Trojan Horse PSW.Online Games

During all time since adding OnlineGames Trojan to our database we track it changes and add them in the list below, removing files mentioned from your hard drive and deleting them This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them

Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet

OnlineGames Trojan is program that covertly follow your affairs on your machine, gathering private data, such as usernames, passwords, account numbers, files, and even driver's license or social security numbers.

Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch The following programs are terminated: ALUSCHEDULERSVC.EXE ASHDISP.EXE AVGNT.EXE AVGRSX.EXE AVP.EXE AYAGENT.AYE CCSVCHST.EXE EKRN.EXE LIVESRV.EXE UFSEAGNT.EXE VCRMON.EXE VSTSKMGR.EXE The trojan can download and execute a file from the Internet.

Attach suspicious files that you see that possibly a part of OnlineGames Trojan. The following programs are terminated: ALUSCHEDULERSVC.EXE ASHDISP.EXE AVGNT.EXE AVGRSX.EXE AVP.EXE AYAGENT.AYE CCSVCHST.EXE EKRN.EXE LIVESRV.EXE UFSEAGNT.EXE VCRMON.EXE VSTSKMGR.EXE The trojan can download and execute a file from the Internet.

Now, start The Avenger program by clicking on its icon on your desktop. Information stealing The trojan collects various information related to online computer games.

If you are asked to reboot the machine choose Yes.======================================After that Please download ComboFix from Here to your Desktop.**Note: In the event you already have Combofix, this is a new version

They monitor what keys a user pressed and sends the keyboard activity logs to a malicious hacker. The trojan may also attempt to read certain variables from the games' configuration files. The stolen information is then sent to a remote recipient using e-mail.Published Date:Apr 11, 2011 Alert level:severe PWS:Win32/OnLineGames.FR Alias:Win32/PSW.OnLineGames.ODD(ESET),PSW.OnlineGames.BEMW(AVG) Description:PWS:Win32/OnLineGames.FR is a trojan that steals passwords and other sensitive information.

Such assets are often sold or auctioned off for real-world currency.

Installation When executed, the trojan copies itself into the %temp% folder using the following name: herss.exe(118853B) The following file is dropped in the same folder: cvasds%number%.dll(77799B) The variable %number% represents a Published Date:Jan 09, 2013 Alert level:severe PWS:Win32/OnLineGames.BA Alias:PWS:Win32/OnLineGames(Microsoft),Trojan-PSW.Win32.OnLineGames.kmy(Kaspersky) Description:PWS:Win32/OnLineGames.BA is a trojan that logs keystrokes (such as usernames and passwords) and attempts to steal sensitive information related to the online game 'The Lord

Close any open browsers or any other programs that are open.2. The stolen data is sent to a hacker by accessing the specified website with a specially constructed URL.

If you have since resolved the original problem you were having, we would appreciate you letting us know.