- Security Center
- English ▾
Platform: Win32, DLL
Size: 81384 bytes
Trojan.Win32.OnLineGames.IZ is a Trojan program designed to steal user passwords to online games and messenger clients.
The Trojan installs itself to the system using another malicious program which loads the Trojan’s library to the address spaces for the current user processes.
Once launched, the Trojan checks the name of the original file process it is run in. If the file name is one of the following, the Trojan finishes its work:
- QQLogin.exe is an executable file of Tencent QQ,the most popular free instant messaging computer program in mainland China.
- DNF.exe is an executable file of Dungeon FighterOnline, a free fighting multiplayer online game.
If the "game.exe" file corresponds to the parent process, the Trojan launches a separate thread to steal user account information.
In addition, the Trojan steals content of the configuration file of the game “Forsaken World”:
where %GameDir% is a Forsaken World client installation folder.
In addition, the Trojan can capture the screen images and save them to the current user's temporary folder with the ".jpg" extension, using a random name.
The collected information is then sent to the intruder server as an HTTP request:
- Delete the original Trojan file (its file name and location depends on the way the Trojan originally penetrated a user’s computer).
- Run a full scan of your computer using the Antivirus program with the updated definition database (Download Ad-Aware Free).