Spyware.OnlineGames removal guide

The Spyware.OnlineGames is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Spyware.OnlineGames virus can do?

Attempts to connect to a dead IP:Port (3 unique times)
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Uses Windows utilities for basic functionality
Attempts to repeatedly call a single API many times in order to delay analysis time
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself
Generates some ICMP traffic

Related domains:

z.whorecord.xyz

a.tomx.xyz

ruoyan52.f3322.net

How to determine Spyware.OnlineGames?


File Info:
crc32: 02026B84
md5: 01a9edd48476fc3b2866d98ea0cefc23
name: cc.exe
sha1: cd9bca11715fc7817799078e55aee05e93e23e5b
sha256: 727baa973870b6be7312d7a5143215bf0230ba61e28401527eb14668dc2ed895
sha512: 23eca4ea4cc9a895a22a3b2a8f3553a202ec591b7e4a484b1ecc1dd3ee5cdc1d38dbf42c2b1cec2ea99f1299d46f0101b833f937f9f31b697ad0cb32b356d8b5
ssdeep: 12288:fD5z5SXONBRRXS3ES03br6QYSwKH/kOG3tsHQv7T3YNE:f9cyBRRC3t03v6/SwzsHIT3Yy
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: x4f5cx8005x7248x6743x6240x6709 x8bf7x5c0ax91cdx5e76x4f7fx7528x6b63x7248
FileVersion: 1.0.0.0
Comments: x672cx7a0bx5e8fx4f7fx7528x6613x8bedx8a00x7f16x5199(http://www.eyuyan.com)
ProductName: x6613x8bedx8a00x7a0bx5e8f
ProductVersion: 1.0.0.0
FileDescription: x6613x8bedx8a00x7a0bx5e8f
Translation: 0x0804 0x04b0

Spyware.OnlineGames also known as:

Bkav	W32.AIDetectVM.malware
FireEye	Generic.mg.01a9edd48476fc3b
CAT-QuickHeal	Risktool.Flystudio.17324
McAfee	Artemis!01A9EDD48476
Cylance	Unsafe
Sangfor	Malware
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 005246d51 )
K7AntiVirus	Trojan ( 005246d51 )
Invincea	heuristic
BitDefenderTheta	Gen:NN.ZexaF.34090.6q0@aiZFx0cb
Symantec	ML.Attribute.HighConfidence
Baidu	Win32.Worm.AutoRun.hq
TrendMicro-HouseCall	TROJ_DLOGENUR.SM
ClamAV	Win.Malware.Zusy-6840460-0
GData	Win32.Application.PUPStudio.A
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.Autorun.ffomrl
Rising	Worm.Autorun!8.50 (C64:YzY0Ovr24HfZJNar)
Sophos	Mal/Generic-S
Comodo	Worm.Win32.Dropper.RA@1qraug
F-Secure	Trojan.TR/Dldr.generif
DrWeb	Trojan.DownLoader14.63076
Zillya	Trojan.Generic.Win32.777061
TrendMicro	TROJ_DLOGENUR.SM
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
SentinelOne	DFI – Malicious PE
Trapmine	malicious.high.ml.score
APEX	Malicious
Jiangmin	TrojanDownloader.Generic.aobu
MaxSecure	Trojan.Malware.7164915.susgen
Avira	TR/Dldr.generif
Antiy-AVL	GrayWare/Win32.FlyStudio.a
Endgame	malicious (high confidence)
SUPERAntiSpyware	Trojan.Agent/Gen-OnlineGames
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/Wacatac.D!ml
Acronis	suspicious
VBA32	BScope.Backdoor.Poison
Malwarebytes	Spyware.OnlineGames
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/AutoRun.Agent.ANP
Tencent	Win32.Worm.Autorun.Eer
eGambit	HackTool.Generic
Fortinet	W32/QQWare.A!tr
AVG	Win32:Malware-gen
Cybereason	malicious.1715fc
Avast	Win32:Malware-gen
Qihoo-360	Generic/Trojan.ee5

How to remove Spyware.OnlineGames?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Spyware.OnlineGames removal guide