Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Short description
Win32/PSW.OnLineGames.OOW is a trojan that steals sensitive information. The trojan can send the information to a remote machine.
Installation
When executed, the trojan creates the following files:
  • %temp%~%variable%.~~~ (371200 B)
  • %windir%systemgz29030.ini (1564 B)
  • %windir%systemgz29030.dll (53248 B)
The trojan may create copies of the following files (source, destination):
  • %system%rundll32.exe, %system%gz29030.exe
The trojan creates copies of the following files (source, destination):
  • %system%rpcss.dll, %system%gzrpcss.dll
The trojan attempts to replace the following files with a copy of itself:
  • %system%rpcss.dll
The trojan loads and injects the "%windir%systemgz29030.dll" library into the following processes:
  • explorer.exe
The following Registry entry is set:
  • [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRpcSs]
    "ObjectName" = "LocalSystem"
Information stealing
The trojan collects information related to the on-line game World of Warcraft .

The trojan creates and runs a new thread with its own program code within the following processes:
  • wow.exe
The trojan can send the information to a remote machine. The trojan contains a list of (2) URLs. The HTTP protocol is used.
Other information
The trojan may create the following files:
  • %WOWfolder%temp%variable%.gif
A string with variable content is used instead of %variable% .