Question & Answer Forum

Ask a question and get a quick response, it is easy!

Ask

Ask a question to public.

Reply

Answer people’s questions - It’s fun!

Join now

Look for friends and associates.
 

Welcome to Gethelp123 Q&A, where you can ask questions and receive answers from other members of the community.

REMOVAL GUIDE FOR: Trojan.PWS.OnlineGames.ZNH

  • Trojan.PWS.OnlineGames.ZNH causes information theft
  • Aims at stealing passwords
  • Trojan.PWS.OnlineGames.ZNH though technically is not a virus, it does display virus like malicious traits
  • It enters your system by bundling with other software

What is Trojan.PWS.OnlineGames.ZNH?

Trojan.PWS.OnlineGames.ZNH is a part of the large Trojan.OnlineGames virus. Trojan.PWS.OnlineGames.ZNH steals the password and user id of the gaming accounts of various online games. This is enabled by its capabilities to capture keyboard strokes. After fetching these details, the information is transferred to a remote server. The hackers use the assets of the victim players and monetize it by selling to various other players who are willing to buy the assets.

The games targeted are MapleStory, Age Of Conan, Rohan, The Lord Of The Rings, Knight Online, Lands Of Aden and World of Warcraft. It enters user system without user knowledge. Once it enters the system, it enables itself to run on start up by creating the following registry file:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Name: cdoosoft
Value: "%System%\olhrwef.exe

Trojan.PWS.OnlineGames.ZNH creates yet another hidden autorun.inf file on each drive which points to a hidden copy of the malware found in %drive_letter%\1ogf.exe. This hidden file enables the distribution of Trojan.PWS.OnlineGames.ZNH via removable drives.

Trojan.PWS.OnlineGames.ZNH also deactivates the installed antivirus program and thus is able to thrive for a long time without being detected. It also creates registry keys so as to make itself invisible. Though it is not visible to user or to the antivirus program, should the symptoms listed below be found, follow the below step by step guide on how to remove Trojan.PWS.OnlineGames.ZNH from your system.

How is Trojan.PWS.OnlineGames.ZNH Distributed?

Trojan.PWS.OnlineGames.ZNH is offered as optional software for automatic installation. Users can opt-out of installation of this application by unchecking various boxes, however, this step is often missed and Trojan.PWS.OnlineGames.ZNH is then installed inadvertently. Choosing custom installation may exempt your system from being infected via bundling. It can enter your system in the below ways:

  • Bundled with other freeware from other free download sites
  • Downloaded from potentially malicious websites
  • Malicious websites that may contain the respective link
  • Installed in your web browsers as extension, add-on, or browser helper object
  • Malicious email attachments

Symptoms of Trojan.PWS.OnlineGames.ZNH Infection:

  • Abrupt disappearance of game assets in your online gaming account
  • User id and passwords do not match anymore
  • Slowing down of system speed drastically and abruptly
  • Fake threat detections/ warning messages from new malware
  • Crashing or freezing of browser
  • Add-ons not installed by the user appear abruptly. Viz. toolbars, plug-ins.
  • Problems in navigating certain sites
  • Blue screen error

How To remove Trojan.PWS.OnlineGames.ZNH from your system:

  • Follow the below steps to ensure your PC is clean. It is HIGHLY RECOMMENDED that you perform a backup for all your files and to create a system restore point (learn here how to do it) before performing the below steps. This is to ensure that just in case you delete the wrong file, you will have a backup/restore point to safely go back to.
  • Press CTRL + Shift + ESC to launch the Task Manager.
  • Click on processes tab. Click on any file that seems related to Trojan.PWS.OnlineGames.ZNH and select End Process.
  • If you are using a Windows 8, on the main screen you will find an option ‘Search’. Type in “Control Panel”. If you are using a Windows 7/XP, click on start and choose Control Panel.
  • Depending on your Windows version, you will find one of these options:
    • Add or remove program
    • Programs and features
    • Programs
  • Click if you see any one of the above. Select any program relevant to Trojan.PWS.OnlineGames.ZNH and click on Uninstall.
  • Remove Trojan.PWS.OnlineGames.ZNH from the browser.
    • For Chrome you can do it by clicking on the Menu>>Tools>>Extensions and removing the related extensions.
    • For Mozilla Firefox, Press Ctrl+ Shift+ A. Select Extensions, select the add-ons related to Trojan.PWS.OnlineGames.ZNH and click on Disable and then on Remove.
    • For Internet Explorer, go to Tools>>Manage Add-ons. Select “Toolbars and Extensions” and disable related add-ons.

Prevent Trojan.PWS.OnlineGames.ZNH and other viruses with AVStrike:

Go to http://www.avstrike.com/product.php and choose Windows XP or Windows 7 or 8, scroll down to the bottom of the page and click on free trial.

Download AVStrike and install it on your PC by following the Setup Guide.

  • After installation, you will have a shortcut key on your desktop (which you can remove). Click the icon to open the folder.
  • A small window now opens with tabs indicating Quick Scan, Custom Scan and Full Scan. You can select your preference and then click on “Scan Now”. For complete protection, Full Scan is recommended.
  • AVStrike will scan your system for threats.
  • A result page will now appear with the threats detected on your computer.
  • You can either click on Select all or highlight the threats you choose to delete and click on “Remove All”.

Your system is now free of Trojan.PWS.OnlineGames.ZNH and is also protected from any such malware in the future!

It is important to remove Trojan.PWS.OnlineGames.ZNH and such malware from your system to keep your PC and your confidential data secure. Malwares of this kind are often undetected by the regular anti-virus software. Please observe the symptoms as listed above and follow the instructions to remove this from your system, for your own privacy and security.

...