Home > General > 110511-trojan-pws.onlinegames3

110511-trojan-pws.onlinegames3

SUBMIT A SAMPLE Suspect a file or URL was wrongly detected? You may also refer to the Knowledge Base on the F-Secure Community site for further assistance. More Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site. I will try the malwarebytes option now. More about the author

At first I got surprised because SCII also has warden, and I had just finished playing a match and it didn't warn me of anything. Ankanamoon 90 Draenei Shaman 0 1573 posts Ankanamoon Ignored May 31, 2011 Copy URL View Post your welcome and yes malwarebytes is a great tool so great iv got It also infects particular files in order to automatically execute the trojan components. Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Password Stealer onto

Thanks a lot Ankanamoon! Blood and Gore Crude Humor Mild Language Suggestive Themes Use of Alcohol Violence Online Interactions Not Rated by the ESRB Support Feedback Americas - English (US) Region Americas Europe Asia China Language However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system. Installation This trojan may be downloaded and installed by other malware such TrojanDownloader:Win32/Chekafe.A or may be installed when visiting a malicious Web sites.

Is this a very new trojan that is specially hard to catch? So I donwloaded a free Kaspersky Trial, disabled Avast, and ran a full scan. Example of files it tries to modify are the following files, also commonly related to DirectX library files:   dsound.dllddraw.dlld3d9.dllolepro32.dll   The target file is copied with a file extension .MOD or .REP I'll update once the scan is done.

Technical Details A Trojan-PWS is very similar to a Trojan-Spy, but is geared mainly towards stealing account log-in details, including passwords (the PWS stands for password stealer). It may also secretly install other malicious programs. Removal Automatic action Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it. Indication of Infection Presence of the following files in the %SysDir% folder: MOSOU.EXE ROMDRIVERS.EXE DASO.EXE MHSO.EXE RXSO.EXE WDSO.EXE WMSO.EXE ZTSO.EXE LOADER.EXE JTSO0.EXE AUTO.EXE CONIME.EXE MOSOU.DLL WMSO.DLL WDSO0.DLL JTSO0.DLL RXSO0.DLL VER32.DLL RAVWM624.DLL

They found nothing, so I did a SuperAntiSpyware scan, and other than tracker cookies it found nothing. Stolen log-ins and passwords can allow an attacker to read a user's e-mail on public and corporate mail servers, as well as giving access to more sensitive material, such as online To perform its password-stealing routine, a Trojan-PWS will usually drop a keylogging component. Have your PC fixed remotely - while you watch! $89.95 Free Security Newsletter Sign Up for Security News and Special Offers: Indications of Infection: Risk Assessment:

Does it matter that I reactivated my wow account today? The DLL component harvests the names of gaming servers, players passwords, PIN number and other information for well known online games. Delete it if you find it. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run The following processes may be terminated: KREGEX.EXE RUNIEP.EXE AVP.EXE KVXP.KXP Back to Top Back To Overview View Removal Instructions All Users:Use specified engine and DAT files

Malwarebytes' scan is still running but it just found 3 threats. my review here And I am quite happy with Avast, I just disabled and tried with Kaspersky to see if Kaspersky would detect the trojan WoW warned me about. Or is Warden just glitching out on me? Forums Log In Shop Support Account Settings Games World of Warcraft® Diablo® III StarCraft® II Hearthstone® Heroes of the Storm™ Overwatch™ Forums IN DEVELOPMENT 7.2 PTR Bug Report 7.2 PTR General

I'll be back with more info. Antivirus Protection Dates Initial Rapid Release version May 10, 2005 Latest Rapid Release version August 8, 2016 revision 023 Initial Daily Certified version May 10, 2005 Latest Daily Certified version August com [Download message RAW] ClamAV database updated (21 Jul 2011 05-30 -0400): daily.cvd Version: 13343 Submission-ID: 24250258 Sender: VirScan.org Submission notes: Same as in Submission-ID 24244170 Added: No Submission-ID: 24250412 Sender: click site File Name : վ.rar File Size : 1716587 byte File Type : RAR archive data, v1d, os MD5 : 28062e4ec4e7ec373c5ef5813e9b70a1 SHA1 : 4319e1940ad3454fa053c045d037d6fea96b899a

The trojan will send this harvested data to a remote site via HTTP. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft The following registry key is modifed to ensure that the trojan is executed each time the victims system is rebooted.

Oh whats this?

For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx. Log in to join the conversation. sourcefire ! What to do now Manual removal is not recommended for this threat.

It also attempts to kill security-related processes with the following filenames: LIVESRV.EXE VCRMON.EXE Update.exe CCSVCHST.EXE ALUSCHEDULERSVC.EXE luall.exe ASHDISP.EXE avast.setup AVP.EXE prupdate.ppl AYAGENT.AYE AYUpdate.aye UFSEAGNT.EXE SfFnUp.exe UfUpdUi.exe AVGNT.EXE preupd.exe update.exe VSTSKMGR.EXE vsupdate.dll PWS:Win32/OnLineGames.GP is a detection for a trojan that steals account information for certain online games. Example of file names the trojan monitors are: PlayCHSLauncher.exe - Tower of Eternity ElementClient.exe - Perfect World DNF.exe - Dungeon & Fighter Additional Information Since several online games are likely to require DirectX components, the navigate to this website Writeup By: Maryl Magee Summary| Technical Details| Removal Search Threats Search by nameExample: [email protected] INFORMATION FOR: Enterprise Small Business Consumer (Norton) Partners OUR OFFERINGS: Products Products A-Z Services Solutions CONNECT WITH

Ankanamoon 90 Draenei Shaman 0 1573 posts Ankanamoon Ignored May 31, 2011 Copy URL View Post download malwarebytes anti malware open wow ignore the warning and type in the com> Date: 2011-07-21 9:31:27 Message-ID: 20110721093127.449E6300A0 () si01 ! https://www.surveymk.com/s/R6BG5YS Leiwar 110 Night Elf Druid 7260 11 posts Leiwar Ignored May 31, 2011 Copy URL View Post I made sure to update them before the scan. Such components stays active in Windows memory and starts keylogging (recording keystrokes) when a user is asked to input a log-in ID and a password.

Additional Windows ME/XP removal considerations Back to Top View Virus Characteristics Virus Information Virus Removal Tools Threat Activity Top Tracked Viruses Virus Hoaxes Regional Virus Information Global I play SCII almos daily and I've never had a warning on SCII. Top Threat behavior PWS:Win32/OnLineGames.GP is a detection for a trojan that steals account information for certain online games. Alert notifications from installed antivirus software may be the only symptom(s).

Just some of thefilenames it uses are listed below: MOSOU.EXE ROMDRIVERS.EXE DASO.EXE MHSO.EXE RXSO.EXE WDSO.EXE WMSO.EXE ZTSO.EXE LOADER.EXE JTSO0.EXE AUTO.EXE CONIME.EXE The trojan drops a DLL component also into the %SysDir% It does this by tracking users keystrokes and mouse clicks. Log In Return to Forum quote blizzardlogo netEaselogo Thanks for visiting the Blizzard Forums (2.14.0) · Patch Notes Support Feedback Americas - English (US) Region Americas Europe Asia China Language English If you continue to suspect a False Alarm, you may submit a sample of the suspect file to our Security Labs for further analysis via the Submit A Sample (SAS) page.

And it found nothing. So in recap, updated Avast, updated Kaspersky and updated SuperAntiSpyware could not find the trojan but Malwarebytes did.