Threat Information for "Trojan.PWS.Gamania.4009"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: Trojan.PWS.Gamania.4009
  • Aliases:
  • Date Discovered: 2008-03-04
  • Protection Added: 2008-03-12
Description Top 
-- Ease of Removal

1: Creates new registry entries with consistent data
2: Consistent file contents
3: Consistently named
4: Uses running processes
5: Uses redundant/watcher processes
6: Injects DLLs into running processes

-- Privacy Risks/Security Changes

1: Mimics legitimate file names
2: Logs keystrokes

-- Damage/Intrusion/Annoyance

1: Creates new files

-- Propagation/Saturation

1: Spreads through Peer-2-Peer software
Technical Details Top
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\jhbpri.dll
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\jhbini.dll
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\verclsid.exe
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\jhbins.exe
  • Added Registry Key:
    Key: HKCR\CLSID\{352D2432-37A2-324F-2A54-21BF5CF2F1A3}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{352D2432-37A2-324F-2A54-21BF5CF2F1A3}