Trojan.Dropper.PWS
Posted: April 26, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 10,922 |
---|---|
Threat Level: | 9/10 |
Infected PCs: | 1,396 |
First Seen: | April 26, 2013 |
---|---|
Last Seen: | October 11, 2023 |
OS(es) Affected: | Windows |
Trojan.Dropper.PWS is a Trojan dropper that exploits legitimate WinPcap-based libraries in order to steal confidential information (such as the passwords for your personal accounts) along with the contents of any accessible Bitcoin wallets. Given its e-mail-based spambotting capabilities, Trojan.Dropper.PWS most likely is distributed through e-mail spam in either links or file attachments. Given its ability to compromise extremely private data, Trojan.Dropper.PWS and components related to Trojan.Dropper.PWS always should be removed quickly, but anti-malware applications may be required to detect Trojan.Dropper.PWS accurately or guarantee that you've deleted Trojan.Dropper.PWS completely.
Trojan.Dropper.PWS: a High-Tech Thief for the Internet Age
WinPCap, a specialized network utility, may be used for benevolent purposes, but Trojans like Trojan.Dropper.PWS also have been known to exploit WinPCap software for criminal purposes. In the case of Trojan.Dropper.PWS, WinPCap's libraries are installed and exploited to ease the process of Trojan.Dropper.PWS monitoring your network traffic. As a result, Trojan.Dropper.PWS is capable of stealing:
- Login data for e-mail accounts.
- Login data for FTP programs, such as TurboFTP or WinFTP.
- Any login information that's saved by major brands of web browsers like Chrome or Internet Explorer.
- The contents of any accessible Bitcoin wallets – an application that stores digital currency.
Aside from its thieving capabilities, Trojan.Dropper.PWS also appears to be able to send automated spam e-mail messages, which, SpywareRemove.com malware experts warn, can be used to distribute Trojan.Dropper.PWS or other PC threats. If they're performed in bulk, such attacks also may cause performance issues for your PC.
Getting the Drop on Trojan.Dropper.PWS's Attempted Info Grab
Although Trojan.Dropper.PWS always is categorized as malware and always should be deleted post haste, the presence of WinPCap, individually, is not necessarily a cause for apprehension. PCs that have justifications for using advanced network-monitoring and communication programs may very well find legitimate uses for WinPCap, but if you see WinPCap or related components on your computer without any memory of installing them, they may be symptoms of Trojan.Dropper.PWS or a similar Trojan.
SpywareRemove.com malware experts suggest using the proper anti-malware tools to remove Trojan.Dropper.PWS, which will try to conceal itself from detection, unlike a legal application. After removing Trojan.Dropper.PWS, you also should make an effort to change any passwords or other information that may have been stolen by Trojan.Dropper.PWS – particularly any login data related to FTP or e-mail accounts.
Failing to catch Trojan.Dropper.PWS in time or failing to perform the above security procedures can allow criminals to exploit your accounts for malicious purposes, such as the additional distribution of malware like Trojan.Dropper.PWS. Naturally, this isn't even getting into the potential financial losses that can result from Trojan.Dropper.PWS emptying an entire Bitcoin wallet without your permission.
Technical Details
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SonyAgent"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.