Before playing online games, players are reminded to install a firewall and anti-trojan antivirus monitoring software. Below are the latest trojan viruses that have recently appeared:
Virus Name: Trojan/PSW.OnLineGames.deh
Chinese Name: "Online Game Thief" variant deh
Virus Length: 27656 bytes
Virus Type: Trojan
Damage Level:
Affected Platforms: Win 9X/ME/NT/2000/XP/2003
"Online Game Thief" variant deh is one of the latest members of the "Online Game Thief" Trojan family, written in VC++ 6.0. After running, it deletes the files "iexplorer.exe" and "zxzo0.dll" in the temporary folder, then releases two virus files with the names "iexplorer.exe" and "zxzo0.dll" in that folder. It self-injects into the "explorer.exe" process, hides itself, and prevents detection. It modifies the registry to enable automatic startup upon booting. In the background, it secretly steals private information such as the player's game account, password, and money amount on infected computers, then sends this information to a hacker-designated server, causing economic losses for the player.
Virus Name: Trojan/PSW.Maran.in
Chinese Name: "Ant Case Thief" variant in
Virus Length: 108769 bytes
Virus Type: Trojan
Harm Level:
Affected Platforms: Win 9X/ME/NT/2000/XP/2003
"Ant Case Thief" variant in is a Trojan program specifically designed to steal account, password, and equipment information from online gamers, written in Delphi 6.0-7.0, and packed. After running, it releases a virus file in a specified directory and modifies the creation date of the file to disguise itself from being discovered by users. It modifies the registry to achieve automatic startup upon booting. It injects the virus file into the "SERVICES.EXE" system process, hiding itself and preventing detection. It terminates security-related processes, lowering the security settings on the infected computer. It records user keyboard operations, stealing secret information such as account and password for online games like "Ragnarok," "MapleStory," etc., then sends this information to a hacker-designated site.
Virus Name: Trojan/PSW.Jianghu.gv
Chinese Name: "Jianghu" variant gv
Virus Length: 35355 bytes
Virus Type: Trojan
Hazard Level:
Affected Platforms: Win 9X/ME/NT/2000/XP/2003
"Jianghu" variant gv is one of the latest members of the "Jianghu" Trojan family, written in Delphi 6.0-7.0, and packed. After running, it releases a .dll virus file in a specified directory. It automatically detects if the infected computer has installed the "Riverside Heroes" online game, and once detected, it modifies the registry to enable automatic startup of the Trojan upon booting. It self-loads into the "Explorer.exe" process, hiding itself and guarding against detection. It steals player game information from "Riverside Heroes," including server name, game account, game password, character name, profession, weapon name, equipment name, level, etc., and sends this information to a hacker-designated server, causing losses for the player.
Virus Name: Trojan/PSW.Lineage.ekh
Chinese Name: "Paradise Killer" variant ekh
Virus Length: 13312 bytes
Virus Type: Trojan
Danger Level:
Affected Platforms: Win 9X/ME/NT/2000/XP/2003
"Paradise Killer" variant ekh is a Trojan specifically designed to steal account and password information from online gamers, written in MASM32 assembly language and packed. After running, it self-replicates to a specified directory on the infected computer and modifies the creation date of the virus file to disguise itself. It steals private information such as account and password for the online game "Huaxia II" and sends this information to a hacker-designated server in the background. Additionally, "Paradise Killer" variant ekh can evade certain antivirus software registry monitoring to prevent detection.
Virus Name: Trojan/PSW.GamePass.sjk
Chinese Name: "Online Game Thief" variant sjk
Virus Length: 14480 bytes
Virus Type: Trojan
Harm Level:
Affected Platforms: Win 9X/ME/NT/2000/XP/2003
"Online Game Thief" variant sjk is a Trojan chat website specifically designed to steal account and password information from players of the online game "Tales of the West II," written in VC++ 6.0. After running, it self-replicates to the Windows directory. It modifies the registry to achieve automatic startup upon booting. It loads the virus file into many system processes, hiding itself. It connects to a specified site and downloads other malicious programs onto the infected computer. It secretly monitors window titles opened by the user in the background. Once it detects the user logging into the online game "Tales of the West II," it steals private information such as account details and sends this information to a hacker-designated server in the background, causing losses for the player. Additionally, "Online Game Thief" variant sjk has the ability to evade some antivirus software, significantly lowering the security settings on the infected computer.
Virus Name: Trojan/PSW.OnLineGames.dfg
Chinese Name: "Online Game Thief" variant dfg
Virus Length: 35897 bytes
Virus Type: Trojan
Harm Level:
Affected Platforms: Win 9X/ME/NT/2000/XP/2003
"Online Game Thief" variant dfg is one of the latest members of the "Online Game Thief" Trojan family, written in Delphi 6.0-7.0 and packed. After running, it self-replicates to the Windows directory, sets the virus file attributes to "Hidden, Archive," and modifies the creation date of the virus file to disguise itself and prevent discovery. It modifies the registry to enable automatic startup of the Trojan upon booting. It loads the virus file into "explorer.exe," hiding itself and preventing detection. It secretly monitors window titles opened by the user in the background. Once it detects the user logging into the online game "Zhu Xian Online," it steals private information such as account, password, and money amount, and sends this information to a hacker-designated server, causing losses for the player. Additionally, "Online Game Thief" variant dfg can self-update.
News Source: Jiangmin Technology
"Jianghu Thief" variant C (Win32.PSWTroj.YBOnline.c) is a Trojan virus that steals game accounts for the online game "Riverside Heroes."
