HTKL_PWDUMP, or PwDump7, is a criminal utility that can extract confidential password information from Windows without the consent of the original PC's user. In conjunction with other attacks, this can be utilized to put in jeopardy the privacy and security of your computer, and may be a prelude to account hijacks by criminals. As noted in the general article on Adobe certificate compromises in Troj/HkCert-A, criminals have exploited an Adobe server vulnerability to give HTKL_PWDUMP (along with a second PC threat, TROJ_AGENT.MGSM or myGeeksmail) a 'valid' certificate. This can cause victims to download and launch HTKL_PWDUMP on the basis of the certificate supposedly proving the authenticity of the executable file. SpywareRemove.com malware researchers recommend that you use anti-malware software to differentiate between legitimate programs and malware, and encourage HTKL_PWDUMP's removal through anti-malware scans if you have installed HTKL_PWDUMP either deliberately or accidentally.
HTKL_PWDUMP: the Thief with Unusually Good Credentials
Although the PwDump7 program has been in existence for quite some time, the Adobe certificate-authorized version of it, HTKL_PWDUMP, is still a new entry onto the malware scene as of late September/early October 2012. Program certificates are used to verify the identity and safety of easily-downloaded programs, which encourage PC users to install them once they see a certificate linked to a well-known brand like Adobe. However, certificate security isn't waterproof, and even though Adobe has plans in place to revoke its currently-exploited certificates, SpywareRemove.com malware analysts emphasis that previously-certified versions of HTKL_PWDUMP will continue to appear as though they're endorsed by Adobe.
HTKL_PWDUMP uses a hash-retrieval system for System and Sam files as its means of stealing passwords from your PC. Although HTKL_PWDUMP is easily-removed by competent anti-malware programs, HTKL_PWDUMP should be considered a very invasive type of spyware and can enable criminals to take over accounts for e-mail clients, online games, FTP management and other targets. Even if you do remove HTKL_PWDUMP successfully, SpywareRemove.com malware researchers recommend changing all potentially-compromised passwords. Fortunately, HTKL_PWDUMP hasn't been found to contain keylogging functions or other features that could be used to steal information other than passwords.
Dumping HTKL_PWDUMP Out of Your Lap
HTKL_PWDUMP can be distributed with other types of PC threats and is most likely to be encountered through freeware sites and torrent networks. Although other OSes may very well be safe from HTKL_PWDUMP attacks, SpywareRemove.com malware experts have confirmed HTKL_PWDUMP's compatibility with multiple versions of Windows.
The circumstances of HTKL_PWDUMP's entry into the malware industry also cause SpywareRemove.com malware research team to recommend against trusting any application based on its certificate alone. While the lack of a certificate for an abusable file (such as EXE) sometimes can be an indication of a potential PC threat, the presence of even a certificate signed by a trustworthy company isn't a firm guarantee that the file in question isn't HTKL_PWDUMP or another type of malware. Thankfully, since HTKL_PWDUMP lacks encryption or other defenses, anti-malware programs can detect and delete HTKL_PWDUMP easily enough.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to HTKL_PWDUMP may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.