[edit: made the domain names non-clickable]

Well, the www-DOT-istaria and community-DOT-istaria sites are trojaned ... again.

Did you get infected?

Here are some signs:

- c:\windows\system32\wins\svhost.exe exists (not svchost.exe)

- winlogiw.exe exists on your hard drive (this is not winlogin.exe)

- winogiw.exe exists on your hard drive (this is not winlogin.exe)

- there are randomly named .exe files in your temp directory (usually C:\Documents and Settings\<your username>\Local Settings\Temp)

Cleaning up:

Try using a malware scanner. There are some good free ones, such as

Avast (resident + on demand)

AVG Free Edition (resident + on demand)

Trend Micro Housecall (online, on demand only)

Make sure to check and make sure those files were removed. Not all scanners detect all malware. Also note that while the presence of the above files indicates an infection, simply removing them does not ensure that you are no longer infected. Use a scanner or reinstall... AND ALWAYS PATCH.

Now what?

One of those programs is known to be designed for stealing WoW passwords. If you have a WoW account, change its password once you clean your computer.

If you have any saved passwords, or typed in any passwords for things like email accounts, online games, financial websites, auction websites, instant messaging and forums, change them. While I can't say for sure that those sort of things are picked up by the trojan as well, it's better to assume that they are, then assume they aren't and get screwed later.

Changing passwords:

Make your new passwords DIFFERENT from the (potentially) compromised ones. If your password was 'chiconis1', using 'chiconis2' is pretty dumb. The 'bad guys' know to try those things.

Make your new passwords HARDER TO GUESS. No dictionary words. You've probably heard this already. Number-letter substitution ('l33t sp33k') to make a dictionary word look like a non-dictionary word is just as bad. They know to try 'dragon' as well as 'dr4g0n' and 'dr4gon'.

So what do you do then? Make your password at least 8 characters and choose two or more of the following:

- Use upper and lower case.

- Use some numbers.

- Use some symbols.
Mix alpha-sequences with the above. Don't make a password solely of symbols and especially not solely of numbers!

Bad password examples: 1485739 !@#$%^%$#! rhzeight

Better examples: r8Z{igHt z-RelK4) fah^}6U_

(Don't use any of the examples for your own passwords.)

Finally, make sure your accounts don't share a password. All it takes is one site to disclose your password, then all the associated accounts can be accessed as well.

Possible scenario:

A poorly written forum site will tell you your password if you answer a secret question. A malicious person guesses your secret answer and the site tells them your password.

The person then logs into the site and looks at your profile, and gets your email address.

The person then attempts to access your email account using the same password. You were negligent and used the same password, so they can now read your email.

Your mailbox contains mail from friends (which they can social engineer and get more info from) as well as some auction results and bank statements.

The person then visits the sites generating those emails and uses the same password to log in. Fortunately, you used a different password. This, however, does not stop them.

With the mailbox compromised, the attacker uses the 'forgot password' feature on each site to send a recovery password back to the mailbox.

Don't re-use passwords.