English
Deutsch
Français
Español
Italiano
Home
Virus Info
TR/Thief.Wow.dom
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TechBlog
TR/Thief.Wow.dom - Trojan
See also
Summary
Full description
Statistics
How would you rate this information?
Worthless
Excellent
Virus:
TR/Thief.Wow.dom
Date discovered:
19/12/2008
Type:
Trojan
Subtype:
Thief
In the wild:
Yes
Reported Infections:
Low
Distribution Potential:
Low
Damage Potential:
Medium
Static file:
Yes
File size:
102.400 Bytes
MD5 checksum:
9116885e7eb017b5499471e79b1702d0
IVDF version:
7.01.01.08
- Fri, 19 Dec 2008 09:11 (GMT+1)
General
Method of propagation:
• No own spreading routine
Aliases:
• Kaspersky: Trojan-GameThief.Win32.WOW.dom
• F-Secure: Trojan-GameThief.Win32.WOW.dom
• Sophos: Mal/GamePSW-C
• Grisoft: PSW.OnlineGames.BJQU
• Eset: Win32/PSW.WOW.DON trojan
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Disable security applications
• Steals information
Process termination
List of processes that are terminated:
• ravmon.exe; kavpfw.exe; sphinx.exe; ccapp.exe; pfw.exe; vsmon.exe;
avguard.exe; avconsol.exe; ashdisp.exe; vsserv.exe; navapsvc.exe;
kvwsc.exe; ravmond.exe; kav32.exe; nod32.exe; avp.exe
Processes with one of the following strings are terminated:
• rsing fireware; kav fire; SPHINX; FIREWARE ND; FIREWARE TW; ZoneAlarm;
AVIRA; McAfee VirusScan; AVAST; BitDefender; Norton; Jiangming;
Rising; DUBA; NOD32; Kaspersky Lab;
Stealing
It tries to steal the following information:
– A logging routine is started after one of the following websites are visited:
• grunt.wowchina.com
• kr.version.worldofwarcraft.com
• kr.logon.worldofwarcraft.com
• us.version.worldofwarcraft.com
• us.logon.worldofwarcraft.com
• tw.version.worldofwarcraft.com
• tw.logon.worldofwarcraft.com
• eu.version.worldofwarcraft.com
• eu.logon.worldofwarcraft.com
• cox.net
• aol.com
• comcast.net
• live.com
• google.com
• yahoo.com
• web.de
– It captures:
• Login information
File details
Programming language:
The malware program was written in MS Visual C++.
Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.
See a brief description
here
.
Description inserted by Thomas Wegele on Tue, 23 Dec 2008 12:48 (GMT+1)
Description updated by Thomas Wegele on Tue, 23 Dec 2008 12:58 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
TR/Crypt.XPACK.Gen
HEUR/HTML.Malware
HTML/Infected.WebPage.Gen
ADSPY/AdSpy.Gen
HTML/Crypted.Gen
W32/Induc.Gen
TR/ATRAPS.Gen2
TR/Click.Yabector.8857.2
TR/PSW.Magania.auv
TR/Dldr.Bredolab.AX
Get comfortable up to the minute info from Avira as
Detects and removes distinct malware and its variants.
Download here
Click
here
to get the panel...
© 2009 Avira GmbH
Copyright
|
Privacy
|
Sitemap
|
Feedback
|
Imprint
|
FAQ
|
Contact
Virus Info TR/Thief.Wow.dom
Print this page
.gif)
