- some antivirus solutions are unable to perform updates;
- some of the files mentioned in the technical description are present in the specified locations;
Please let BitDefender disinfect your files.
Ovidiu Visoiu, virus researcher
Password stealer targeting online games like MapleStroy, AgeOfConnan, Metin2
When is launched it drops %system%\drivers\klif.sys which will be registered as service:
HKLM\SYSTEM\CurrentControlService\Services\KAVsys. Loading this driver will hide the entries from registry and dropped files.
Will inject after in all running processes the dropped %system%"\nmdfgds0.dll in order to monitor keyboard's and mouse's inputs.
Copies itself in "C:\random_name.cmd and to be lunched when the partition is accessed from Explorer creates an obfuscated C:\autorun.inf. Another copy is created as %system%\olhrwef.exe
Tries to download the file "http://hjyuw2.com/[removed]/help1..rar" - empty at the moment of description