high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 3 November 2005 21:34:45 (GMT) |
| Last updated | 27 January 2006 03:13:48 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/WowPWS-A is a password stealing Trojan for the Windows platform.
Troj/WowPWS-A targets the online game World of Warcraft, and attempts to steal
account details.
Troj/WowPWS-A is a password stealing Trojan for the Windows platform.
Troj/WowPWS-A targets the online game World of Warcraft, and attempts to steal
account details.
When first run Troj/WowPWS-A copies itself to the following locations:
<Windows folder>\smss.exe
<Windows folder>\finder.com
<Windows folder>\explorer.com
<Windows folder>\exeroute.exe
<Windows folder>\1.com
<Windows system folder>\msconfig.com
<Windows system folder>\rundll32.com
<Windows system folder>\command.pif
<Windows system folder>\dxdiag.com
<Windows system folder>\regedit.com
<Windows system folder>\finder.com
<Windows folder>Debug\DebugProgram.exe
<Program Files>\Internet Explorer\iexplor.com
<Program Files>\Common Files\iexplore.pif
Troj/WowPWS-A sets the following registry entries to start the various copies of itself:
HKCR\winfiles\Shell\Open\Command
<Windows folder>\exeroute.exe "%1" %*
HKLM\SOFTWARE\Clients\StartMenuInternet\iexplore.pif
LocalizedString
iexplore
HKLM\SOFTWARE\Clients\StartMenuInternet\iexplore.pif\shell\open\command
<Program Files>\Common Files\iexplore.pif
HKLM\SOFTWARE\Windows\CurrentVersion\Run
Torjan Program
<Windows folder>\smss.exe
|
