Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


GameThief Trojan on USB Drive

  • Please log in to reply
1 reply to this topic

#1 BalladCarver


  • Members
  • 6 posts
  • Local time:09:56 AM

Posted 04 May 2010 - 04:43 PM


The worst of all things possible happened today when I tried to give a presentation for a government class and when I plugged my flashdrive
[an old Kingston Datatraveller 1gig]
and the school computer in the classroom told me that
P:/autorun.inf [P:/ being the USB drive when plugged into the school computer]
had a gamethief trojan virus. The school computer was running Kapersky which was what prompted the detection a few seconds after I plugged my flash drive in and asked to delete the file.
I am sorry that I cannot remember everything that Kapersky said, I was a bit taken aback, embarrased, and freaked trying to get my presentation working.
However I know that it said: Trojan.gamethief.Win32 and a bit more extension I cannot remember.

The school tech guy came in, tried to delete the file, and was prompted to reboot the computer. Upon reboot Kapersky did not detect the file on my USB. However the school tech said I would have to clean my home computer and just get rid of the flash drive.

The problem is I can barely find any information about this gamethief virus and what I did find said it steals account information for online games.
I have plugged this USB drive into three home computers, none of which have any games on them [except for Sims2 on my sister's PC but that isn't online].
However the tech guy asked if I had saved anything directly to my flash drive, which I had, and told me it probably came from a picture I had saved from online (google images or wikipedia, those are the only places I have gone for pictures).

So I'm running virus scan on all three PCs that I had plugged into and none of them have found this gamethief.
The thing is though that some sites I found online that had users reporting this virus all had Kapersky antivirus like my school's system,
but all 3 PCs I'm scanning right now have McAfee security center antivirus and firewall and my McAfee isn't finding anything.

So is McAfee unable to find these types of files or is Kapersky glitchy.
I have downloaded powerpoints onto my flash drive from my e-mail that group members for the govt presentation had sent me,
Saved some pictures from google images and wikipedia

I cannot find any trace of this virus.

So basically what I'm asking is:

Is this virus hiding in my computer and undetected by McAfee?
Is this virus also able to steal my e-mail account information?
What else should I do to check the 3 PCs this flash drive has been in?

Thank you for your help

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,090 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:56 AM

Posted 05 May 2010 - 02:14 PM

Trojan-GameThief.Win32.OnLineGames Technical Details

Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the infection without knowing more information about the actually file(s) involved. See Understanding virus names.

Since Kaspersky is detecting this malware, try doing an online scan from each computer you inserted the usb stick into.

Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.
  • Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.
  • Read the "Advantages - Requirements and Limitations" then press the Posted Image... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the Posted Image... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the Posted Image... button afterwards:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Mail databases
  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

So is McAfee unable to find these types of files or is Kapersky glitchy.

What other security programs are you using?

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

The problem is I can barely find any information about this gamethief virus and what I did find said it steals account information for online games.

Anytime your encounter malware on your computer or usb drive that is able to steal information, and that computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised and change all passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users