Home / malwarePDF  

PWS:Win32/OnLineGames.NQ


First posted on 30 May 2014.
Source: Microsoft

Aliases :

There are no other names known for PWS:Win32/OnLineGames.NQ.

Explanation :

Threat behavior PWS:Win32/OnLineGames.NQ is a trojan that is specifically used to capture personal information, such as user names and passwords, and then send that information to a remote attacker.

Installation

PWS:Win32/OnLineGames.NQ creates the following files on your PC:

  • %windir%\version.dat
  • %windir%\temp\version.dat
  • c:\a.dat
  • c:\documents and settings\administrator\local settings\temp\version.dat
The malware uses code injection to make it harder to detect and remove. It can inject code into running processes, including the following:

  • explorer.exe


Payload

PWS:Win32/OnLineGames.NQ tries to steal your password and other account information from popular online games. It sends this information to a hacker. Contacts remote host
The malware might contact a remote host at www.dompage.co.kr using port 80. Commonly, malware does this to:
  • Report a new infection to its author
  • Receive configuration or other data
  • Download and run files, including updates or other malware
  • Receive instructions from a remote hacker
  • Upload data taken from your PC

This malware description was produced and published using automated analysis of file SHA1 f2434ffe43ea2a6387c4b39c66f1f9185e31645c.Symptoms

System changes

The following could indicate that you have this threat on your PC:

  • You have these files:

    %windir%\version.dat
    %windir%\temp\version.dat
    c:\a.dat
    c:\documents and settings\administrator\local settings\temp\version.dat

Last update 30 May 2014

 

TOP