Are you an addicted gamer & facing problems running games on your computer? If yes, then you need to protect your computer system from the attack of Win32 PSW.OnLineGames virus before it steals your personal and financial information. This is one of the most deadly viruses of 2011. Read more…
Description
Win32 PSW.OnLineGames is a deadly virus that replicates itself and like other viruses, spreads from one computer system to another carrying a payload of destruction. In this manner, PSW.OnLineGames virus can infect several computers within few minutes. However, this virus is more concerned with gamers around the world stealing their confidential and other financial credentials and gain access to their accounts.
Risk Assessment
Home Users – LOW
Corporate Users – LOW
Virus Characteristics
Filename: Unknown
Detection: PSW.OnLineGames.ex
Length: 23 Kb
Activity
It determines the number of processes running on a computer system and uses the memory of other processes. In this manner, with shared memory access it is easy for the virus to run its code with other processes running in the system.
Common Detection Names
Microsoft - PWS:Win32/Lolyda.Y
Kaspersky - Worm.Win32.Downloader.aay
Sophos - Mal/PWS-W
Symantec - Infostealer.Gampass
Eset - Win32/PSW.OnLineGames.NMY Trojan
How it Works
Win32 PSW.OnLineGames is a very smart virus that uses shared memory access to infect a computer system. Along with the symptoms mentioned above, it does make some changes in the system registry and also adds certain files to the windows directory, system directory and program files directory.
To detect the presence of this virus on your computer, you can check the User_Name/Local Settings/Temp folder. Here, you can find an executable file that has a combination of numbers and alphabets in its name.
It also adds iknbnmcc.dll to the system directory of the windows folder, i.e. windows/system32. Another symptom is a change in system registry where an existing entry’s value is replaced with a new value.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\shellserviceobjectdelayload\247b76cc = {247b76cc-4c60-4d57-bc43-9fad5f7214ff}
Along with a change in the registry, it adds a new entry to register the iknbnmcc.dll file copied to the windows/system32 folder.
How it Spreads
Win32 PSW.OnLineGames virus is often transmitted to other computer systems via network transmission, USB drives, CD, DVD, and other removable media. A computer system infected by Win32 PSW.OnLineGames and connected to a network will allow the virus to replicate itself quickly and spread on other computers sharing the infected file.
Removal Instructions
In order to remove Win32 PSW.OnLineGames virus, I recommend using Eset NOD32 and McAfee antivirus software. Before performing a complete scan, make sure that you delete all the temporary files or run a disk cleanup to remove useless files.
In Windows, restore point is created automatically. So, if your system is infected with Win32 PSW.OnLineGames virus, then restoring the systems to a previous state will have no effect. Therefore, you should disable the system restore feature of your windows whenever a virus is detected.
