Follow:

 

HackTool:Win32/Passview


HackTool:Win32/Passview is the detection of a tool named "Protected Storage PassView". The tool is used to display the passwords which may be stored in Windows Protected Storage (Pstore).


What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.

Threat behavior

HackTool:Win32/Passview is the detection of a tool named "Protected Storage PassView". The tool is used to display the passwords which may be stored in Windows Protected Storage (Pstore).
 
HackTool:Win32/Passview can function as a command-line tool or GUI to show the passwords in Pstore. Some examples of passwords stored within Windows Protected Storage are:
  • Microsoft Outlook Express account credentials
  • Internet Explorer auto-complete passwords
  • passwords saved for password-protected sites
  • MSN Explorer passwords
     
An image of the tool is shown below:
 
 
Analysis by Shawn Wang

Symptoms

HackTool:Win32/Passview is a tool used to display the passwords which may be stored in Windows Protected Storage (Pstore).

Prevention


Alert level: Medium
First detected by definition: 1.45.287.0
Latest detected by definition: 1.179.693.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: May 28, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Tool.PassView (Dr.Web)
  • not-a-virus:PSWTool.Win32.Passview (Kaspersky)
  • PWCrack-PassView (McAfee)
  • Trojan.PSW.IcqSmiley.c (Rising AV)
  • NirPassView (Sophos)
  • Hacktool.PStorRevealer (Symantec)
  • HKTL_PASSVW.A (Trend Micro)