Get an Epic Experience with Premium

Keylogger Warning: Authenticators Now Vulnerable

Anyone who has an authenticator attached to their account should run a search (and probably an antivirus scan in case it's on the threat list already) immediately and ensure the file emcor.dll does not exist on your computer. This file is one reported to be allowing hackers access to World of Warcraft accounts that have authenticators attached to them. It's also possible there are other variations of these suspicious files, so if anyone has additional information please respond in the comments.

Based on this thread, the file may be found in /users/username/appdata/Temp. Since the file is fairly new (first mentions of it are only a few days ago), and the common source is unknown, I urge everyone to not log in to World of Warcraft or the account management site until you've run a scan. Confirm your computer is secure before using your authenticator, because this DLL file is allowing hackers to crack through it and access your account.

A warning sign that you're currently infected with this keylogger is that WoW will say your authentication code is incorrect, even if you know for sure you typed in the correct code. Thanks to Cameron for posting about this on the World of Raids forums, too.


First Previous Page 1 of 2 Next Last
  • #1
    For some reason I find this skeptical, I mean they'd have roughly 30secs to use the number and get into your account. So you'd have to actually WATCH and then time it right to log in. At least from what I understand.

    Of course once they get in the damage is done. Too bad they can't actually REMOVE the authenticator :P
  • #2
    The code lasts longer than 30 seconds. It's around 2 minutes or so.

    But I mean, this isn't some random person stealing accounts. These are companies that make money off of doing it, so there is bound to be someone watching 24/7.
  • #3
    actually they can remove the authenticator if they log in to your account correct?
  • #4

    No they cannot, my girlfriend had to fill out a form and either email or fax it off to Blizzard in order for it to get removed. Now I can see why.
  • #5
    @ Kody... the authenticator code lasts for 1 min b4 changing to the next...

    @Lucifersatan... i never had to fill out a form to remove it... to remove an authenticator u must first log in... then go the the authenticator page on after that you must give Blizz 2 consecutive codes to remove it.
  • #6
    Kody, don't dare elevate these degenerates by making claim their circle jerk of failures is a "company". Its just a herd of Dragonball Z nerds fueled by permanent virginity screwing over regular players in between marathon 2inchstiffy hentai spanking. If that's a company then every homeless bum turning in coke cans for the change are fortune 500 CEO's.
  • #7
    glad i dont play wow anymore :)
  • #8
    Glad I am not using Windows :)
  • #9
    Please change the title: Authenticator != vulnerable; Morons = vulnerable.

    Seriously, it's not the authenticator being hacked...
  • #10
    hahaha how can people still pay for such things?:))) "Here's an authentificatorz for making Le Stuff secure ow snap it it's been hacked:)" Maybe queue down Le Porn sites and you won't need to throw away money.
  • #11
    The authenticator is not the problem. Not having good anti-virus/spy ware is. Active virus programs that update each time you log on will keep this off your computer. This is just a keylogger that stops WoW from logging in at your end and then tells the site you got keylogged from what you just did. No real person need be at that site to use this info. Just a bot that auto loots your account.

    BTW Heydan, you are a moron. It is still the best investment you can make.
  • #12
    I want people to realize that this keylogger will steal your account even if you do not own an authenticator. It just has added lines of code that keylog the keyboard strokes you do to input the numbers then stop World of Warcraft from completing the log in. The big difference is that this one is very fast at getting into your account. It does not sit on the info for months like most keyloggers do.
  • #14
    You are totally right Wowza.

    This one is new and searching for EMCOR.DLL is the best defense right now. Looks like my anti virus is at Feb 21st for new threats so figure a few more days of "OMG my account was hacked" in vent. I suggest guild leaders lock down their guild banks a bit for the next few days.
  • #15
    Just letting you know, there is possibly another one out there. I just logged in and don't have that file, but my Anti-Rootkit is showing a file like this
    C:\Windows\xhunter1.sys Hidden Driver
    C:\Windows\vtany.sys Hidden Driver
    C:\Windows\xhunter1.sys Hidden Driver
    C:\Windows\vtany.sys Hidden Driver
    We may want to be more careful with what we do. This is actually getting me worried about my account..again.
  • #16
    Hi guys, quick question will using the on screen keyboard be a temporary soloution until blizzard fix this completely? Because i'm thinking if this thing logs keystrokes then using the on screen keyboard it can't log. Sure it takes about a minute or less longer but if it keeps us safe for a while longer it may be a good soloution
  • To post a comment, please login or register a new account.
Login to Curse

Don't have an account? Create One.

Get an epic experience with Curse Premium
  • Faster addon downloads
  • Premium-Only Beta Giveaways
  • Ad-Free Curse experience
  • Premium Curse Client
  • and many More Features
  • Learn More »

PAX South Alienware Giveaway