Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/PSW.OnLineGames.OTQ

Aliases:Trojan-GameThief.Win32.WOW.xhz (Kaspersky), Trojan:Win32/Meredrop (Microsoft), Trojan.PWS.OnlineGames.KDEM (F-Secure) 
Type of infiltration:Trojan  
Size:626692 B 
Affected platforms:Microsoft Windows 
Signature database version:4891 (20100223) 

Short description

Win32/PSW.OnLineGames.OTQ is a trojan that installs Win32/PSW.OnLineGames.OTF malware. The trojan tries to download and execute several files from the Internet.

Installation

When executed, the trojan creates the following files:
  • %windir%system32t329148.dll (81920 B, Win32/PSW.OnLineGames.OTF)
The trojan creates copies of the following files (source, destination):
  • %system%rpcss.dll, %system%t3rpcss.dll
The trojan attempts to replace the following files with a copy of itself:
  • %system%rpcss.dll
The trojan loads and injects the %windir%system32t329148.dll library into the following processes:
  • explorer.exe
  • ravmond.exe

Other information

The trojan contains a list of (4) URLs. It tries to download several files from the addresses. The HTTP protocol is used.

These are stored in the following locations:
  • %temp%%variable%
A string with variable content is used instead of %variable%.

The files are then executed.