take the thumb drive out so Windows will boot up once again without the fake winlogin.exe running (as it doesn't exist anymore).

~~~~

I know this might seem a complex procedure, but by swapping to Linux (as a temporary OS on a live drive at least) one prevents any malicious program written for Windows from running so you can clear it out.

I myself have had a problem like this (not full-out banning, but enough that I changed the password to my B.Net/WoW account, changed the email address it was on, changed the password of the original email address, and made sure I'm the only one accessing that address), but it was somewhat easy to get control back and undo any damage done by those who hijacked my account (not to mention killed off the character they created that caused the issue in the first place).

Um.... Could I ask a professional to do that for me?

That seems like the kind of complex thing that I would mess up so unbelieveably badly...

Eh, you COULD pay a computer store techie to do it, but personally I don't exactly trust most places to not tamper with my information beyond clearing off the malware data.

If it'd make it easier, write it down in a notebook as a step-by-step method;
1: Download Ubuntu 11.04 ISO.
2: Run YUMI to burn ISO to thumb drive.
3: Reboot system and run off the thumb drive.
4: Wait for Linux to load and get ready to access your hard drive.
5a: Google for information about malware.
5b: Search the drive ~carefully~ for signs of the malware.
6: Delete all traces of the malware from the system using the information from the Google results as a guide.
7: Tell Linux to reboot system, remove thumb drive when told do and hit enter.
8: Load Windows and check for any signs of malware. If none, you've done the job right.

For those not used to Linux (but don't want to pay out the nose for someone else to do the work), for this sort of situation, read all available information and follow it CAREFULLY.
I can not stress the CAREFULLY enough.

 

[Baresark]

I was once accused of this very thing, literally upon paying for my account reactivation after 3 years, I was suspended for a "gold selling" violation. Blew my mind. It was right after I had bought Wrath... so, I said fuck this game and never went back. But, when I picked up Rifts, I got an authenticator as well. It's mighty handy.