Troj/WowPWS-A is a password stealing Trojan for the Windows platform.
Troj/WowPWS-A targets the online game World of Warcraft, and attempts to steal
account details.
Troj/WowPWS-A is a password stealing Trojan for the Windows platform.
Troj/WowPWS-A targets the online game World of Warcraft, and attempts to steal
account details.
When first run Troj/WowPWS-A copies itself to the following locations:
<Windows folder>\smss.exe
<Windows folder>\finder.com
<Windows folder>\explorer.com
<Windows folder>\exeroute.exe
<Windows folder>\1.com
<Windows system folder>\msconfig.com
<Windows system folder>\rundll32.com
<Windows system folder>\command.pif
<Windows system folder>\dxdiag.com
<Windows system folder>\regedit.com
<Windows system folder>\finder.com
<Windows folder>Debug\DebugProgram.exe
<Program Files>\Internet Explorer\iexplor.com
<Program Files>\Common Files\iexplore.pif
Troj/WowPWS-A sets the following registry entries to start the various copies of itself:
HKCR\winfiles\Shell\Open\Command
<Windows folder>\exeroute.exe "%1" %*
HKLM\SOFTWARE\Clients\StartMenuInternet\iexplore.pif
LocalizedString
iexplore
HKLM\SOFTWARE\Clients\StartMenuInternet\iexplore.pif\shell\open\command
<Program Files>\Common Files\iexplore.pif
HKLM\SOFTWARE\Windows\CurrentVersion\Run
Torjan Program
<Windows folder>\smss.exe