McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Generic PWS.a

• Generic PWS.b

• Generic PWS.c

• Generic PWS.d

• Generic PWS.e

• Generic PWS.n

Characteristics

This detection covers multiple nondescript password-stealing trojans - typically one-off creations that have been received by AVERT.

The trojans may steal various passwords from the victim machine, including:

• local system username/password
• domain username/password
• MAPI username/password
• AOL or MSN username/password
• Passwords for other miscellaneous software (applications or games)

Typical methods to steal passwords from the victim machine include querying cached passwords, querying system Registry, targetting specific system files (e.g. PWL files on Win9x), faking login screen etc. etc. Once retrieved, the password(s) may be sent to the hacker in multiple ways: by mail, via HTTP (port 80), by FTP etc.

Symptoms

Specific indications may vary between different password stealing trojans, but typically the trojan will hook system startup via a Registry key, or a modification to WIN.INI or SYSTEM.INI.

Method of Infection

The trojan may be received from any of many sources. For example via email, IRC, P2P file-sharing network, newsgroup or download.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Generic PWS.a

• Generic PWS.b

• Generic PWS.c

• Generic PWS.d

• Generic PWS.e

• Generic PWS.n

Characteristics

Characteristics -

This detection covers multiple nondescript password-stealing trojans - typically one-off creations that have been received by AVERT.

The trojans may steal various passwords from the victim machine, including:

• local system username/password
• domain username/password
• MAPI username/password
• AOL or MSN username/password
• Passwords for other miscellaneous software (applications or games)

Typical methods to steal passwords from the victim machine include querying cached passwords, querying system Registry, targetting specific system files (e.g. PWL files on Win9x), faking login screen etc. etc. Once retrieved, the password(s) may be sent to the hacker in multiple ways: by mail, via HTTP (port 80), by FTP etc.

Symptoms

Symptoms -

Specific indications may vary between different password stealing trojans, but typically the trojan will hook system startup via a Registry key, or a modification to WIN.INI or SYSTEM.INI.

Method of Infection

Method of Infection -

The trojan may be received from any of many sources. For example via email, IRC, P2P file-sharing network, newsgroup or download.

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A