Trojan.PWS.OnlineGames.KBVT Remover crack/serial/keygen

Trojan.PWS.OnlineGames.KBVT Remover is a simple command-line tool designed to help you get rid of the virus infection in no time.

This is another onlinegames password stealer. When first run the malware will perform the following actions:

Download Trojan.PWS.OnlineGames.KBVT Remover Crack

Software company
Rank 4.6
407 4.6
Crack size ~ 500KB
Downloads total 4581
Systems Win All

- make a hidden copy of itself in %System% folder under olhrwef.exe and create the following registry key

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun

Name: cdoosoft

Value: "%System%olhrwef.exe

in order for this copy to be run at every system startup

- drop a hidden .dll file named nmdfgds0.dll or nmdfgds1.dll in %System% folder - this is the component responsible for password stealing. It will be injected in all running processes and will monitor mouse gestures and keystrokes. some of the targeted online games are: MapleStory, Age Of Conan, Rohan, The Lord OF The Rings, Knight Online, Lands Of Aden and others.

- create a hidden autorun.inf file on each drive which points to a hidden copy of the malware found in %drive_letter%1ogf.exe used to spread itself via removable drives

- drop a driver file named klif.sys in %dirvers% folder and create the following registry key in order for this driver to be loaded as a service at every system startup

HKEY_LOCAL_MACHINESoftwareCurrentControlSetServicesKAVSys

Type: 0x1

ErrorControl: 0x1

Start: 0x1

ImagePath: %drivers%klif.sys

This driver file, along with another .dll file named ANTIVM.dll, will be used to disable the update for different antivirus software or to stop processes that may be used to monitor running programs behaviour (in order to make analysis more difficult).

- it will also add the following modifications to registry settings

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL

CheckedValue = 0x00000000

so that the user won't be able to see hidden files and folders in explorer while browsing the file system.

- it will download the following file http://[removed]uw2..com/xmfx/help1.rar and save it in %temp% folder (when this description was made the file wasn't available anymore)

Comments

Ivan, 29 July 2018

thanks for the patch for Trojan.PWS.OnlineGames.KBVT Remover

Marco, 29 January 2018

спасибо, работает)

Fred, 01 December 2017

Merci beaucoup!

Leave a comment

Your email will not be published. * Required