| Antivirus | Spyware & Adware removal | Registry Cleaner | Windows updates | Web Protection |

    ¤ Solutions
 »  Security Main Page
 »  Virus Removal
 »  Spywares Removal
 »  Trojans Removal
 »  Our Forums
 »  Our Blogs
    ¤ Populer Threads
 »  Remove fake Antivirus
 »  Rmov SpywareGuard 2008
 »  Remove Sinowal trojan
 »  Remove Virtumonde
 »  Remove Vundo troajn
 »  Google Search redirect
 »  Trojan Downloader
 »  Trojan Dropper
 »  Trojan Generic
 »  Worm32 NetBooster
 »  Zlob trojan removal
 »  Generic Host Proccess
 »  Remove Winweb Security
 »  Virus Trigger Removal
 »  Spyware CyberLog-x
 »  Cookies - 207.net
 »  AdWare.Adrotator
 »  See Other virus removal
    ¤ Tweaks
 »  Proxy Sites
 »  Computer & Internet
 »  Folder Lock
 »  Hack Windows Admin
 »  Windows Utilities - Tips

    ¤ Downloads
 »  Super Anti Spyware
 »  MalwareBytes
 »  Threat Fire
 »  Anti Viruses
 »  Firewalls
 »  Registry Cleaners
 »  See all Downloads

 
Remove Trojan win32 Ferthog

Summary
Win32/Frethog is a large family of password-stealing trojans that target confidential data, such as account information, from Massive Multiplayer Online Games (such as World of Warcraft, for example).

Symptoms
There are no obvious symptoms that indicate the presence of this trojan on an affected system.



Technical Information
Win32/Frethog is a large family of password-stealing trojans that target confidential data, such as account information, from Massive Multiplayer Online Games (such as World of Warcraft, for example). Some variants of Win32/Frethog are also able to spread via mapped drives by utilizing an autorun file.
Installation
Win32/Frethog is a large family and variants may install themselves using different file paths and file names.

When executed, Win32/Frethog drops a dll with a randomly generated file name and injects it into explorer.exe.

The dropper may then modify the following registry entries in order to execute itself at each Windows start:
HKEY_CURRENT_USER\SoftWare\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SoftWare\Microsoft\Windows\CurrentVersion\Run
which packer is used. This driver is detected as either VirTool:WinNT/Vanti.A or VirTool:WinNT/Vanti.B. The above mentioned dlls may also be written to the %temp% directory when these packers are used.
Spreads Via...
Mapped Drives
Some variants of Win32/Frethog are also able to spread via mapped drives by utilizing an autorun file. TWin32/Frethog may enumerate drives from C- Z, copying itself to the root of the drive, and creating an 'autorun.inf' file. The autorun.inf is used to execute the worm whenever the drive is viewed with Windows Explorer.

Payload
Modifies System Security Settings

The dropper attempts to circumvent security products by:
Attempting to prevent AVP Antivirus from displaying notifications regarding system changes by closing windows used by this product.
Attempting to terminate Ravmon.exe if it is found to be running on the affected system.

Steals Online Game Data
The dll, once injected, can obtain account information for one or more of the following Massively Multiplayer Online Games and affiliated products:
Rainbow Island
Cabal Online
A Chinese Odyssey
Hao Fang Battle Net
Lineage
Gamania
MapleStory
qqgame
Legend of Mir
World Of Warcraft

The captured details are sent to a remote server.

This Malious Software can be removed using MICROSOFT MALICIOUS SOFTWARE REMOVAL TOOL

download microsoft malicious software removal tool



Custom Search

 

 
 
eXTReMe Tracker
Anti Virus - Spyware Removal - Trojan Removal - Registry Repair

         About DARFUN INC © Copyright darfuns.com
                 DARFUN CORPORATION. 2004 est