Works on: Windows 10 | Windows 8.1 | Windows 8 | Windows 7 | Windows 2012 SHA1 Hash: ed38e39e78017a5a614a0f2559ab0d7135b7639d Size: 393.22 KB File Format: exe
Rating: 1.956521739
out of 5
based on 23 user ratings
Downloads: 1286 License: Free
Trojan.PWS.OnlineGames.KBVT Remover is a free software by Bitdefender LLC and works on Windows 10, Windows 8.1, Windows 8, Windows 7, Windows 2012.
You can download Trojan.PWS.OnlineGames.KBVT Remover which is 393.22 KB in size and belongs to the software category Removal Tools. Trojan.PWS.OnlineGames.KBVT Remover was released on 2010-07-29 and last updated on our database on 2017-02-27 and is currently at version 1.
Thank you for downloading from SoftPaz! Your download should start any moment now. It would be great if you could rate and share:
Rate this software:
Share in your network:
Trojan.PWS.OnlineGames.KBVT Remover Description
Trojan.PWS.OnlineGames.KBVT Remover is a simple command-line tool designed to help you get rid of the virus infection in no time.
This is another onlinegames password stealer. When first run the malware will perform the following actions:
- make a hidden copy of itself in %System% folder under olhrwef.exe and create the following registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Name: cdoosoft
Value: "%System%\olhrwef.exe
in order for this copy to be run at every system startup
- drop a hidden .dll file named nmdfgds0.dll or nmdfgds1.dll in %System% folder - this is the component responsible for password stealing. It will be injected in all running processes and will monitor mouse gestures and keystrokes. some of the targeted online games are: MapleStory, Age Of Conan, Rohan, The Lord OF The Rings, Knight Online, Lands Of Aden and others.
- create a hidden autorun.inf file on each drive which points to a hidden copy of the malware found in %drive_letter%\1ogf.exe used to spread itself via removable drives
- drop a driver file named klif.sys in %dirvers% folder and create the following registry key in order for this driver to be loaded as a service at every system startup
HKEY_LOCAL_MACHINE\Software\CurrentControlSet\Services\KAVSys
Type: 0x1
ErrorControl: 0x1
Start: 0x1
ImagePath: %drivers%\klif.sys
This driver file, along with another .dll file named ANTIVM.dll, will be used to disable the update for different antivirus software or to stop processes that may be used to monitor running programs behaviour (in order to make analysis more difficult).
- it will also add the following modifications to registry settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\
CheckedValue = 0x00000000
so that the user wont be able to see hidden files and folders in explorer while browsing the file system.
- it will download the following file http://[removed]uw2..com/xmfx/help1.rar and save it in %temp% folder (when this description was made the file wasnt available anymore)
Software
Games
Themes
Wallpapers
DLL
Windows 7 and above
View Screenshots(1)
Comments
Download
Similar Software
Recently Searched
Software Categories
Trending Software
Like Us
