Trojan.PWS.Onlinegames.KBTP
LOW
MEDIUM
~100KB
(PWS:Win32/Frethog.C, TR/PWS.Magania.avc
Trojan.PWS.Wsgame)
Symptoms
- some antivirus solutions are unable to perform updates;
- some of the files mentioned in the technical description are present in the specified locations;
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Ovidiu Visoiu, virus researcher
Technical Description:
Password stealer targeting online games like MapleStroy, AgeOfConnan, Metin2
When is launched it drops %system%\drivers\klif.sys which will be registered as service:
HKLM\SYSTEM\CurrentControlService\Services\KAVsys. Loading this driver will hide the entries from registry and dropped files.
Will inject after in all running processes the dropped %system%"\nmdfgds0.dll in order to monitor keyboard's and mouse's inputs.
Copies itself in "C:\random_name.cmd and to be lunched when the partition is accessed from Explorer creates an obfuscated C:\autorun.inf. Another copy is created as %system%\olhrwef.exe
Tries to download the file "http://hjyuw2.com/[removed]/help1..rar" - empty at the moment of description
SHARE
THIS ON