McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business Home McAfee Labs Threat Intelligence

PWS-Poker

This page shows details and results of our analysis on the malware PWS-Poker

Threat Detail

Malware Type: Trojan

Malware Sub-type: Password Stealer

Discovery Date: 2006-05-17

Next Steps:

Overview

This is detection for a Password Stealer that targets users of a number of online poker games. The trojan authors intended to hide its existence by using some rootkit capabilities.

Originally, this trojan was distributed via a "Rakeback" calculator named "rbcalc.exe".

 


Minimum DAT

4764 (2006-05-17)

Updated DAT

4992 (2007-03-26)

 Minimum Engine

5.1.00

File Length

Varies

 Description Added

2006-05-17

Description Modified

2006-05-17

Malware Proliferation

Characteristics

System Changes

Files Added

  • %SYSTEMDIR%\comclg32.dll ( 48176 bytes )
  • %SYSTEMDIR%\ndsdavsrv.sys ( 2432 bytes )
  • %SYSTEMDIR%\d3dclsrv.dll ( 9728 bytes )
  • %SYSTEMDIR%\utlsrv.exe ( 6304 bytes )

 

Symptoms

N/A.

Method of Infection

N/A. Password Stealers are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.

This specific trojan was found on checkraised.com.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

Variants

PWS-Poker.sys
PWS-Poker.dr
PWS-Poker.dll

United States - English