Home > General > 110511-trojan-pws.onlinegames3


If you suspect a file has been incorrectly identified as malicious, (that is, it is a False Alarm or a False Positive), please first ensure your F-Secure security program is up-to-date Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Password Stealer onto Blood and Gore Crude Humor Mild Language Suggestive Themes Use of Alcohol Violence Online Interactions Not Rated by the ESRB Login to PartnerNet Hi, My Details Overview Logout United States PRODUCTS Threat Ankanamoon 90 Draenei Shaman 0 1573 posts Ankanamoon Ignored May 31, 2011 Copy URL View Post and on a side note when you say you disabled avast just so

It may also secretly install other malicious programs. I'll be back with more info. More Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site. The trojan may be present as the following files:   %temp%\<3 random letters>.tmp %temp%\<5 random letters>.drv %windir%\system\<3 random letters>.tmp %windir%\system\<5 random letters>.drv   For example: %temp%\ave.tmp %temp%\fdkjl.drv %windir%\system\ave.tmp %windir%\system\fdkjl.drv   PWS:Win32/OnLineGames.GP modifies certain system files on the

Installation This trojan may be downloaded and installed by other malware such TrojanDownloader:Win32/Chekafe.A or may be installed when visiting a malicious Web sites. Submit a sample to our Labs for analysis Submit Now Scan & clean your PC F-Secure Online Scanner will scan and clean your PC in just a few minutes for free Note As of March 2010, the former naming convention 'Trojan-PSW' has been updated to 'Trojan-PWS' to make identification easier for users and to ensure naming practices are in line with current

Top Threat behavior PWS:Win32/OnLineGames.GP is a detection for a trojan that steals account information for certain online games. Additional Windows ME/XP removal considerations Back to Top View Virus Characteristics Virus Information Virus Removal Tools Threat Activity Top Tracked Viruses Virus Hoaxes Regional Virus Information Global Stolen log-ins and passwords can allow an attacker to read a user's e-mail on public and corporate mail servers, as well as giving access to more sensitive material, such as online Top Follow:I want to...Get helpRemove difficult malwareAvoid tech support phone scamsSee and search the latest threatsFind answers to other problemsFix my softwareFix updates and solve other problemsSee common error codesDownload and

Blood and Gore Crude Humor Mild Language Suggestive Themes Use of Alcohol Violence Online Interactions Not Rated by the ESRB Support Feedback Americas - English (US) Region Americas Europe Asia China Language Does it matter that I reactivated my wow account today? File Name : վ.rar File Size : 1716587 byte File Type : RAR archive data, v1d, os MD5 : 28062e4ec4e7ec373c5ef5813e9b70a1 SHA1 : 4319e1940ad3454fa053c045d037d6fea96b899a Example of files it tries to modify are the following files, also commonly related to DirectX library files:   dsound.dllddraw.dlld3d9.dllolepro32.dll   The target file is copied with a file extension .MOD or .REP

The following registry key is modifed to ensure that the trojan is executed each time the victims system is rebooted. Ankanamoon 90 Draenei Shaman 0 1573 posts Ankanamoon Ignored May 31, 2011 Copy URL View Post your welcome and yes malwarebytes is a great tool so great iv got Oh whats this? Just some of thefilenames it uses are listed below: MOSOU.EXE ROMDRIVERS.EXE DASO.EXE MHSO.EXE RXSO.EXE WDSO.EXE WMSO.EXE ZTSO.EXE LOADER.EXE JTSO0.EXE AUTO.EXE CONIME.EXE The trojan drops a DLL component also into the %SysDir%

When executed this trojan copies itself to the %SysDir% folder using random filenames. http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=PWS%3AWin32%2FOnLineGames.GP Thanks a lot Ankanamoon! If you continue to suspect a False Alarm, you may submit a sample of the suspect file to our Security Labs for further analysis via the Submit A Sample (SAS) page. I open WoW and I am again warned of 110511 Trojan-PWS.Onlinegames3.

