Content
PWS-Mmorpg.gen!02214058
- Type
- Trojan
- SubType
- Password
- Discovery Date
- 11/06/2008
- Length
- 22219
- Minimum DAT
- 5425 (11/05/2008)
- Updated DAT
- 5425 (11/05/2008)
- Minimum Engine
- N/A
- Description Added
- 11/06/2008
- Description Modified
- 11/06/2008 7:45 AM (PT)
Tab Navigation
Characteristics
| File Property | Property Value |
|---|---|
| FileName | new11e~1.exe |
| McAfee Detection | PWS-Mmorpg.gen |
| Length | 22,219 bytes |
| CRC | 02214058 |
| MD5 | EC47FE94C168389A0DDF0CE4959EC3E2 |
| SHA1 | 5971FC68D95392AB9294D7D6D32494DC0E0B1343 |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| AVG (GriSoft) | dropper.agent.koq |
| Kaspersky | Trojan-Dropper.Win32.Agent.yux |
| norman | w32/packed_upack.a |
| Symantec | Infostealer.Onlinegame |
| Trend Micro | TSPY_ONLINEG.IA |
AvertŪ Labs has observed the following system activities:
| Activity | Risk Level |
|---|---|
| Hijacks an executables execution |
High |
| Enumerates running processes |
Medium |
| Writes executable in the windows folder |
Low |
| Registers DLLs | Informational |
Other detections that have been observed.
| FileName | McAfee Supported |
|---|---|
| %WINDIR%\system32\d7c79813.dll |
PWS-OnlineGames.s |
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files have been added to the system:
The following registry elements have been created:
- (default) = d7c79813.dll
- threadingmodel = apartment
Symptoms
Method of Infection
Removal
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Variants
Variants
N/A
All Information
Overview -
Characteristics
Characteristics -
| File Property | Property Value |
|---|---|
| FileName | new11e~1.exe |
| McAfee Detection | PWS-Mmorpg.gen |
| Length | 22,219 bytes |
| CRC | 02214058 |
| MD5 | EC47FE94C168389A0DDF0CE4959EC3E2 |
| SHA1 | 5971FC68D95392AB9294D7D6D32494DC0E0B1343 |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| AVG (GriSoft) | dropper.agent.koq |
| Kaspersky | Trojan-Dropper.Win32.Agent.yux |
| norman | w32/packed_upack.a |
| Symantec | Infostealer.Onlinegame |
| Trend Micro | TSPY_ONLINEG.IA |
AvertŪ Labs has observed the following system activities:
| Activity | Risk Level |
|---|---|
| Hijacks an executables execution |
High |
| Enumerates running processes |
Medium |
| Writes executable in the windows folder |
Low |
| Registers DLLs | Informational |
Other detections that have been observed.
| FileName | McAfee Supported |
|---|---|
| %WINDIR%\system32\d7c79813.dll |
PWS-OnlineGames.s |
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files have been added to the system:
The following registry elements have been created:
- (default) = d7c79813.dll
- threadingmodel = apartment
Symptoms
Symptoms -
Method of Infection
Method of Infection -
Removal -
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
