AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 02, 2008, 01:02:32 PM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4756 Members
Latest Member: Uobeley
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Windows-based Security Issues  |  Topic: Hacktool.Pwdump Hack Tool 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Hacktool.Pwdump Hack Tool  (Read 4085 times)
Brad
SysAdmin
Tech Team
Hero Member
********
Offline Offline

Posts: 391



View Profile
Hacktool.Pwdump Hack Tool
« on: June 06, 2005, 12:38:50 AM »
Behavior
Hacktool.Pwdump is a hack tool that is used to grab Windows password hashes from a remote Windows computer.

Symptoms
A file is detected as Hacktool.Pwdump

Transmission
This hack tool must be manually installed.

technical details
File names: PwDump3.exe; pwservice.exe

Once executed, Hacktool.Pwdump performs the following actions:

   1. Connects to a remote computer.

   2. Downloads a file named pwdservice.exe.

   3. Registers pwdservice.exe as a remote service.

   4. Adds the value:

      "000" = "pwdservice.exe"

      to the registry subkey:

      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer

   5. Sends back extracted password hashes.

REMOVAL INSTRUCTIONS

See: http://securityresponse.symantec.com/avcenter/venc/data/hacktool.pwdump.html
Logged
Mambo Hosting Resources
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Windows-based Security Issues  |  Topic: Hacktool.Pwdump Hack Tool « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!