Win32/PSW.OnLineGames [Threat Name] go to Threat

Win32/PSW.OnLineGames.OTF [Threat Variant Name]

Category trojan
Size 81920 B
Detection created Feb 12, 2010
Signature database version 4862
Aliases Trojan-GameThief.Win32.WOW.xhw (Kaspersky)
  PWS:Win32/Lolyda.AU (Microsoft)
  GenericPWS.y!bzs.trojan (McAfee)
Short description

Win32/PSW.OnLineGames.OTF is a trojan that steals sensitive information. The trojan can send the information to a remote machine.

Installation

The trojan does not create any copies of itself.


The trojan loads and injects the %windir%\system32\329148.dll library into the following processes:

  • wow.exe

The trojan creates copies of the following files (source, destination):

  • %system%\­wininet.dll, %system%\­t3wininet.dll
Information stealing

The trojan collects information related to the on-line game World of Warcraft .


The trojan can send the information to a remote machine.


The trojan contains a list of (4) URLs. The HTTP protocol is used.


It can execute the following operations:

  • capture screenshots

Please enable Javascript to ensure correct displaying of this content and refresh this page.