Infostealer.Gampass

Posted: May 6, 2007

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	447

First Seen:	July 24, 2009
Last Seen:	February 18, 2023
OS(es) Affected:	Windows

Infostealer.Gampass is a family of spyware programs that specialize in collecting data for online game accounts, although they also may include other attacks. Infostealer.Gampass account compromises may include the loss of in-game items, which may sell for real-world profit to Infostealer.Gampass's administrators. PC gamers especially should be mindful of common infection vectors for variants of Infostealer.Gampass, which tend to use social engineering tactics targeting gaming communities, specifically. As with all spyware, removing Infostealer.Gampass should use anti-malware tools, after which you can re-secure any compromised data or accounts.

Infostealer.Gampass and the 'Other' Player Controlling Your Character

Infostealer.Gampass, Bloodhound.KillAV or LIneage YI (the latter alias referencing one of the online games targeted) is a group of spyware and Trojans that attack online gaming accounts. Along with stealing login names, passwords and other credentials, Infostealer.Gampass frequently enables unauthorized activities through the compromised accounts, such as trading in-game items or currency. An account compromised by Infostealer.Gampass may be wiped clean of any transferable, digital 'valuables' for trade and conversion to money for the responsible third-party in question.

The Infostealer.Gampass family had its official establishment in 2006, but the popularity of hijacking game accounts has seen to it that new variants of Infostealer.Gampass programs continue in development up to the present day. Some of the most popular means of installing Infostealer.Gampass Trojans that malware researchers may point include:

Infostealer.Gampass may be disguised as a fake key generator or pirated software installer, such as a fake installer for SpectraPLUS audio products. These installers circulate on fake software websites, freeware sites and torrents, in many of the same places as pirated software (and other, similarly illicit downloads).
Other Infostealer.Gampass installers may target gamers for particular online games by disguising themselves as fake add-ons (or 'mods) for applications like World of Warcraft or Lineage II.
Spambots and misrepresented links also may promote concealed Infostealer.Gampass installers in gaming communities and forums.

Getting Your Gaming Safety Back from Infostealer.Gampass

Browser security features and safe Web-surfing habits both are needed to block all of the potential infection vectors for Infostealer.Gampass, which also may be capable of launching attacks not mentioned in this article. By default, a wide range of Trojans with game account-compromising attacks may be placed within the Infostealer.Gampass family, which allows for a variety of diverse payloads, symptoms and potentially incurred damages. In particular, malware experts point out the occasional use of rootkit components, which could let Infostealer.Gampass maintain persistence without any significant signs of a new program's presence.

Infostealer.Gampass has a history of enacting various measures to block its files and other components from being visible regardless of your file-viewing settings. Since Infostealer.Gampass is a potential high-level threat, you should delete Infostealer.Gampass with anti-malware products that are up-to-date for identifying this spyware's latest variants. After disinfecting your PC of Infostealer.Gampass, you also should contact any relevant gaming companies and follow their instructions for re-securing your accounts – and saving any in-game possessions you might have lost.

Aliases

Packer.PESpin [Ikarus]Mal/Packer [Sophos]TR/Agent.3710976 [AntiVir]Gen:Packer.PESpin.A.I7W@aynDsUrO [BitDefender]Trojan.Backdoor-11 [ClamAV]Win32.TRAgent [eSafe]probably a variant of Win32/Spy.Agent.IJPQFES [NOD32]Riskware [K7AntiVirus]Generic.dx!f [McAfee]Trj/Lineage.BZE [Panda]W32/Agent.LTXBUDK!tr [Fortinet]Win32.SuspectCrc [Ikarus]Mal/KeyGen-M [Sophos]Trojan.Packed.593 [DrWeb]UnclassifiedMalware [Comodo]
More aliases (197)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%WINDIR%\system32\itlpfw32.dll

File name: itlpfw32.dll
Size: 215.55 KB (215552 bytes)
MD5: 4ed60abfeed35a673b90d651818250f0
Detection count: 199
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 18, 2011

%WINDIR%\system32\AdminLp.dll

File name: AdminLp.dll
Size: 61.44 KB (61440 bytes)
MD5: 249e70aab278802186302b31f28d0e05
Detection count: 71
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: January 9, 2011

1369347988.dll

File name: 1369347988.dll
Size: 139.26 KB (139264 bytes)
MD5: f9053595b96cb98255730e5854d9e4fe
Detection count: 40
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

C:\Hiren's.BootCD.15.2\XP\XP\I386\System32\keybtray.exe

File name: keybtray.exe
Size: 10.06 KB (10064 bytes)
MD5: b030222345d91c7aa73867bcb5b7a380
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: C:\Hiren's.BootCD.15.2\XP\XP\I386\System32\keybtray.exe
Group: Malware file
Last Updated: December 29, 2022

C:\new Antec\EAZEL\02-Audio (EAZEL)\11-Streaming\20-iRadioNet\42486-42487-iradionet.exe

File name: 42486-42487-iradionet.exe
Size: 485.9 KB (485908 bytes)
MD5: 37e6e1a278659302f311dd9015cce387
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: C:\new Antec\EAZEL\02-Audio (EAZEL)\11-Streaming\20-iRadioNet\42486-42487-iradionet.exe
Group: Malware file
Last Updated: June 23, 2022

%WINDIR%\system32\ctfmon.exe

File name: ctfmon.exe
Size: 30.2 KB (30208 bytes)
MD5: 7fe831e595f75caade9bc91fbabf10a1
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: March 9, 2020

%PROGRAMFILES%\Internet\Newsleecher\newsleecher.exe

File name: newsleecher.exe
Size: 3.71 MB (3710976 bytes)
MD5: fc6ca6278e89916b7aa8edefbfe0864c
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Internet\Newsleecher
Group: Malware file
Last Updated: April 30, 2020

cj.v4.dll

File name: cj.v4.dll
Size: 17.4 KB (17408 bytes)
MD5: be229d6cb0613be8a337b7e48273f9c0
Detection count: 0
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

4 Comments

mark says:

September 25, 2008 at 8:57 am

Hi

I ran Norton PC checkup (scan only version) and it says that my PC is infected with the Infostealer.gampass virus. I then ran your scanner as well as a windows search and neither have detected the virus. Any advice would be much appreciated?

Cheers
Mark
Clifford says:

November 19, 2008 at 7:46 am

Hi, I've subscribed for PC TOOLS Spyware Doctor with Anti-Virus, every time I run a scan on Spyware Doctor with Anti-Virus, a High threat Spyware known as Trojan-Spy.Gampass seems to be detected, qurantined amd cleaned. This seems to happen at every loggin session, it only gets qurantined and cleaned, and it's supposed to stop there, but no, this cycle of qurantining and cleaning seems to continue at every login session of my computer, I don't know how to remove this spyware, I've tried everything I could, even re-installing windows, nothing seems to work. Kindly let me know what can be done as quickly as possible.
Thanks
Cliff
Doyle says:

December 2, 2008 at 10:26 pm

I have windows vista, and Norton AntiVirus.

A Norton scan shows that this Infostealer.Gampass is on my computer, but when i look for it using windows search feature I cannot find it at all.

any suggestions?
Sharmila / Ravi says:

January 14, 2010 at 6:42 pm

Dear Sir / Madam,

I have found the Gampass infostealer on our PC and have symantec anti virus software. Could you please let us know we can do to remove the virus and affectecd file from our PC's

with regards,

Sharmila / Ravi