Home Malware Programs Trojans Infostealer.Gampass

Infostealer.Gampass

Posted: May 6, 2007

Threat Metric

Threat Level: 9/10
Infected PCs: 447
First Seen: July 24, 2009
Last Seen: February 18, 2023
OS(es) Affected: Windows

Infostealer.Gampass is a family of spyware programs that specialize in collecting data for online game accounts, although they also may include other attacks. Infostealer.Gampass account compromises may include the loss of in-game items, which may sell for real-world profit to Infostealer.Gampass's administrators. PC gamers especially should be mindful of common infection vectors for variants of Infostealer.Gampass, which tend to use social engineering tactics targeting gaming communities, specifically. As with all spyware, removing Infostealer.Gampass should use anti-malware tools, after which you can re-secure any compromised data or accounts.

Infostealer.Gampass and the 'Other' Player Controlling Your Character

Infostealer.Gampass, Bloodhound.KillAV or LIneage YI (the latter alias referencing one of the online games targeted) is a group of spyware and Trojans that attack online gaming accounts. Along with stealing login names, passwords and other credentials, Infostealer.Gampass frequently enables unauthorized activities through the compromised accounts, such as trading in-game items or currency. An account compromised by Infostealer.Gampass may be wiped clean of any transferable, digital 'valuables' for trade and conversion to money for the responsible third-party in question.

The Infostealer.Gampass family had its official establishment in 2006, but the popularity of hijacking game accounts has seen to it that new variants of Infostealer.Gampass programs continue in development up to the present day. Some of the most popular means of installing Infostealer.Gampass Trojans that malware researchers may point include:

  • Infostealer.Gampass may be disguised as a fake key generator or pirated software installer, such as a fake installer for SpectraPLUS audio products. These installers circulate on fake software websites, freeware sites and torrents, in many of the same places as pirated software (and other, similarly illicit downloads).
  • Other Infostealer.Gampass installers may target gamers for particular online games by disguising themselves as fake add-ons (or 'mods) for applications like World of Warcraft or Lineage II.
  • Spambots and misrepresented links also may promote concealed Infostealer.Gampass installers in gaming communities and forums.

Getting Your Gaming Safety Back from Infostealer.Gampass

Browser security features and safe Web-surfing habits both are needed to block all of the potential infection vectors for Infostealer.Gampass, which also may be capable of launching attacks not mentioned in this article. By default, a wide range of Trojans with game account-compromising attacks may be placed within the Infostealer.Gampass family, which allows for a variety of diverse payloads, symptoms and potentially incurred damages. In particular, malware experts point out the occasional use of rootkit components, which could let Infostealer.Gampass maintain persistence without any significant signs of a new program's presence.

Infostealer.Gampass has a history of enacting various measures to block its files and other components from being visible regardless of your file-viewing settings. Since Infostealer.Gampass is a potential high-level threat, you should delete Infostealer.Gampass with anti-malware products that are up-to-date for identifying this spyware's latest variants. After disinfecting your PC of Infostealer.Gampass, you also should contact any relevant gaming companies and follow their instructions for re-securing your accounts – and saving any in-game possessions you might have lost.

Aliases

Packer.PESpin [Ikarus]Mal/Packer [Sophos]TR/Agent.3710976 [AntiVir]Gen:Packer.PESpin.A.I7W@aynDsUrO [BitDefender]Trojan.Backdoor-11 [ClamAV]Win32.TRAgent [eSafe]probably a variant of Win32/Spy.Agent.IJPQFES [NOD32]Riskware [K7AntiVirus]Generic.dx!f [McAfee]Trj/Lineage.BZE [Panda]W32/Agent.LTXBUDK!tr [Fortinet]Win32.SuspectCrc [Ikarus]Mal/KeyGen-M [Sophos]Trojan.Packed.593 [DrWeb]UnclassifiedMalware [Comodo]
More aliases (197)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%WINDIR%\system32\itlpfw32.dll File name: itlpfw32.dll
Size: 215.55 KB (215552 bytes)
MD5: 4ed60abfeed35a673b90d651818250f0
Detection count: 199
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 18, 2011
%WINDIR%\system32\AdminLp.dll File name: AdminLp.dll
Size: 61.44 KB (61440 bytes)
MD5: 249e70aab278802186302b31f28d0e05
Detection count: 71
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: January 9, 2011
1369347988.dll File name: 1369347988.dll
Size: 139.26 KB (139264 bytes)
MD5: f9053595b96cb98255730e5854d9e4fe
Detection count: 40
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
C:\Hiren's.BootCD.15.2\XP\XP\I386\System32\keybtray.exe File name: keybtray.exe
Size: 10.06 KB (10064 bytes)
MD5: b030222345d91c7aa73867bcb5b7a380
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: C:\Hiren's.BootCD.15.2\XP\XP\I386\System32\keybtray.exe
Group: Malware file
Last Updated: December 29, 2022
C:\new Antec\EAZEL\02-Audio (EAZEL)\11-Streaming\20-iRadioNet\42486-42487-iradionet.exe File name: 42486-42487-iradionet.exe
Size: 485.9 KB (485908 bytes)
MD5: 37e6e1a278659302f311dd9015cce387
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: C:\new Antec\EAZEL\02-Audio (EAZEL)\11-Streaming\20-iRadioNet\42486-42487-iradionet.exe
Group: Malware file
Last Updated: June 23, 2022
%WINDIR%\system32\ctfmon.exe File name: ctfmon.exe
Size: 30.2 KB (30208 bytes)
MD5: 7fe831e595f75caade9bc91fbabf10a1
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: March 9, 2020
%PROGRAMFILES%\Internet\Newsleecher\newsleecher.exe File name: newsleecher.exe
Size: 3.71 MB (3710976 bytes)
MD5: fc6ca6278e89916b7aa8edefbfe0864c
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Internet\Newsleecher
Group: Malware file
Last Updated: April 30, 2020
cj.v4.dll File name: cj.v4.dll
Size: 17.4 KB (17408 bytes)
MD5: be229d6cb0613be8a337b7e48273f9c0
Detection count: 0
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

4 Comments

  • mark says:

    Hi

    I ran Norton PC checkup (scan only version) and it says that my PC is infected with the Infostealer.gampass virus. I then ran your scanner as well as a windows search and neither have detected the virus. Any advice would be much appreciated?

    Cheers
    Mark

  • Clifford says:

    Hi, I've subscribed for PC TOOLS Spyware Doctor with Anti-Virus, every time I run a scan on Spyware Doctor with Anti-Virus, a High threat Spyware known as Trojan-Spy.Gampass seems to be detected, qurantined amd cleaned. This seems to happen at every loggin session, it only gets qurantined and cleaned, and it's supposed to stop there, but no, this cycle of qurantining and cleaning seems to continue at every login session of my computer, I don't know how to remove this spyware, I've tried everything I could, even re-installing windows, nothing seems to work. Kindly let me know what can be done as quickly as possible.
    Thanks
    Cliff

  • Doyle says:

    I have windows vista, and Norton AntiVirus.

    A Norton scan shows that this Infostealer.Gampass is on my computer, but when i look for it using windows search feature I cannot find it at all.

    any suggestions?

  • Sharmila / Ravi says:

    Dear Sir / Madam,

    I have found the Gampass infostealer on our PC and have symantec anti virus software. Could you please let us know we can do to remove the virus and affectecd file from our PC's

    with regards,

    Sharmila / Ravi

Loading...