English 
Deutsch
Español
Français
Portuguese
PWSteal.OnLineGames PWSteal.OnLineGames
By
ZulaZuza in 
Loading ...
PWSteal.OnLineGames Description
PWSteal.OnLineGames is a hazardous Trojan infection typically installed onto a computer via web browser security exploits, and without user knowledge or permission. PWSteal.OnLineGames, known under other aliases such as PWSteal.OnLineGames.ZDH, PWSteal.OnLineGames.CSX, PWSteal.OnLineGames.AQ, and PWSteal.OnLineGames.ZDJ.dll – is known to begin downloading additional malware onto the compromised computer once active, and may also place personal and financial information data at great risk of being stolen by unauthorized remote users.
Type: Trojans
How Can You Detect PWSteal.OnLineGames?
PWSteal.OnLineGames Technical Report
As new PWSteal.OnLineGames details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following PWSteal.OnLineGames files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| donp32drv.dll | 45056 | 0db7eed17176208bd3dce3f9818b5daa |
| zjydcx.dll | 215040 | 9b752134f4d1ce226152604863917df8 |
| rundl132.exe | 71282 | 1d7d5b363f044620da0b109194a63392 |
PWSteal.OnLineGames has typically the following processes in memory:
- donp32drv.dll
- NAVMon64.exE
- tciocp64.exe
- zyzxgime.dll
- mpmydapi.dll
- apfobdet.dll
- issms32.dll
- xjozzzci.exe
- zptlbsys.dll
- wbjk3fs8ghs.dll
- efc0c52cc1.dll
- dionpis.dll
- NAVMon64.dll
- fmsbbqi.exe
- oohxcbyt.dll
- zxmsbwin.dll
- ptjhdhlp.dll
- tciocp64.dll
- cxwjrxzd.exe
- ticisms.exe
- mgmdqtjzg47.dll
- mpnfpomk.dll
- tisqdtyu.dll
- fmsjhif.dll
- fmsiocps.dll
- bincdwsa.dll
- oohxbbyt.dll
- ypdjebmp.dll
- apsgajba.dll
- yzztfmsn.dll
- fiosectc.dll
- ptshell.exe
- ywtlgfl.dll
- jyjwxfgx.dll
- KerndDrv.dll
PWSteal.OnLineGames creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ fmsbbqi
- HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ xcyxpwzj
- HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ticisms
- HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ NAVMon64
- RUNNING PROGRAM\winlogon.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ptshell
- RUNNING PROGRAM\explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ tciocp64
- HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ txpjoobz
Important Article Disclaimer
This entry was posted on 07/2/09 and is filed under Trojans.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