Is this a very new trojan that is specially hard to catch? Ankanamoon 90 Draenei Shaman 0 1573 posts Ankanamoon Ignored May 31, 2011 Copy URL View Post malwarebytes is a great program after its finished cleaning the machine run your And I am quite happy with Avast, I just disabled and tried with Kaspersky to see if Kaspersky would detect the trojan WoW warned me about. So I donwloaded a free Kaspersky Trial, disabled Avast, and ran a full scan.

However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system. Payload Disables WFP Some variants of this malware disable Windows File Protection (WFP) by modifying registry data.   Modifies value: "SFCDisable"With data: "4294967197" ("0xFFFFFF9D")In subkey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon   Captures and sends data to It also infects particular files in order to automatically execute the trojan components. The DLL component harvests the names of gaming servers, players passwords, PIN number and other information for well known online games.

Delete it if you find it. The Trojan copies itself into the following location: %Temp%\dsoqq.exe And drops the following files: %Temp%\apiqq.exe [Found to be Tojan] %Temp%\apiqq0.dll [Found to be Tojan] %Temp%\dsoqq0.dll [ Detected as PWS-OnlineGames.a] The following For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.

Suspect A False Alarm?

The red color spreads throughout the disc to indicate whether a threat is moderate, high or severe.PreviousNextSummaryWhat to do nowTechnical informationSymptoms Symptoms There are no common symptoms associated with this threat. Antivirus Protection Dates Initial Rapid Release version May 28, 2002 Latest Rapid Release version January 31, 2017 revision 023 Initial Daily Certified version May 28, 2002 revision 007 Latest Daily Certified sourcefire ! Ankanamoon 90 Draenei Shaman 0 1573 posts Ankanamoon Ignored May 31, 2011 Copy URL View Post download malwarebytes anti malware open wow ignore the warning and type in the

At first I got surprised because SCII also has warden, and I had just finished playing a match and it didn't warn me of anything. What to do now Manual removal is not recommended for this threat. Many of these additionally are mass spammed by the author to entice people into double-clicking on them. And it found nothing.

Technical Details A Trojan-PWS is very similar to a Trojan-Spy, but is geared mainly towards stealing account log-in details, including passwords (the PWS stands for password stealer). com [Download message RAW] ClamAV database updated (21 Jul 2011 05-30 -0400): daily.cvd Version: 13343 Submission-ID: 24250258 Sender: VirScan.org Submission notes: Same as in Submission-ID 24244170 Added: No Submission-ID: 24250412 Sender: Back to Top View Virus Characteristics Virus Characteristics ----- Updated September 3, 2010 ----- File Information: MD5 -23396C331547D1119207DD8C42E6BF8F SHA -5665133BE2B816B5AC4F888AD7C5DA8D98BB3BC3 Aliases: Kaspersky: Trojan-Dropper.Win32.Small.fwx NOD32: a variant of Win32/PSW.OnLineGames.POY Quick Malwarebytes' scan is still running but it just found 3 threats.

Example of file names the trojan monitors are: PlayCHSLauncher.exe - Tower of Eternity ElementClient.exe - Perfect World DNF.exe - Dungeon & Fighter Additional Information Since several online games are likely to require DirectX components, the It also attempts to kill security-related processes with the following filenames: LIVESRV.EXE VCRMON.EXE Update.exe CCSVCHST.EXE ALUSCHEDULERSVC.EXE luall.exe ASHDISP.EXE avast.setup AVP.EXE prupdate.ppl AYAGENT.AYE AYUpdate.aye UFSEAGNT.EXE SfFnUp.exe UfUpdUi.exe AVGNT.EXE preupd.exe update.exe VSTSKMGR.EXE vsupdate.dll To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Have your PC fixed remotely - while you watch! $89.95 Free Security Newsletter Sign Up for Security News and Special Offers: Indications of Infection: Risk Assessment:

Antivirus Protection Dates Initial Rapid Release version May 10, 2005 Latest Rapid Release version August 8, 2016 revision 023 Initial Daily Certified version May 10, 2005 Latest Daily Certified version August Forums Log In Shop Support Account Settings Games World of Warcraft® Diablo® III StarCraft® II Hearthstone® Heroes of the Storm™ Overwatch™ Forums IN DEVELOPMENT 7.2 PTR Bug Report 7.2 PTR General To perform its password-stealing routine, a Trojan-PWS will usually drop a keylogging component.