Win32 PSW.OnLineGames : Gamers Beware!

PreciousJohnDoe
Categories : Smb security ,Computing
Tags : Computing smb security topics network security

Page content

Description

Win32 PSW.OnLineGames is a deadly virus that replicates itself and like other viruses, spreads from one computer system to another carrying a payload of destruction. In this manner, PSW.OnLineGames virus can infect several computers within few minutes. However, this virus is more concerned with gamers around the world stealing their confidential and other financial credentials and gain access to their accounts.

Risk Assessment

Home Users – LOW

Corporate Users – LOW

Virus Characteristics

Filename: Unknown

Detection: PSW.OnLineGames.ex

Length: 23 Kb

Activity

It determines the number of processes running on a computer system and uses the memory of other processes. In this manner, with shared memory access it is easy for the virus to run its code with other processes running in the system.

Common Detection Names

Microsoft - PWS:Win32/Lolyda.Y

Kaspersky - Worm.Win32.Downloader.aay

Sophos - Mal/PWS-W

Symantec - Infostealer.Gampass

Eset - Win32/PSW.OnLineGames.NMY Trojan

How it Works

Win32 PSW.OnLineGames is a very smart virus that uses shared memory access to infect a computer system. Along with the symptoms mentioned above, it does make some changes in the system registry and also adds certain files to the windows directory, system directory and program files directory.

To detect the presence of this virus on your computer, you can check the User_Name/Local Settings/Temp folder. Here, you can find an executable file that has a combination of numbers and alphabets in its name.

It also adds iknbnmcc.dll to the system directory of the windows folder, i.e. windows/system32. Another symptom is a change in system registry where an existing entry’s value is replaced with a new value.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\shellserviceobjectdelayload\247b76cc = {247b76cc-4c60-4d57-bc43-9fad5f7214ff}

Along with a change in the registry, it adds a new entry to register the iknbnmcc.dll file copied to the windows/system32 folder.

How it Spreads

Win32 PSW.OnLineGames virus is often transmitted to other computer systems via network transmission, USB drives, CD, DVD, and other removable media. A computer system infected by Win32 PSW.OnLineGames and connected to a network will allow the virus to replicate itself quickly and spread on other computers sharing the infected file.

Removal Instructions

In order to remove Win32 PSW.OnLineGames virus, I recommend using Eset NOD32 and McAfee antivirus software. Before performing a complete scan, make sure that you delete all the temporary files or run a disk cleanup to remove useless files.

In Windows, restore point is created automatically. So, if your system is infected with Win32 PSW.OnLineGames virus, then restoring the systems to a previous state will have no effect. Therefore, you should disable the system restore feature of your windows whenever a virus is detected.