Alert level

HackTool:Win32/Mailpassview

(?)

Encyclopedia entry
Updated: Apr 17, 2011  |  Published: Dec 16, 2010

Aliases
  • Win-AppCare/Agent.89088 (AhnLab)
  • W32/MalwareS.WQG (Command)
  • Gen2.BPVYO (Norman)
  • HackTool.Mailpassview!kmuIKt+KsCs (VirusBuster)
  • HackTool.IBI (AVG)
  • TR/Agent.89088.V (Avira)
  • Tool.PassView.13 (Dr.Web)
  • Win32/PSWTool.MailPassView.A (ESET)
  • PSWTool.Win32.Messen (Ikarus)
  • Trojan.Win32.Generic.5209991A (Rising AV)
  • NirSoft (Sophos)
  • PSWTool.Win32.MailPassView.as (Sunbelt Software)
  • MailPassView (Symantec)

Alert Level (?)
Moderate

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.151.421.0
Released: May 19, 2013 		Detection initially created:
Definition: 1.45.287.0
Released: Oct 07, 2008

 

Summary

HackTool:Win32/Mailpassview is a freeware tool that is used to display passwords for a number of email applications.

Top

 

Symptoms

HackTool:Win32/Mailpassview is a freeware tool that is used to display passwords for a number of email applications.

Top

 

Technical Information (Analysis)

HackTool:Win32/Mailpassview is a freeware tool that is used to display passwords for a number of email applications.
 
HackTool:Win32/Mailpassview has a graphical user interface (GUI), but can be run without being displayed to the affected user by utilizing command line switches to save the captured password information to various formats. It can show passwords for the following email applications:
 
  • Microsoft Outlook Express
  • Microsoft Outlook
  • Windows Mail
  • Windows Live Mail
  • IncrediMail
  • Eudora
  • Netscape 6.x/7.x
  • Mozilla Thunderbird
  • Yahoo! Mail
  • Hotmail/MSN mail
  • Gmail
 
A configuration file named <filename>.cfg is dropped in the folder the program runs from, f or example, Mailpv.exe would drop Mailpv.cfg.
 
An image of the tool is shown below:
 
 
In the wild, we have observed HackTool:Win32/Mailpassview being used by Trojan:Win32/Nedsym in order to steal passwords from affected users.
 
Analysis by Michael Johnson

Top

 

Prevention

Take these steps to help prevent infection on your computer.


Top

 

Recovery

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products will detect and remove this threat:
 
 
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Top

Provide feedback