« previous next »
Pages: [1]   Go Down

Author Topic: Win32 Oliga [Trj]  (Read 10644 times)

0 Members and 1 Guest are viewing this topic.

gmann44

  • Guest
Win32 Oliga [Trj]
« on: November 25, 2008, 06:23:24 PM »
Not that my system is acting strange but...just ran Avast and it came up with a Win32 Oliga [trj]. Is this for real or is it possible a false positive. I did do some searching on my own with mixed results. Some say it is a Trojan that steals online gaming passwords. I do not play online games. Others say it is a false detection. Can someone comment on this please? Thanks! I feel I can come up with more accurate info on this site than at other places. Again Thanks!




Logged

Jtaylor83

  • Guest
Re: Win32 Oliga [Trj]
« Reply #1 on: November 25, 2008, 08:51:10 PM »
Win32:Oliga is a password stealer trojan.

http://vil.nai.com/vil/content/v_150521.htm

What is the filename and location?

Check your warning log:

C:/Program Files/Alwil Software/Avast4/DATA/log/warning.txt
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33903
  • malware fighter
Re: Win32 Oliga [Trj]
« Reply #2 on: November 25, 2008, 08:57:48 PM »
Hi gmann44,

Have a scan with MBAM: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
If MBAM does not cleanse everything from the trojan at a first full scan, reboot and let it have another additional sweep, then post the logfile txt as an attachment to your next posting.
Also post a HJT logfile txt as an attachment using HJT from here: http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

Sometimes a temporary disabling of system restore is necessary to parts of the malware does not just resurrect like phoenix from its ashes through the workings of the system restore feature, see:

Additional trojan removal instructions, do read:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx

Check up on this, make a copy of your registry settings first in case something goes wrong,
Manual removal instructions,
FileName    
%USERPROFILE%\local settings\temp\57v9.dll
   PWS-OnlineGames.bl

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following registry elements have been created:

# Hkey_local_machine\system\currentcontrolset\services\kavsys\

    * errorcontrol = 1
    * imagepath = \??\c:\windows\system32\drivers\vga.sys
    * start = 1
    * type = 1
Additional trojan removal instructions, do read:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »