Hello,
yesterday with Database 5.10630 the scan was ok, clean.
Today, smart update database 5.10640 intelli-signatures 932.820 and this detection:

PC Tools Spyware Doctor
Date Status
05/09/2008 12:08:57:46 Analyse démarrée
Type d'analyse - Analyse complète

05/09/2008 12:09:20:500 Résultats d'Immunizer
La section ActiveX a été immunisée. Aucun élément n'a été traité.

05/09/2008 14:07:20:406 Une infection a été détectée sur cet ordinateur
Nom de la menace - Trojan-PWS.OnlineGames.MLF
Type - Valeur de registre
Degré de risque - Moyen
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CCDECODE, Type

05/09/2008 14:07:20:406 Une infection a été détectée sur cet ordinateur
Nom de la menace - Trojan-PWS.OnlineGames.MLF
Type - Valeur de registre
Degré de risque - Moyen
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CCDECODE, Start

05/09/2008 14:07:20:406 Une infection a été détectée sur cet ordinateur
Nom de la menace - Trojan-PWS.OnlineGames.MLF
Type - Valeur de registre
Degré de risque - Moyen
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CCDECODE, ErrorControl

05/09/2008 14:07:20:406 Une infection a été détectée sur cet ordinateur
Nom de la menace - Trojan-PWS.OnlineGames.MLF
Type - Valeur de registre
Degré de risque - Moyen
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CCDECODE, Tag

05/09/2008 14:07:20:406 Une infection a été détectée sur cet ordinateur
Nom de la menace - Trojan-PWS.OnlineGames.MLF
Type - Valeur de registre
Degré de risque - Moyen
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CCDECODE, ImagePath

05/09/2008 14:07:20:406 Une infection a été détectée sur cet ordinateur
Nom de la menace - Trojan-PWS.OnlineGames.MLF
Type - Valeur de registre
Degré de risque - Moyen
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CCDECODE, DisplayName

05/09/2008 14:07:20:406 Une infection a été détectée sur cet ordinateur
Nom de la menace - Trojan-PWS.OnlineGames.MLF
Type - Valeur de registre
Degré de risque - Moyen
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CCDECODE, Group

05/09/2008 14:07:20:406 Une infection a été détectée sur cet ordinateur
Nom de la menace - Trojan-PWS.OnlineGames.MLF
Type - Valeur de registre
Degré de risque - Moyen
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CCDECODE\Security, Security

05/09/2008 14:07:20:421 Une infection a été détectée sur cet ordinateur
Nom de la menace - Trojan-PWS.OnlineGames.MLF
Type - Clé de registre
Degré de risque - Moyen
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CCDECODE\Security

05/09/2008 14:07:20:421 Une infection a été détectée sur cet ordinateur
Nom de la menace - Trojan-PWS.OnlineGames.MLF
Type - Clé de registre
Degré de risque - Moyen
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CCDECODE

05/09/2008 14:08:23:390 Analyse terminée
Type d'analyse - Analyse complète
Eléments traités - 328187
Menaces détectées - 1
Infections détectées - 10
Infections ignorées - 0

What is about? A FP detection?
A precision if necessary: I have NEVER played with an "online game"!!!
And all other scans are clean.

And when I look on Google about Trojan-PWS.OnlineGames.MLF, I find.... my post!!!

Regards,
Jérôme.

I found same thing during scanning today. 10 infections cleaned.
After smart update I started scanning. Is this FP?

Hello,
if we begin to be several infected, I believe in a possible FP.
And it came after today update.
I did not do anything about it, no quarantine, and I wait for an answer here by a PC Tools expert...
Regards,
Jérôme.

Hi,
I hve quarantine that infection & my pc is working fine. I suggest you do the same until PC tools come back with some explaination.

Hello,
some more informations: Trojan-PWS.OnlineGames.MLF has been added by SD in database 5.10640. See here:

http://www.pctools.com/mrc/database/year/2008/month/09/

A new research on Google and I have found a lot of SD users on different forums who get infected, on Yahoo, in Italy etc..

http://www.google.fr/search?hl=fr&q=Trojan-PWS.OnlineGames.MLF+&btnG=Recherche+Google&meta=&aq=f&oq=

So, as we are on saturday, I'll wait for an answer here on monday before doing anything...
Regards,
Jérôme.

I've got that exact same infection on two computers, i'm using 6.0.0.362 with DB 5.10640

I've got it too. With multiple SD customers reporting it, I'm inclined to believe that it is a FP.

But there are two things that go against that.
1. A second computer that also runs SDwAV 6.362 does not show it.
2. On the computer that does show it, I had stopped using that computer for an hour or two, left it running. When I returned, the screen resolution had changed from what it was when I left! Did that happen to anyone else?

I then ran an intelliscan and it found this threat.
I quarantined it, rebooted, and the computer appears to run OK.

I haven't found much on the internet about this threat. Most of the hits that report it say they use SD. The others don't say.

Hello,
after the detection by SD (database 5.10640) on friday, I did not do anything, no quarantine, with it.
My computer works perfectly well.
Another thing: yes when you search on Google with Trojan-PWS.OnlineGames.MLF you'll find a lot of SD users.
When you search CCDECODE, which is the name of the detected keys, you find that it seems to be a legitime one...
http://www.google.fr/search?sourceid=navclient&aq=t&hl=fr&ie=UTF-8&rlz=1T4GGIH_frFR278FR279&q=CCDECODE

So, I am not sure but a FP is possible.
However I prefer wait for precisions here!
Regards,
Jérôme.

I also have this trojan quarantined! SD version 5.5.0.204 starter edition. XP SP3 AVG 8.0.169 free. Windows firewall. I will watch the forum to find out whether this is a fp or not.

Hi Guys,

We are currently looking at this and will get back to you shortly :)

This appears to be a FP and we will be resolving this in the next Smart update :)

Thank you so much for the quick response!

OK! Complete scan clean this morning with update to data-base 5.10660...
Thank you,
Jérôme.

This trojan is still in quarantine. What do I do with it?

All you need to do is restore the detections related to Trojan-PWS.OnlineGames.MLF from quarantine. Once you run another scan, these files shouldn't be detected anymore.

kt

Thanks Katie! Have a great day!