Home Malware Programs Keyloggers Keylogger.PredatorPain

Keylogger.PredatorPain

Posted: April 30, 2014

Threat Metric

Threat Level: 8/10
Infected PCs: 876
First Seen: April 30, 2014
Last Seen: August 23, 2022
OS(es) Affected: Windows


Keylogger.PredatorPain is a spyware program that collects information from your PC, including account data. Most notably seen being distributed through email-based attacks, Keylogger.PredatorPain may infect further systems through removable hard drives (such as USB thumb drives) and may remain active while trying to hide itself from the user. Malware experts recommend using anti-malware programs to find and remove Keylogger.PredatorPain, which has very few symptoms, but is a multipurpose, multiple-component threat.

The Predator that Preys on Your Accounts

With Trojan Zeus having fallen from its greatest heights of its distribution, cheaper spyware 'products' for the black market appear to be emerging, such as Keylogger.PredatorPain. At a mere thirty-five dollars for ill minded persons to use to attack other PCs, Keylogger.PredatorPain is a far cry from the hundreds of dollars in expenses that would be required for running many competing utilities. However, malware experts have confirmed that Keylogger.PredatorPain boasts numerous features that are easily able to collect information while leaving no signs, other than an occasional, generic pop-up warning.

Keylogger.PredatorPain's 'application failed to initialize' pop-up is sufficiently generic that it would be difficult to associate with threats, but Keylogger.PredatorPain currently is designed to launch this pop-up automatically during the installation process. After its installation, Keylogger.PredatorPain is capable of diverse attacks that encompass:

  • Scanning your hard drive for Minecraft, World of Warcraft and Steam account information, including user names and passwords.
  • Recording any keyboard-typed information (hence Keylogger.PredatorPain's classification of keylogger). Keylogger.PredatorPain may also target information stored in the Windows Clipboard (via the Copy command).
  • Keylogger.PredatorPain may distribute itself through USB devices, similar to a worm. USB devices shared between an uninfected machine and a Keylogger.PredatorPain-infected one may allow Keylogger.PredatorPain to install itself on the uninfected one.
  • Keylogger.PredatorPain may capture automatic screenshots.
  • Keylogger.PredatorPain may also install and exploit two legitimate programs, WebBrowserPassView and Mail Passview, to gather passwords from popular e-mail clients and Web browsers (Outlook, Incredimail, Yahoo Mail, Chrome, Firefox, etc.). Some FTP utilities and instant messaging programs also might be targeted.

Keylogger.PredatorPain shows no significant symptoms besides its generic pop-up message, even while collecting all of the above information, and uses another utility to avoid displaying some of its software on the local hard drive.

Finding the Source of Your PC's Pains When It's Hidden Behind a Windows File

Keylogger.PredatorPain consists of multiple components, all of which are hidden from casual view. In fact, like many predators outside of the Internet, Keylogger.PredatorPain also may exploit camouflage: Keylogger.PredatorPain disguises many of its files as native Windows components, including Winlogon.exe. To safely uninstall Keylogger.PredatorPain in its entirety without affecting your Windows system in undesirable ways, malware experts would not recommend any removal method that does not use advanced, up-to-date anti-malware utilities.

Keylogger.PredatorPain also can be blocked before Keylogger.PredatorPain spreads to your PC at all, assuming you take proper precautions. Isolating known infected machines can prevent Keylogger.PredatorPain from distributing itself through established peripheral device-based methods. Fake IRS-themed e-mail messages also are known distributors for Keylogger.PredatorPain, with some help from a Trojan downloader, Karagany. As is often true, malware experts find the simplest defense one where a simple awareness of the dangers of common misleading tactics will protect your computer almost as much as a real anti-malware defense.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 1.71 MB (1713664 bytes)
MD5: 42d0150bd2c5b1d2a2b3dec37a79c406
Detection count: 47
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 18, 2017
file.exe File name: file.exe
Size: 622.59 KB (622592 bytes)
MD5: d4e30b30a3826ff70fe09a9d3b1f14b9
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 28, 2016
pid.txt File name: pid.txt
Mime Type: unknown/txt
Group: Malware file
pidloc.txt File name: pidloc.txt
Mime Type: unknown/txt
Group: Malware file
SWIFTTRANSFERRECEPTS_FDP.EXE File name: SWIFTTRANSFERRECEPTS_FDP.EXE
File type: Executable File
Mime Type: unknown/EXE
Group: Malware file
WINDOWSUPDATE.EXE File name: WINDOWSUPDATE.EXE
File type: Executable File
Mime Type: unknown/EXE
Group: Malware file
WebBrowserPassView.exe File name: WebBrowserPassView.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
mailpv.exe File name: mailpv.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
CMemoryExecute.dll File name: CMemoryExecute.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

Regexp file mask%APPDATA%\winlogon.exe
Loading...