|Detected||Apr 30 2009 08:16 GMT|
|Released||Apr 30 2009 20:02 GMT|
|Published||Oct 25 2010 07:29 GMT|
This Trojan belongs to the family of Trojans that steals passwords from online gaming user accounts. It is a Windows application (PE EXE file). It is 16 672 bytes in size. It is packed using UPX. The unpacked file is approximately 293 KB in size. It is written in C++.
Once launched, the Trojan performs the following actions:
%System%\sfc_os.dll %System%\rundll32.exethe Trojan creates copies, which it saves under the following names respectively:
%System%\ComRes.dllinto the file called:
%WinDir%\fonts\comres1.ttfThis file is 165 888 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.OnLineGames.blyj.
%WinDir%\fOntS\GTH78380.ttfThis file is 35 328 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.OnLineGames.vcpl.
%WinDir%\fOntS\GTH78380.fonThis file is 1312 bytes in size.
%System%\ComRes.dllThis file is 165 888 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.OnLineGames.blyj.
%System%\GTH78380.exe %WinDir%\fOnTs\comres1.ttf dns <path_to_original_body_of_trojan<
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
%System%\mmsfc1.dll %System%\GTH78380.exe %System%\ComRes.dll %WinDir%\fOntS\ComRes1.ttf %WinDir%\fOntS\GTH78380.ttf %WinDir%\fOntS\GTH78380.fon
%System%\sysGTH.dllin the file:
This type of malicious program is designed to steal user account information for online games. The data is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data.