TSPY_GAMEONLI.X
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Spyware
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It deletes the initially executed copy of itself.
TECHNICAL DETAILS
32,672 bytes
EXE
No
28 Oct 2011
Arrival Details
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This spyware drops the following copies of itself into the affected system:
- %Windows%\8987\521.exe
(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)
It creates the following folders:
- %Windows%\8987
(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)
Other System Modifications
This spyware adds the following registry keys:
HKEY_CURRENT_USER\Software\998
HKEY_LOCAL_MACHINE\SOFTWARE\998
Other Details
This spyware deletes the initially executed copy of itself