Win32/PSW.OnLineGames [Threat Name] go to Threat

Win32/PSW.OnLineGames.OTQ [Threat Variant Name]

Category trojan
Size 626692 B
Detection created Feb 23, 2010
Detection database version 4891
Aliases Trojan-GameThief.Win32.WOW.xhz (Kaspersky)
  Trojan:Win32/Meredrop (Microsoft)
  Trojan.PWS.OnlineGames.KDEM (F-Secure)
Short description

Win32/PSW.OnLineGames.OTQ is a trojan that installs Win32/PSW.OnLineGames.OTF malware. The trojan tries to download and execute several files from the Internet.

Installation

When executed, the trojan creates the following files:

  • %windir%\­system32\­t329148.dll (81920 B, Win32/PSW.OnLineGames.OTF)

The trojan creates copies of the following files (source, destination):

  • %system%\­rpcss.dll, %system%\­t3rpcss.dll

The trojan attempts to replace the following files with a copy of itself:

  • %system%\­rpcss.dll

The trojan loads and injects the %windir%\system32\t329148.dll library into the following processes:

  • explorer.exe
  • ravmond.exe
Other information

The trojan contains a list of (4) URLs. It tries to download several files from the addresses. The HTTP protocol is used.


These are stored in the following locations:

  • %temp%\­%variable%

A string with variable content is used instead of %variable% .


The files are then executed.

Please enable Javascript to ensure correct displaying of this content and refresh this page.