Windows Security Tutorials - Herong's Tutorial Examples - Version 3.00, by Dr. Herong Yang
PWS-Mmorpg.gen - A Password Stealer Trojan
This section describes the PWS-Mmorpg.gen Trojan targeting online game account information.
After seeing the McAfee VirusScan log file record on PWS-Mmorpg.gen (Trojan), I searched on the Internet and got some descriptions about this type of PWS Trojan.
Aliases: PWS-Mmorpg.gen, TR/PSW.OnLineGames.DR, Trojan-PSW.Win32.OnLineGames.dr, Trojan.OnLineGames-5, Trojan.Pws.Onlinegames.DR Type: Trojan/Generic Discovery Date: 05/07/2007 Characteristics: PWS-Mmorpg is a trojan written in Borland Delphi, that attempts to steal passwords information for popular online MMORPG games. It also contains functionality to post this information to a remote website. When executed, it drops the following files in all available drives, including removable and floppy drives: .\Shell.exe --> copy of the trojan .\autorun.inf --> detected as W32/USBAgent!inf %WINDIR%\Help\ACDF4F3D0FD.exe --> copy of the trojan %WINDIR%\Help\ACDF4F3D0FD.dll --> detected as PWS-Mmorpg.gen ...
Aliases: Troj/OnLineG-J, PWS-Mmorpg.gen, Trojan-PSW.Win32.OnLineGames.acz Sophos Protection: available since 27 July 2007 Category: Viruses and Spyware Type: Trojan Method of Infection: When first run Troj/OnLineG-J copies itself to %System%\dsfids6.exe and creates the file %System%\9kxk0.dll. The following registry entry is created to run dsfids6.exe on startup: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run daskaskfsak6 = %System%\dsfids6.exe
Apparently, these 2 Web pages were not talking about the same Trojan. But I use them to compare with what happened on my friends computer.
Last update: 2006.
Table of Contents