Symantec has warned computer users of Infostealer.Wowcraft.C, a Trojan horse, which is said to be making attempt to commit theft of sensitive info related to online games and send it to a remote attacker. Computer users were reported to have complained regarding links in Outlook email, which, on being clicked, create a host of Trojans aimed at stealing gaming credentials.
The newly-detected Trojan also known as PWSteal.Wowcraft.C in fact puts the Trojan file, INTEXPLORE.com, as middleman. As soon as the link in email is clicked by the users, the INTEXPLORE.com file is installed, and let the control go to the browser. It’s viable that either any anti-virus software is getting rid of the Trojan however leaving behind the registry edit, or the file is being deleted by the affected users themselves but leaving behind the registry edit. Whatever be the way, the outcome is the unchanged - on the whole giving rise to a dead end every time a link in email is clicked by you.
Symantec has reported that Infostealer.Wowcraft.C:
Modifies the values
“(Default)” = “%ProgramFiles%\Internet Explorer\INTEXPLORE.com” -nohome”
“(Default)” = “%ProgramFiles%\common~1\INTEXPLORE.pif” %1″”
in the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command
Luckily, there is a simple fix to get rid of the Trojan. First of all, the users will have to provide scan to their system with the latest anti-virus software unless the Trojan really is rooted out. After that edit the registry and put back the bad value with the default value as give below:
