Trojan.PWS.OnlineGames.KDLC
The existence of the dsoqq.exe and dsoqq0.dll files and the autorun entry of dsoqq.exe.
The system creates autorun files on all drives and it might be slowed down slightly.
Please let BitDefender disinfect your files.
This is a trojan horse that steals private information, specifically login information for a number of
online games (see list below).
The malware moves itself at the location: <user's documents and settings>\Local Settings\Temp\dsoqq.exe. Sets an autorun of the copy by adding a value called "dso32" in the registry key
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run".
It also drops a '.dll' file called dsoqq0.dll at the same location as dsoqq.exe.
The malware also starts executing code through the explorer.exe process (the dll is created by explorer.exe). Explorer will create every minute or so on all drives an autorun.inf file pointing to an exe with a random name (e.g. bu8.exe) which is another copy of the malware. This will allow the malware to be distributed through removable drives.
The code running in explorer will also load the .dll file created when an application is run by the user. That .dll will be used to spy on the application of the user and if it detects one of the online games it will wait for the user to input his/her credentials and send them to the malware's creator. It will also try to bypass some antihack tools used with these games like HShield.
The full list of targeted games is:
SHARE
THIS ON