Home>Trojan Programs>PSW Trojans>

Trojan.PWS.OnlineGames.ZAY

Alert Level :	medium
Discovered:	2008Jun17
Tag:	Trojan   PWS
Discoverer and Source:	http://www.bitdefender.com/

Malware Behavior and Technical Description

Presence of woooooo.dll file in %SYSTEM% directory.
Presence of AppInit_DLLs with data woooooo.dll in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows registry key.
Increased network activity.

This trojan is intended to steal passwords from online games. Once it is executed, a .dll file will be dropped in %SYSTEM% directory. That .dll file actually does all the job.

On a new system restart, the dll will be injected in every running process. If the target process is not the right one, the trojan will simply unload itself from that process.

Next, this malware will do several things to break the application protection, and then will send stolen data to a web server, originated in China. While communicating with server, User-Agent is set to "Inet".

Malware communicates with server using GET method, link looks something like:
http://sy62[removed]22.org/chuanshi/push.asp?b=..

Removal Trojan.PWS.OnlineGames.ZAY instructions:

Please let BitDefender delete your files.

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware