Threat Information for "Trojan.PWS.Wsgame.1872"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: Trojan.PWS.Wsgame.1872
  • Aliases:
  • Date Discovered: 2008-01-16
  • Protection Added: 2008-02-12
Description Top 
-- Ease of Removal

1: Creates new registry entries with consistent data
2: Consistent file contents
3: Consistently named
4: Uses running processes

-- Privacy Risks/Security Changes

1: Logs keystrokes

-- Damage/Intrusion/Annoyance

1: Creates new files

-- Propagation/Saturation

1: Spreads through Peer-2-Peer software
Technical Details Top
  • Added Directory/File:
    FilePath: %TEMPDIR%\lese.exe
  • Added Directory/File:
    FilePath: %WINDIR%\APPLOG\LESE.LGC
  • Added Directory/File:
    FilePath: %WINDIR%\mppds.exe*
  • Added Directory/File:
    FilePath: %USERDESKTOP%\lese.exe*
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\mppds.dll*
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %WINDIR%\mppds.exe