Posted: October 4, 2012

HTKL_PWDUMP Description

HTKL_PWDUMP, or PwDump7, is a criminal utility that can extract confidential password information from Windows without the consent of the original PC's user. In conjunction with other attacks, this can be utilized to put in jeopardy the privacy and security of your computer, and may be a prelude to account hijacks by criminals. As noted in the general article on Adobe certificate compromises in Troj/HkCert-A, criminals have exploited an Adobe server vulnerability to give HTKL_PWDUMP (along with a second PC threat, TROJ_AGENT.MGSM or myGeeksmail) a 'valid' certificate. This can cause victims to download and launch HTKL_PWDUMP on the basis of the certificate supposedly proving the authenticity of the executable file. malware researchers recommend that you use anti-malware software to differentiate between legitimate programs and malware, and encourage HTKL_PWDUMP's removal through anti-malware scans if you have installed HTKL_PWDUMP either deliberately or accidentally.

HTKL_PWDUMP: the Thief with Unusually Good Credentials

Although the PwDump7 program has been in existence for quite some time, the Adobe certificate-authorized version of it, HTKL_PWDUMP, is still a new entry onto the malware scene as of late September/early October 2012. Program certificates are used to verify the identity and safety of easily-downloaded programs, which encourage PC users to install them once they see a certificate linked to a well-known brand like Adobe. However, certificate security isn't waterproof, and even though Adobe has plans in place to revoke its currently-exploited certificates, malware analysts emphasis that previously-certified versions of HTKL_PWDUMP will continue to appear as though they're endorsed by Adobe.

HTKL_PWDUMP uses a hash-retrieval system for System and Sam files as its means of stealing passwords from your PC. Although HTKL_PWDUMP is easily-removed by competent anti-malware programs, HTKL_PWDUMP should be considered a very invasive type of spyware and can enable criminals to take over accounts for e-mail clients, online games, FTP management and other targets. Even if you do remove HTKL_PWDUMP successfully, malware researchers recommend changing all potentially-compromised passwords. Fortunately, HTKL_PWDUMP hasn't been found to contain keylogging functions or other features that could be used to steal information other than passwords.

Dumping HTKL_PWDUMP Out of Your Lap

HTKL_PWDUMP can be distributed with other types of PC threats and is most likely to be encountered through freeware sites and torrent networks. Although other OSes may very well be safe from HTKL_PWDUMP attacks, malware experts have confirmed HTKL_PWDUMP's compatibility with multiple versions of Windows.

The circumstances of HTKL_PWDUMP's entry into the malware industry also cause malware research team to recommend against trusting any application based on its certificate alone. While the lack of a certificate for an abusable file (such as EXE) sometimes can be an indication of a potential PC threat, the presence of even a certificate signed by a trustworthy company isn't a firm guarantee that the file in question isn't HTKL_PWDUMP or another type of malware. Thankfully, since HTKL_PWDUMP lacks encryption or other defenses, anti-malware programs can detect and delete HTKL_PWDUMP easily enough.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to HTKL_PWDUMP may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.