W32/Frethog
Threat risk
|
Detection files published:
October 27, 2008 |
Description created:
2010-04-16 |
Description updated:
2010-04-16 |
|
Alias:
PWS:Win32/Frethog (Microsoft), W32/Frethog (Sophos), Trojan.PSW.Frethog (McAfee),TSPY_FRETHOG (TrendMicro) |
Spreading mechanism
IRC, Other, Webpage | |
|
Payload:
Steal information | ||
Summary
W32/Frethog is an information stealing trojan, which specifically steals information related to online games and sends it to the remote server
Spreading description
On execution, W32/Frethog malware creates a copy of itself with a random name under the %WINDIR% or %SYSTEM% or %TEMP% folders, dependent on the variant. It creates .dll files with random names under the %SYSTEM% folder, which is then injected into the legitimate Windows process explorer.exe. The code checks whether any online games like World of Warcraft, Gamania etc. is running on the infected system. It uses different runtime packers to reduce detection rate. It also creates a value, which varies dependent on the variant, under the key “RUN” in order to execute the spy on every startup of Windows. Some variants of W32/Frethog may create autorun.inf file in order to execute the malware whenever the drive is viewed.
The payload differs dependent on the variant of the W32/Frethog.
Removal
Norman’s antivirus products are in general able to remove all malicious software that is detected.
Some malware variants, however, use techniques that the general product does not remove sufficiently. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below if your Norman antivirus is unable to clean the infection.
http://www.norman.com/support/support_tools/58732/en
General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Utilisation | Titre | Commentaire |
|---|---|---|
| Stopper la propagation des virus sur les partages réseau | ||
| Cleaning of back-up folders on Windows Me and XP |
