Keylogger.PredatorPain
Posted: April 30, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 876 |
First Seen: | April 30, 2014 |
---|---|
Last Seen: | August 23, 2022 |
OS(es) Affected: | Windows |
Keylogger.PredatorPain is a spyware program that collects information from your PC, including account data. Most notably seen being distributed through email-based attacks, Keylogger.PredatorPain may infect further systems through removable hard drives (such as USB thumb drives) and may remain active while trying to hide itself from the user. Malware experts recommend using anti-malware programs to find and remove Keylogger.PredatorPain, which has very few symptoms, but is a multipurpose, multiple-component threat.
The Predator that Preys on Your Accounts
With Trojan Zeus having fallen from its greatest heights of its distribution, cheaper spyware 'products' for the black market appear to be emerging, such as Keylogger.PredatorPain. At a mere thirty-five dollars for ill minded persons to use to attack other PCs, Keylogger.PredatorPain is a far cry from the hundreds of dollars in expenses that would be required for running many competing utilities. However, malware experts have confirmed that Keylogger.PredatorPain boasts numerous features that are easily able to collect information while leaving no signs, other than an occasional, generic pop-up warning.
Keylogger.PredatorPain's 'application failed to initialize' pop-up is sufficiently generic that it would be difficult to associate with threats, but Keylogger.PredatorPain currently is designed to launch this pop-up automatically during the installation process. After its installation, Keylogger.PredatorPain is capable of diverse attacks that encompass:
- Scanning your hard drive for Minecraft, World of Warcraft and Steam account information, including user names and passwords.
- Recording any keyboard-typed information (hence Keylogger.PredatorPain's classification of keylogger). Keylogger.PredatorPain may also target information stored in the Windows Clipboard (via the Copy command).
- Keylogger.PredatorPain may distribute itself through USB devices, similar to a worm. USB devices shared between an uninfected machine and a Keylogger.PredatorPain-infected one may allow Keylogger.PredatorPain to install itself on the uninfected one.
- Keylogger.PredatorPain may capture automatic screenshots.
- Keylogger.PredatorPain may also install and exploit two legitimate programs, WebBrowserPassView and Mail Passview, to gather passwords from popular e-mail clients and Web browsers (Outlook, Incredimail, Yahoo Mail, Chrome, Firefox, etc.). Some FTP utilities and instant messaging programs also might be targeted.
Keylogger.PredatorPain shows no significant symptoms besides its generic pop-up message, even while collecting all of the above information, and uses another utility to avoid displaying some of its software on the local hard drive.
Finding the Source of Your PC's Pains When It's Hidden Behind a Windows File
Keylogger.PredatorPain consists of multiple components, all of which are hidden from casual view. In fact, like many predators outside of the Internet, Keylogger.PredatorPain also may exploit camouflage: Keylogger.PredatorPain disguises many of its files as native Windows components, including Winlogon.exe. To safely uninstall Keylogger.PredatorPain in its entirety without affecting your Windows system in undesirable ways, malware experts would not recommend any removal method that does not use advanced, up-to-date anti-malware utilities.
Keylogger.PredatorPain also can be blocked before Keylogger.PredatorPain spreads to your PC at all, assuming you take proper precautions. Isolating known infected machines can prevent Keylogger.PredatorPain from distributing itself through established peripheral device-based methods. Fake IRS-themed e-mail messages also are known distributors for Keylogger.PredatorPain, with some help from a Trojan downloader, Karagany. As is often true, malware experts find the simplest defense one where a simple awareness of the dangers of common misleading tactics will protect your computer almost as much as a real anti-malware defense.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 1.71 MB (1713664 bytes)
MD5: 42d0150bd2c5b1d2a2b3dec37a79c406
Detection count: 47
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 18, 2017
file.exe
File name: file.exeSize: 622.59 KB (622592 bytes)
MD5: d4e30b30a3826ff70fe09a9d3b1f14b9
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 28, 2016
pid.txt
File name: pid.txtMime Type: unknown/txt
Group: Malware file
pidloc.txt
File name: pidloc.txtMime Type: unknown/txt
Group: Malware file
SWIFTTRANSFERRECEPTS_FDP.EXE
File name: SWIFTTRANSFERRECEPTS_FDP.EXEFile type: Executable File
Mime Type: unknown/EXE
Group: Malware file
WINDOWSUPDATE.EXE
File name: WINDOWSUPDATE.EXEFile type: Executable File
Mime Type: unknown/EXE
Group: Malware file
WebBrowserPassView.exe
File name: WebBrowserPassView.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
mailpv.exe
File name: mailpv.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
CMemoryExecute.dll
File name: CMemoryExecute.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Registry Modifications
Regexp file mask%APPDATA%\winlogon.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.