Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/PSW.OnLineGames.OTF

Aliases:Trojan-GameThief.Win32.WOW.xhw (Kaspersky), PWS:Win32/Lolyda.AU (Microsoft), GenericPWS.y!bzs trojan (McAfee) 
Type of infiltration:Trojan  
Size:81920 B 
Affected platforms:Microsoft Windows 
Signature database version:4891 (20100223) 

Short description

Win32/PSW.OnLineGames.OTF is a trojan that steals sensitive information. The trojan can send the information to a remote machine.

Installation

The trojan does not create any copies of itself.

The trojan loads and injects the %windir%system32329148.dll library into the following processes:
  • wow.exe
The trojan creates copies of the following files (source, destination):
  • %system%wininet.dll, %system%t3wininet.dll

Information stealing

The trojan collects information related to the on-line game World of Warcraft.

The trojan can send the information to a remote machine.

The trojan contains a list of (4) URLs. The HTTP protocol is used.

It can execute the following operations:
  • capture screenshots