Virus Characteristics: Recently, new variants of account-stealing viruses have frequently appeared. Please be vigilant, network gamers. It lies dormant in the computer system, ready to inject into the process of the online game "Riverside Heroes." By reading memory, it obtains the game account and password and sends them to the Trojan planter, resulting in the loss of the user's virtual property.
Symptoms: After the virus runs, it releases the virus files kulionrx.exe and kulionrx.dll, steals the game account and password, and sends them to a specified email address.
"Online Game Sniper" (Win32.PSWTroj.QQShou.123058.0B24E09B) is a Trojan virus that steals QQ accounts and multiple popular online game accounts.
Virus Characteristics: This virus is an expert at stealing accounts. Besides monitoring QQ websites and waiting to steal QQ email, QQ game accounts, and passwords, it also monitors whether there are specific online game processes. If they exist, it steals the game account and password, causing the loss of the user's online personal property. Moreover, it can terminate the QQ security check process, allowing it to evade capture.
Symptoms: After the virus runs, it releases multiple virus files such as isignup.dll, modifies the registry, adds startup items, monitors multiple sites like hxxp://account.qq.com/cgi-bin/DNA_Setup_pps, and stops multiple protection processes like QQS013TP.exe.
"Miracle Thief" variant Y (Win32.PSWTroj.AskTao.y) is a Trojan virus that steals game accounts for the online game "Miracle World."
Virus Characteristics: This virus is also an online game account thief. It lies dormant in the computer system, ready to inject into the game process of "Miracle World." By reading memory, it obtains the game account and password and sends them to the Trojan planter, resulting in the loss of the user's virtual property. Additionally, it can turn off the built-in Windows firewall.
Symptoms: After the virus runs, it releases the virus file Kvsc3.dll, modifies the registry, and achieves automatic startup upon booting. It searches for and injects into the sungame.exe game process to achieve the purpose of stealing accounts.
"Horse" variant MA (Win32.Troj.Qhost.ma) is a Trojan virus that steals multiple popular online game player accounts.
Virus Characteristics: This new variant of the virus is an expert at stealing accounts. It releases numerous DLL virus files, hiding in the computer's system processes, ready to obtain specific online game processes and configuration files such as "Perfect World," "Audition," and "Legend Online." Through memory read/write, it steals the game account and password and sends them to the Trojan planter, resulting in the loss of the user's virtual property.
Symptoms: After the virus runs, it releases numerous dll files of the same size in the %sys32dir% directory, searches for and injects into config.ini, serverlist.txt, etc., achieving the purpose of stealing accounts.
"Journey to the West Thief" variant UP (Win32.PSWTroj.OnlineGames.up) is a Trojan virus that steals player accounts for the online game "Tales of the West II."
Virus Characteristics: Recently, online game account-stealing viruses have continued to appear. Please take preventive measures seriously, players. This virus is an online game thief. It lies dormant in the computer system, searching and waiting to inject into the process of the online game "Tales of the West II." It creates information hooks, steals the game account and password, and sends them to the Trojan planter, resulting in the loss of the user's virtual property. Additionally, it can disable the built-in Windows firewall, reducing the computer's security performance.
Symptoms: After the virus runs, it releases the virus file dhapri.dll, modifies the registry, and achieves automatic startup upon booting and enables Windows automatic updates.
"Online Game Sniper" variant YA (Win32.PSWTroj.OnLineGames.YA) is a Trojan virus that steals multiple popular online game player accounts.
Virus Characteristics: Recently, online game account-stealing viruses have continued to appear. Please take preventive measures seriously, players. This virus is also an expert at stealing accounts. It lies dormant in the computer system, searching and waiting to inject into multiple popular online games' processes such as "Perfect World," "Saga," and "Rainbow Island." Through memory read/write, it steals the game account and password and sends them to the Trojan planter, resulting in the loss of the user's virtual property. Additionally, it can terminate some antivirus software monitoring processes, reducing the computer's security performance.
Symptoms: After the virus runs, it releases multiple virus files such as upxdnd.dll, modifies the registry, and achieves automatic startup upon booting. It steals valid information such as online game accounts and sends them to sites like hxxp://www.2*v*d.com/zt/**t.php?...
Information Source: Kingsoft Antivirus Official Website
"Online Game Trojan Variant DGB (Trojan.PSW.Win32.OnlineGames.dgb)" Virus: Caution level, Trojan virus, spreads through malicious web pages, other viruses downloading, U drives, etc., dependent system: WIN9X/NT/2000/XP.
After the virus runs, it releases files to the Windows directory, with filenames like "msvcrt.bak," "msvcrt.dll," etc., and adds startup items in the registry to achieve automatic startup with the system. Regular users find it difficult to manually remove this virus. The virus copies itself to the root directories of all hard drive partitions, with the filename "Ghost.pif," attempting to spread through USB drives, portable hard drives, and other mobile storage devices. The virus searches for installed antivirus software on the local machine and generates junk files to interfere with their operation, posing a threat to the user's computer security. Simultaneously, the virus modifies the local hosts file, causing some websites to be inaccessible.
"Internet Banking Spy Variant CIY (Trojan.Spy.Win32.Banker.ciy)" Virus: Caution level, spyware, spreads through networks, dependent system: WIN9X/NT/2000/XP.
After the virus runs, it releases a DLL file and injects this file into other processes using message hooks. It checks if the user logs into the online personal banking system and attempts to steal the user's account and password, causing significant economic losses. The virus also automatically terminates some common antivirus software processes, making these software unable to function normally, thus making the user's computer more vulnerable to attacks from other viruses.
Information Source: Rising Antivirus