My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.PWS.Onlinegames.KBTP

LOW
MEDIUM
~100KB
(PWS:Win32/Frethog.C, TR/PWS.Magania.avc Trojan.PWS.Wsgame)

Symptoms

- some antivirus solutions are unable to perform updates;
- some of the files mentioned in the technical description are present in the specified locations;

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Ovidiu Visoiu, virus researcher

Technical Description:

Password stealer targeting online games like MapleStroy, AgeOfConnan, Metin2
When is launched it drops  %system%\drivers\klif.sys which will be registered as service:
HKLM\SYSTEM\CurrentControlService\Services\KAVsys. Loading this driver will hide the entries  from registry and dropped files.            
Will inject after in all running processes the dropped %system%"\nmdfgds0.dll in order to monitor keyboard's and mouse's inputs.
Copies itself in "C:\random_name.cmd and to be lunched when the partition is accessed from Explorer creates an obfuscated C:\autorun.inf. Another copy is created as %system%\olhrwef.exe       
Tries to download the file "http://hjyuw2.com/[removed]/help1..rar" - empty at the moment of description