Home / malware PWS:Win32/Frethog.gen!B
First posted on 25 February 2009.
Source: SecurityHomeAliases :
PWS:Win32/Frethog.gen!B is also known as Also Known As:PWS-LegMir.dll (McAfee), Infostealer.Gampass (Symantec), Trojan-PSW.Win32.OnLineGames.oz (Kaspersky), TSPY_ONLINEG.BGG (Trend Micro), Troj/Lineag-Gen (Sophos).
Explanation :
PWS:Win32/Frethog.gen!B is a DLL component dropped by one variant of Win32/Frethog - a large family of password-stealing trojans that targets confidential data, such as account information, from Massive Multiplayer Online Role Playing Games (MMORPG).
Symptoms
There are no common symptoms associated with this threat - links are activated within IFrames while viewing Web content on maliciously modified pages. Alert notifications from installed antivirus software may be the only symptom(s).
PWS:Win32/Frethog.gen!B is a DLL component dropped by one variant of Win32/Frethog - a large family of password-stealing trojans that targets confidential data, such as account information, from Massive Multiplayer Online Role Playing Games (MMORPG).InstallationWhen executed, Win32/Frethog drops a DLL with a randomly generated file name and injects it into explorer.exe. It may modify the following registry entry in order to load the installed DLL at each Windows start:Modifies value: "AppInit_DLLs"With data: [path to the dll]In subkey: HKLMSoftwareMicrosoftWindows NTCurrentVersionWindowsPayloadSteals Online Game DataThis trojan may steal online game passwords and other login related data and upload the captured information to a predefined remote server. Terminates ProcessesThis trojan attempts to kill popular security related processes, like AVP, Ravmon, etc.Additional InformationPlease refer to our detailed Win32/Frethog family analysis for more information.
Analysis by Wei LiLast update 25 February 2009
