|Detected||Apr 10 2009 17:24 GMT|
|Released||Apr 10 2009 21:32 GMT|
|Published||Oct 25 2010 07:35 GMT|
This Trojan belongs to the family of Trojans that steals passwords from online gaming user accounts. It is a Windows application (PE EXE file). It is 15 648 bytes in size. It is packed using UPX. The unpacked file is approximately 214 KB in size. It is written in C++.
Once launched, the Trojan performs the following actions:
%System%\sfc_os.dll %System%\rundll32.exethe Trojan creates copies, which it saves under the following names respectively:
%System%\ComRes.dllinto the file called:
%WinDir%\fOntS\ComRes.dllThis file is 160 752 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.OnLineGames.uvzj.
%WinDir%\fOntS\gth68338.ttfThis file is 30 720 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.OnLineGames.uvun.
%WinDir%\fOntS\gth68338.fonThis file is 1312 bytes in size.
%System%\ComRes.dllThis file is 160 752 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.OnLineGames.uvzj.
%System%\gth68338.exe %WinDir%\fOntS\ComRes.dll ins <path_to_original_body_of_trojan>which in turn launches the file "ComRes.dll" and calls a function called "ins", which passes the path to the original body of the Trojan as a parameter.
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
%System%\mmsfc1.dll %System%\gth68338.exe %System%\ComRes.dll %WinDir%\fOntS\ComRes.dll %WinDir%\fOntS\gth68338.ttf %WinDir%\fOntS\gth68338.fon
%System%\sysgth.dllin the file:
This type of malicious program is designed to steal user account information for online games. The data is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data.