Name: Trojan.PSW.Win32.GameOL.mku
Warning level: Dangerous
Detection Date: Mar 12, 2008
Description Date: Mar 14, 2008
Behavior: Worm
Affected System: Windows XP/NT/Server 2003/2000
Spreading: Medium
Damage: Low
Effected RISING: 20.35.30
Technical Details:
It is a virus which steals game password information. After startup, the virus will release virus file: ayTQQTQQ1011.exe and ayTQQTQQ1011.dll to System32 directory, and add the following information to startup with system:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
"{a053a327-55ba-4f8b-82c7-e445faf8df1e}" = AYTQQTQQ1011.DLL
The virus will drop dynamic library into Explorer.exe process, and search game process, if there is a game process, it will drop itself into it, and record the account information and password, then, send to an appointed website.
After finishing stealing game account information, the virus will delete itself by own.
Anti-virus experts suggest that computer users take the following measures to protect against this virus:
1. Install Rising Anti-virus, personal firewall, update in time, and at least 3 times per day for updating Rising.
2. Use Rising Vulnerability Check, patch your computer system in a timely manner as many viruses spread by taking advantage of the system exploits or vulnerabilities.
3. Do not browse suspicious websites, and suspicious inserter; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open auto-protect and auto-monitor function when accessing to the internet.
6. Put your account information of networks bank, networks game, QQ etc, into Rising Application Protection, Rising Application Protection can protect specified applications from attack by malicious programs. A user can apply rules to game software, instant messenger, etc. to customize protection.
