Spyware.OnlineGames
Spyware.OnlineGames is a computer virus which comes armed with spyware capabilities. Spyware.OnlineGames has the ability to record keystrokes, download malicious files from the Internet and populate the system registry with malicious entries. Spyware.OnlineGames may open up a backdoor for corrupt files and data to be stored on the infected system, making valuable information vulnerable to theft. Spyware.OnlineGames can run in the background which makes it appear harmless when it loads-up undetected. Spyware.OnlineGames should be removed using a reliable anti-spyware program once it has been detected.
File System Modifications
- The following files were created in the system:
# File Name 1 C:\Documents and Settings\[user]\Local Settings\Temp\03.cab 2 C:\Documents and Settings\[user]\Local Settings\Temp\23.cab 3 C:\Documents and Settings\[user]\Local Settings\Temp\24.cab 4 C:\Documents and Settings\[user]\Local Settings\Temporary Internet Files\Content.IE5\85I3GLEJ\03[1].cab 5 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP29\A0038327.ttf 6 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP29\A0039328.ttf 7 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP29\A0039329.sdb 8 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP29\A0039422.sys 9 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP29\A0039442.ttf 10 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP31\A0039509.ttf 11 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP31\A0040509.ttf 12 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP31\A0041509.ttf 13 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP31\A0041513.sys 14 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP31\A0041531.dll 15 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP31\A0041532.ttf 16 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP31\A0041533.sdb 17 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP31\A0041545.dll 18 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP31\A0042760.ttf 19 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP32\A0042863.ttf 20 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP32\A0043854.ttf 21 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP32\A0043893.ttf 22 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP32\A0043950.ttf 23 C:\System Volume Information\_restore{41F3C0EE-8C38-4C01-B6B0-4D388DDB8F47}\RP32\A0043951.sdb 24 C:\WINDOWS\AppPatch\AcXtrnel.sdb 25 C:\WINDOWS\Fonts\Framdee.ttf
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{12b02216-ac3f-42a7-8313-449771237061}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3474a8c2-bef9-46c8-983a-a26a0030ec30}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3721c07-62b3-411a-9dc7-f5f27e3e21ff}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d7c79813-9233-4ae0-832c-99b2e8019673}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{12b02216-ac3f-42a7-8313-449771237061}HKEY_CLASSES_ROOT\CLSID\{b3721c07-62b3-411a-9dc7-f5f27e3e21ff}HKEY_CLASSES_ROOT\CLSID\{d7c79813-9233-4ae0-832c-99b2e8019673}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\5102a80HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\9fd8dbHKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\5102a80HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\9fd8dbHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4901228HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\5102a80HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\9fd8dbKEY_CLASSES_ROOT\CLSID\{3474a8c2-bef9-46c8-983a-a26a0030ec30}
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.