Home / malware Trojan.PWS.OnlineGames.KCVU
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.PWS.OnlineGames.KCVU.
Explanation :
This password stealer will perform the following upon execution:
- make a fresh copy of itself inside %temp% folder, as herss.exe
- drop its dll component, inside %temp% folder, as cvasds0.dll
- register itself at startup, by adding the registry value:
SoftWareMicrosoftWindowsCurrentVersionRuncdoosoft, which will point to %temp%herss.exe
- inject the dropped dll (cvasds0.dll) inside running processes.
The DLL is responsabile for making the actual "stealing". After being injected in all running processes, it will also create new copies of the trojan inside the root directory of every drive, as bychft.exe, and autorun.inf files, which will point to bychft.exe.
It will steal sensitive data related to the following online games: MapleStory, AgeOfConan, The Lord of the Rings Online, Knight Online, Metin 2, FlyFF. The trojan also contains large lists of IP addresses, where the trojan will send the data stolen from the victoms computer.Last update 21 November 2011
