The presence of the files and registry entries mentioned below;
Please let BitDefender disinfect your files.
Deac Razvan-Ioan, virus researcher
This trojan is used to steal sensible information regarding a MMORPG (Legend of Mir).
At first run the malware copies itself in %windir%\system32\saw110.exe and creates a registry entry to run this file at startup:
Saw110.exe drops the file saw110.dll which is injected in explorer.exe.
Loaded as a module in explorer.exe, saw110.dll seeks for processes which have a certain kind of graphical inferface (by looking for window names as TFrmMain or TDXDraw).
If such a process is found, saw110.dll injects itself into it and checks for the following file names: mir.exe, mir1.dat, mir2.dat. If one of these names is found the malware tries to steal account information and sends it by http to a remote server.