Home / malware Packer.Malware.NSAnti.1
First posted on 21 November 2011.
Source: BitDefenderAliases :
Packer.Malware.NSAnti.1 is also known as PWS:Win32/Frethog, (OneCare.
Explanation :
Packer.Malware.NSAnti.1 is the name for a generic detection of malicious packed PWS-Onlinegames trojans which attempt to steal password and user information for specific online games. These are usually downloaded by other malware or even by users when visiting malicious websites. These trojans also have the ability to download updated versions of themselves or other malware.
When launched for the first time, this malware copies itself in "%system32%[name].exe" and also drops a file as "%system32%[name][digit].dll"
[name] is usually a 4-letter string, usually: "amvo", "kavo", "kxvo", "mmvo", "tavo".
If "[name].exe" was "amvo.exe", "[name][digit].dll" would be "amvo0.dll" or "amvo1.dll"
The malware has worm functionality and copies itself in the root of removable devices and adds an "autorun.inf" file in order to be launched every time the device is accesed. Also, it adds a value in the registry subkey: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun in order to be launched every time the system is started.
Examples of games targeted by this malware are: Silkroad Online, KnightOnline, Lineage or Cabal Online.Last update 21 November 2011
