Home / malware Trojan.PWS.Onlinegames.KDDS
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.PWS.Onlinegames.KDDS.
Explanation :
This malware purpose is to steal information about online games. When executed it copies itself to temp folder as herss.exe and drops a file named cvasds0.dll in the same folder, both hidden. The .dll file will then be injected into memory of explorer.exe and execution will continue from there. The injected dll is responsible for the following actions: - It will make an additional copy of the executable file inside root directory of the system drive, as bveijo.exe, and will create an autorun.inf file pointing to it. -It will register the executable file at startup by adding the key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunherss pointing to ┘ empherss.exe -It will uncheck the option "Show hidden files and folders" under Folder Options -> View by modifying the registry -It will disable the Regedit tool The injected dll will begin to steal passwords regarding several online games: MapleStory, Metin2, Knight Online, Silkroad The propagation of the malware is assured by a periodically creation of the autorun.inf and associated executable files in the root folder of the local partitions and removable drives.
Last update 21 November 2011
