Trojan Win32 Infostealer Gampass
1. Summary:
Infostealer.Gampass is a trojan horse with variable length of it's body. It's purpose is to steal passwords of gaming accounts of a number of online games. It records all keystrokes and sends these data to the attacker.
Aliases:
Computer Associates: Lineage.YI
Symantec: Bloodhound.KillAV
2. Detailed description:
Infostealer is a term that stands for all dangerous applications and trojan horses, that steal passwords of online gaming accounts - e.g. Lineage, Rohan or Ragnarok.
Trojan horse Infostealer.Gampass copies itself after the first execution into the %WINDOWS% directory under a randomly generated filename.
Trojan Infostealer.Gampass can create DLL libraries in the %SYSTEM% directory, also using random strings as filenames.
To secure it's execution after each restart, the Infostealer.Gampass adds a full path to it's binary into the run registry key.
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
If it detects any of the following programms running, it terminates them immediately:
adam.exe
eghost.exe
iparmor.exe
kavpfw.exe
mailmon.exe
RavMon.exe
Ravmond.exe
3. Cleaning:
- As in this case we deal with a very variable infectionality, I recommend using standard antivirus software to remove this infiltration.
DO NOT TRY TO REMOVE THIS TROJAN HORSE BY HAND!!!
0 writebacks [10/29/2007 02:46]
[]
permanent link
|
