Not a member yet? Register for your free account!

Go Back   elitepvpers > MMORPGs > Perfect World
You last visited: Today at 16:33

  • Please register to post and access all features, it's quick, easy and FREE!


Perfect World elementclient.exe issue

Discussion on Perfect World elementclient.exe issue within the Perfect World forum part of the MMORPGs category.

Thread Tools
Old   #1
Join Date: Jan 2008
Posts: 2
Received Thanks: 0
Perfect World elementclient.exe issue

Hi, i've started patching PW, and my antivirus detects a trojan in the elementclient.exe file. Here is the log:

Malicious code found in file D:\Perfect World\element\elementclient.exe.
Infection: Trojan.Win32.Delf.avb
Action: The file was deleted.

Now I cant even get the file back on the computer... it deletes it right away.
My laptop is imaged where i cant edit any settings with the AntiVirus (F-Secure).

Can anyone help me get PW running?

xBadBoi is offline  
Old   #2
Join Date: Jan 2008
Posts: 19
Received Thanks: 2
Yeah this hapend to me today also...with Kaperspy 7. You could use the hacked .exe posted in the thread that is stickied to launch. But for future updates I do not know if the updater will work normally I myself was about to post a topic regarding this and I was going to ask if anybody could upload the original elementclient.exe for updating purposes when the time comes
Peitha is offline  
Old   #3
Join Date: Nov 2006
Posts: 39
Received Thanks: 0
Yeah coz all databases of antivirus have just been updated with this trojan/worm

I found it in the first client (without update)

When the worm executes, it creates the following files:


The file kavo0.dll is then injected into all running processes.

It also creates the following file, which is a copy of Hacktool.Rootkit:

The worm then copies itself to all drives from C through Z as the following file:

It also creates the following file so that it executes whenever the drive is accessed:
[DRIVE LETTER]:\autorun.inf

Next, the worm creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion
\Run\"kava" = "%System%\kavo.exe"

It then modifies the following registry entries:

\CurrentVersion\Explorer\Advanced\Folder\Hidden\SH OWALL
\"CheckedValue" = "0"
\CurrentVersion\Explorer\Advanced\"Hidden" = "2"
\CurrentVersion\Explorer\Advanced\"ShowSuperHidden " = "0"
\CurrentVersion\Pocilies\Explorer\"NoDriveTypeAuto Run" = "0x91"

The worm checks if it has been injected into any of the following processes:

wsm.exe and ybclient.exe

It then attempts to steal information for the following online games:

Wanmi Shijie or Perfect World
Dekaron Siwan Mojie
HuangYi Online
Rexue Jianghu
Seal Online
Maple Story
R2 (Reign of Revolution)
Kermi is offline  
Old   #4
Join Date: Jan 2008
Posts: 2
Received Thanks: 0
Is this thing harmful in anyway?

Bleh.. i just used program to delete F-Secure, then installed Avast.

xBadBoi is offline  
Old   #5
Join Date: Nov 2006
Posts: 39
Received Thanks: 0
No PW probably steal informations to know what game you r playing.
You have the worm since the begining ^^
Kermi is offline  
Old   #6
Join Date: Jan 2008
Posts: 19
Received Thanks: 2
That worm scares me lol...but I dont play any of those games so

Does anybody know if my client will update with the hackd .exe stickied in this forum? Since my AntiVirus deleted it >_>
Peitha is offline  
Old   #7
Join Date: Mar 2007
Posts: 29
Received Thanks: 8
my anti virus detected dis::

kaptenkapal is offline  
Old   #8
Join Date: Jul 2006
Posts: 38
Received Thanks: 84
yes i think it will still update when you run the launcher cuz the version is stored int hat one version file. and the server reads the version number in that file and just overwrites the files...also the elementclient.exe

when does that trojan/worm thing happen? when you run the launcher or when the game itself (the elementclient) exe runs? if it is 2nd then it might be the pwprotector.exe wich gets loaded
arschkeks is offline  

Thread Tools

All times are GMT +2. The time now is 16:33.

Powered by vBulletin®
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2015 elitepvpers All Rights Reserved.