Encyclopedia entry
Updated:
Apr 17, 2011
| Published:
Aug 31, 2010
Aliases
Alert Level
(?)
Severe
Antimalware protection details
Microsoft recommends that you download the
latest definitions
to get protected.
Detection initially created:
Definition: 1.89.417.0
Released: Aug 26, 2010
|
Summary
PWS:Win32/PWSteal.M is the detection for a trojan that drops several password-recovery tools in the computer. These tools collect user information, which may then be sent to a remote attacker.
Symptoms
System changes
The following system changes may indicate the presence of this malware:
Technical Information (Analysis)
PWS:Win32/PWSteal.M is the detection for a trojan that drops several password-recovery tools in the computer.
Payload
Drops other files
PWS:Win32/PWSteal.M drops several password-recovery tools such as the following files:
These dropped files may collect user information for various accounts. The collected passwords are stored in the following files:
-
%Temp%\mspass.txt
-
%Temp%\ffpass.txt
-
%Temp%\fzpass.txt
-
%Temp%\iepass.txt
-
%Temp%\SteamPass.txt
-
%Temp%\passvoodoo.txt
PWS:Win32/PWSteal.M then attempts to send the information in these files to a remote attacker.
Modifies computer settings
PWS:Win32/PWSteal.M may prevent Windows Defender from displaying a warning. It may also close the Task Manager process.
Analysis by Andrei Florin Saygo
Prevention
Recovery
To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
