Trojan.PWS.OnlineGames.ZKH
MEDIUM
MEDIUM
~28 kbytes
(Win32/PSW.OnlineGames.NXI trojan; TR/PSW.Online.tdy; Trojan-GameThief.Win32.OnLineGames.sjbb)
Symptoms
- the presence of an executable file named wooooooh.exe and a dll file woooooo.dll in %SYSDIR%
- the presence of nt_fast32.dll in %TEMPDIR%
- the presence of the following value in the AppInit_DLLs registry key
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
Name --> AppInit_DLLs
Value --> woooooo.dll
Removal instructions:
Please let BitDefender delete your files.
Analyzed By
Dana Stanut, virus researcher
Technical Description:
This malware is used to steal user information from online games as qqlogin.exe hx2game.exe and others. The dll file will be injected in every running process. If you run one of the mentioned games it will send user data to a chinese server.
The malware that drops this file is detected by Bitdefender as Trojan.PWS.OnlineGames.ZAY.
SHARE
THIS ON