McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business Home McAfee Labs Threat Intelligence

Pws-AV

This page shows details and results of our analysis on the malware Pws-AV

Threat Detail

Malware Type: Trojan

Malware Sub-type: Password

Discovery Date: 2000-01-26

Next Steps:

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.


Minimum DAT

4066 (2000-02-23)

Updated DAT

4066 (2000-02-23)

 Minimum Engine

5.1.00

File Length

21,890

Description Added

2000-06-01

Description Modified

2001-08-01

Malware Proliferation

Characteristics

Symptoms

When run, this trojan copies itself to the WINDOWS SYSTEM directory and adds the following registry key value to load at startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\
RunServices\Hooker - the intelligent keylogger=%SystemDir%\HOOKER.EXE
(Filename may vary)

It also creates a file named: KEYRIPPER.DLL in the WINDOWS SYSTEM directory.

Method of Infection

Once running, this trojan attempts to connect to various mail server to send password information to its author.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

United States - English