Curse

Its not that hard to secure yourself..

DONT RUN .EXE (dont even download them) only use zip and unzip in interface\addon folder.

Again dont run .exe files (or .com, or any executable)

Use mozzilla and not Iexplorer. (the updated mozzilla)

and voila.. 98% risk gone

SOLUTION:

www.free-av.com (Antivir): Download this free antivirus. It's the best that comes free in internet.

NOD32: Find and download it full. I suggest a warez website or torrent.

Sygate personnal firewall Pro: Find it from warez or torrent.

Have the 2 antivirus fully updated and customized to scan every archive when read and writte in.

For the firewall, don't let anything pass except you trust it.

I strongly suggest downloading Firefox 2 and stop using IE.

If you have questiongs, my msn is: pmacromanolis@hotmail.com

I could even send you those files if you are bored to search for them.

ui.worldofwar.net has recently had another (third time this year) malicious trojan which was spread by their advertisement program... really poor advertising for them tbh, many accounts were hacked yet again.

gorgeth; NTLDR.EXE is not a windows system file, NTLDR *without an extansion* is

Also, the (virus/trojan) file talked about here is actually named NTDLR.EXE (mind the spelling!)

Also note; by default the real NTLDR file is marked as a protected operating system file and will not be seen in the root of your first harddrive (where it must reside for the system to be able to boot up, the name is short for NT LoaDeR)

A quick google search confirms this pretty good... Note; always look up the file on google before you delete it on just anyones recommendation...

Isn't this like the second time that ui.worldofwarcraft.net have had Trojans in their advertising?

• sigh* so much FUD..

FACT: NTLDR.EXE in the root of your system drive is a windows system file..

It processes Boot.ini and loads the OS of choice (either blindly on a single install of win2k/xp or with a menu presenting various choices if you are on a dualboot or otherwises "nonstandard" system)

You cannot get rid of NTLDR.EXE and get windows to load, having people who cannot run an antivirus program delete files is always a BAD IDEA.. especially when they are presented as the fix from clearly clueless individuals such as those who posted this information originally.

Another tip!

Go to www.firefox.com , head over to the AddOns section of their's and search for the AddOn called NoScript.

Install NoScript for Firefox (done in 1 min tops).

This makes you in charge of what scripts that you allow to run in your firefox.

Cheers, merry christmas!

@ThorsLiebling,

If your computer automatically creates system restore points, you can try restoring from a point before you believe you were infected.

Also, make sure you delete all of your temporary internet files. There may be a process running that automatically restore the keylogger, so try running an anti-virus/other security programs that can scan before Windows and other processes fully boot.

If all else fails, you may have to format. I myself wasn't infected, so I am not 100% sure of the steps you need to follow to remove the virus.

ThorsLiebling, no, NSCSRVCE.EXE is an executable attatched to Norton. And it is shutting your WoW windows down because when you tell it that it can not run, it is executing the program it was monitoring for you.

NoScript is nice & all when you know the site is secure. However since most people have curse-gaming.com listed as ok, stuff coming from media1.curse-gaming.com will get through as well.

And ya, what's the deal with the "65.98.12.xxx" ip, I had to allow that for the beta tab on some addons to work.

GHWRIN: "ui.worldofwar.net currently has a keylogger on their website. If you've visited their website recently search your computer for "NTLDR.exe" (not to be confused with NTLDR.dll) and delete it immediately. I would also recommend scanning your computer for viruses. The keylogger is downloaded via JavaScript, which you can block or enable for website of your choice with the following FireFox plug-in: https://addons.mozilla.org/firefox/722/"

I have this NTDLR.EXE on my computer and I have deleted it already a couple of times, it keeps coming back on my harddrive C. I have already checked my whole system several times daily with various security tools and programs, and also manually. But still it is not possible to find the cause why this file is being renewed everytime on startup. Off course ma secutity tools and programs are up to date. What can I do?

I also have another file in my task manager since about a week. It's name is NSCSRVCE.EXE. Is it possible, that this file is also a keylogger? My firewall always reports, that it is trying to act as a server as soon as I try to log on into WoW. It shuts down WoW as soon as I forbid it to do so oO

@lAce Right you are! However, it is equally important to mention that the situation has been dealt with, don't you think? :)

@vatosky The entire range of accounts from @exploitsrus have been banned, and all 520 spam comments have been deleted.