Home / malware PWS:Win32/OnLineGames.LH
First posted on 26 December 2011.
Source: MicrosoftAliases :
PWS:Win32/OnLineGames.LH is also known as RTKT_GAMETHI.IO (Trend Micro), Troj/Agent-ROG (Sophos).
Explanation :
PWS:Win32/OnLineGames.LH is a trojan that steals account information from popular online games and sends it to a remote server.
Top
PWS:Win32/OnLineGames.LH is a trojan that steals account information from popular online games and sends it to a remote server.
Installation
PWS:Win32/OnLineGames.LH is usually dropped as, and replaces the legitimate file "<system folder>\ws2help.dll".
Note: <system folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Payload
Steals online game information
PWS:Win32/OnLineGames.LH attempts to steal the following information:
- User name
- Password
- Character information
Analysis by Chun Feng
Last update 26 December 2011
