Home Malware Programs Trojans Trojan.Dropper.PWS

Trojan.Dropper.PWS

Posted: April 26, 2013

Threat Metric

Ranking: 10,922
Threat Level: 9/10
Infected PCs: 1,396
First Seen: April 26, 2013
Last Seen: October 11, 2023
OS(es) Affected: Windows

Trojan.Dropper.PWS is a Trojan dropper that exploits legitimate WinPcap-based libraries in order to steal confidential information (such as the passwords for your personal accounts) along with the contents of any accessible Bitcoin wallets. Given its e-mail-based spambotting capabilities, Trojan.Dropper.PWS most likely is distributed through e-mail spam in either links or file attachments. Given its ability to compromise extremely private data, Trojan.Dropper.PWS and components related to Trojan.Dropper.PWS always should be removed quickly, but anti-malware applications may be required to detect Trojan.Dropper.PWS accurately or guarantee that you've deleted Trojan.Dropper.PWS completely.

Trojan.Dropper.PWS: a High-Tech Thief for the Internet Age

WinPCap, a specialized network utility, may be used for benevolent purposes, but Trojans like Trojan.Dropper.PWS also have been known to exploit WinPCap software for criminal purposes. In the case of Trojan.Dropper.PWS, WinPCap's libraries are installed and exploited to ease the process of Trojan.Dropper.PWS monitoring your network traffic. As a result, Trojan.Dropper.PWS is capable of stealing:

  • Login data for e-mail accounts.
  • Login data for FTP programs, such as TurboFTP or WinFTP.
  • Any login information that's saved by major brands of web browsers like Chrome or Internet Explorer.
  • The contents of any accessible Bitcoin wallets – an application that stores digital currency.

Aside from its thieving capabilities, Trojan.Dropper.PWS also appears to be able to send automated spam e-mail messages, which, SpywareRemove.com malware experts warn, can be used to distribute Trojan.Dropper.PWS or other PC threats. If they're performed in bulk, such attacks also may cause performance issues for your PC.

Getting the Drop on Trojan.Dropper.PWS's Attempted Info Grab

Although Trojan.Dropper.PWS always is categorized as malware and always should be deleted post haste, the presence of WinPCap, individually, is not necessarily a cause for apprehension. PCs that have justifications for using advanced network-monitoring and communication programs may very well find legitimate uses for WinPCap, but if you see WinPCap or related components on your computer without any memory of installing them, they may be symptoms of Trojan.Dropper.PWS or a similar Trojan.

SpywareRemove.com malware experts suggest using the proper anti-malware tools to remove Trojan.Dropper.PWS, which will try to conceal itself from detection, unlike a legal application. After removing Trojan.Dropper.PWS, you also should make an effort to change any passwords or other information that may have been stolen by Trojan.Dropper.PWS – particularly any login data related to FTP or e-mail accounts.

Failing to catch Trojan.Dropper.PWS in time or failing to perform the above security procedures can allow criminals to exploit your accounts for malicious purposes, such as the additional distribution of malware like Trojan.Dropper.PWS. Naturally, this isn't even getting into the potential financial losses that can result from Trojan.Dropper.PWS emptying an entire Bitcoin wallet without your permission.

Technical Details

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SonyAgent"
Loading...