|Discovered|| [korea] 0000-00-00
|Scan engine needed||
2011-8-17 [Able to detect & repair]
Trojan.Win32.PSWIGames.95768 does not spread out as itself, and it is downloaded from hacked site or other malicious codes such as Spy/Adware, dropper, and etc.
1) (System Folder)\ws2help.dll file is replaced to malicious code by Dropper. The original ws2help.dll file is renamed to ws3help.dll, and malicious ws2help.dll file is inserted instead.
2) It has all basic code of ws2help.dll, and the function that redirects to original ws2help.dll file does not exist.
[PIC 1] Trojan.Win32.PSWIGames.95768.vir's IAT
3) There is a code that extends its lifetime by itself.
[How to repair]
Reparable by ViRobot engine ver.2011-08-17.01 or above.