Home / malware Trojan.PWS.Onlinegames.KBTP
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.PWS.Onlinegames.KBTP is also known as PWS:Win32/Frethog.C, TR/PWS.Magania.avc Trojan.PWS.Wsgame.
Explanation :
Password stealer targeting online games like MapleStroy, AgeOfConnan, Metin2
When is launched it drops %system%driversklif.sys which will be registered as service:
HKLMSYSTEMCurrentControlServiceServicesKAVsys. Loading this driver will hide the entries from registry and dropped files.
Will inject after in all running processes the dropped %system%"
mdfgds0.dll in order to monitor keyboard's and mouse's inputs.
Copies itself in "C:
andom_name.cmd and to be lunched when the partition is accessed from Explorer creates an obfuscated C:autorun.inf. Another copy is created as %system%olhrwef.exe
Tries to download the file "http://hjyuw2.com/[removed]/help1..rar" - empty at the moment of descriptionLast update 21 November 2011