Blizzard Announces Potential Trojan Could Steal Your Battle.Net Info
Blizzard has issued a warning of a potential dangerous Trojan that is being used to compromise Battle.net accounts, even if the accounts are protected with an authenticator.
According to the post, the Trojan "acts in real time" by stealing both your account information and the authenticator password (both mobile and key fob) at the time you enter them.
Blizzard recommends searching for the Trojan on your computer if your account has been recently compromised, though they've yet to find an anti-virus program that will remove it. The only method they've mentioned to remove it is reformatting your system.
For those of you who want to make sure you're not infected, simply follow these steps:
It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either "Disker" or "Disker64". It will usually appear like this:
Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup
If you are one of the unfortunate ones to discover the Trojan, Blizzard wants you to reply on their thread with all sorts of specific information.