cubie
2007-08-08, 05:04
Hello, the latest August update includes win32.onlinegames as a psw-trojan. The scan reports four library files, all which are Hewitt-Packard printer application extensions. Other scanners do not reveal anything and manuel inspection via Symantec removal show nothing. The reported files at Kaspersky are found in %TEMP% as: Winlog0n.exe; LgSy0.dll; Kavs0.dll. The SpyBot Report:
--- Report generated: 2007-08-06 20:36 ---
Win32.OnLineGames: Library (File, nothing done)
C:\WINDOWS\SYSTEM\hpomon01.dll
Win32.OnLineGames: Library (File, nothing done)
C:\WINDOWS\SYSTEM\hpo24r01.dll
Win32.OnLineGames: Library (File, nothing done)
C:\WINDOWS\SYSTEM\hpothk16.dll
Win32.OnLineGames: Library (File, nothing done)
C:\WINDOWS\SYSTEM\hpodcx01.dll
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2006-12-18 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 Update.exe (1.4.0.0)
2006-11-24 TeaTimer.exe (1.5.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-05-31 SDHELPER.DLL (1.4.0.0)
2005-05-31 aports.dll (2.1.0.0)
2003-03-16 Includes\Temporary.sbi (*)
2007-08-01 Includes\Cookies.sbi (*)
2007-08-01 Includes\Revision.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2003-03-16 Includes\plugin-ignore.ini
2005-02-17 Includes\Tracks.uti
2007-05-30 Includes\Security.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-01 Includes\Trojans.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-08-01 Includes\TrojansC.sbi (*)
2007-08-01 Includes\SpybotsC.sbi (*)
2007-08-01 Includes\SecurityC.sbi (*)
2007-08-01 Includes\PUPSC.sbi (*)
2007-08-01 Includes\MalwareC.sbi (*)
2007-08-01 Includes\KeyloggersC.sbi (*)
2007-08-01 Includes\HijackersC.sbi (*)
2007-08-01 Includes\DialerC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
tia
--- Report generated: 2007-08-06 20:36 ---
Win32.OnLineGames: Library (File, nothing done)
C:\WINDOWS\SYSTEM\hpomon01.dll
Win32.OnLineGames: Library (File, nothing done)
C:\WINDOWS\SYSTEM\hpo24r01.dll
Win32.OnLineGames: Library (File, nothing done)
C:\WINDOWS\SYSTEM\hpothk16.dll
Win32.OnLineGames: Library (File, nothing done)
C:\WINDOWS\SYSTEM\hpodcx01.dll
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2006-12-18 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 Update.exe (1.4.0.0)
2006-11-24 TeaTimer.exe (1.5.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-05-31 SDHELPER.DLL (1.4.0.0)
2005-05-31 aports.dll (2.1.0.0)
2003-03-16 Includes\Temporary.sbi (*)
2007-08-01 Includes\Cookies.sbi (*)
2007-08-01 Includes\Revision.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2003-03-16 Includes\plugin-ignore.ini
2005-02-17 Includes\Tracks.uti
2007-05-30 Includes\Security.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-01 Includes\Trojans.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-08-01 Includes\TrojansC.sbi (*)
2007-08-01 Includes\SpybotsC.sbi (*)
2007-08-01 Includes\SecurityC.sbi (*)
2007-08-01 Includes\PUPSC.sbi (*)
2007-08-01 Includes\MalwareC.sbi (*)
2007-08-01 Includes\KeyloggersC.sbi (*)
2007-08-01 Includes\HijackersC.sbi (*)
2007-08-01 Includes\DialerC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
tia