HTKL_PWDUMP
Posted: October 4, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 58 |
| First Seen: | October 4, 2012 |
|---|---|
| OS(es) Affected: | Windows |
HTKL_PWDUMP, or PwDump7, is a criminal utility that can extract confidential password information from Windows without the consent of the original PC's user. In conjunction with other attacks, this can be utilized to put in jeopardy the privacy and security of your computer, and may be a prelude to account hijacks by criminals. As noted in the general article on Adobe certificate compromises in Troj/HkCert-A, criminals have exploited an Adobe server vulnerability to give HTKL_PWDUMP (along with a second PC threat, TROJ_AGENT.MGSM or myGeeksmail) a 'valid' certificate. This can cause victims to download and launch HTKL_PWDUMP on the basis of the certificate supposedly proving the authenticity of the executable file. SpywareRemove.com malware researchers recommend that you use anti-malware software to differentiate between legitimate programs and malware, and encourage HTKL_PWDUMP's removal through anti-malware scans if you have installed HTKL_PWDUMP either deliberately or accidentally.
HTKL_PWDUMP: the Thief with Unusually Good Credentials
Although the PwDump7 program has been in existence for quite some time, the Adobe certificate-authorized version of it, HTKL_PWDUMP, is still a new entry onto the malware scene as of late September/early October 2012. Program certificates are used to verify the identity and safety of easily-downloaded programs, which encourage PC users to install them once they see a certificate linked to a well-known brand like Adobe. However, certificate security isn't waterproof, and even though Adobe has plans in place to revoke its currently-exploited certificates, SpywareRemove.com malware analysts emphasis that previously-certified versions of HTKL_PWDUMP will continue to appear as though they're endorsed by Adobe.
HTKL_PWDUMP uses a hash-retrieval system for System and Sam files as its means of stealing passwords from your PC. Although HTKL_PWDUMP is easily-removed by competent anti-malware programs, HTKL_PWDUMP should be considered a very invasive type of spyware and can enable criminals to take over accounts for e-mail clients, online games, FTP management and other targets. Even if you do remove HTKL_PWDUMP successfully, SpywareRemove.com malware researchers recommend changing all potentially-compromised passwords. Fortunately, HTKL_PWDUMP hasn't been found to contain keylogging functions or other features that could be used to steal information other than passwords.
Dumping HTKL_PWDUMP Out of Your Lap
HTKL_PWDUMP can be distributed with other types of PC threats and is most likely to be encountered through freeware sites and torrent networks. Although other OSes may very well be safe from HTKL_PWDUMP attacks, SpywareRemove.com malware experts have confirmed HTKL_PWDUMP's compatibility with multiple versions of Windows.
The circumstances of HTKL_PWDUMP's entry into the malware industry also cause SpywareRemove.com malware research team to recommend against trusting any application based on its certificate alone. While the lack of a certificate for an abusable file (such as EXE) sometimes can be an indication of a potential PC threat, the presence of even a certificate signed by a trustworthy company isn't a firm guarantee that the file in question isn't HTKL_PWDUMP or another type of malware. Thankfully, since HTKL_PWDUMP lacks encryption or other defenses, anti-malware programs can detect and delete HTKL_PWDUMP easily enough.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:libeay32.dll
File name: libeay32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
PwDump7.exe
File name: PwDump7.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.