Virus Encyclopedia
Welcome to the Virus Encyclopedia of Panda Security.
Recovery | |
Threat Level Damage Distribution |
At a glance
|
Common name: | Recovery |
Technical name: | Hacktool/Recovery |
Threat level: | Medium |
Alias: | not-a-virus:RiskWare.PSWTool.PWLView.c |
Type: | Hacking Tool |
Effects: | It obtains files with a PWL extension from the affected computer, which contain sensitive information such as Internet access passwords. It only affects computers with Windows ME/98/95 operating systems. |
Affected platforms:
| Windows ME/98/95 |
First detected on: | May 13, 2005 |
Detection updated on: | March 6, 2006 |
Statistics | No |
Proactive protection: | Yes, using TruPrevent Technologies
|
Brief Description | |
Recovery is a hacking tool that obtains files with a PWL extension from the affected computer. These files contain sensitive information like dial-up and network passwords and are usually used only by Microsoft programs. Additionally, Recovery only affects computers with Windows ME/98/95 operating systems. |
Visible Symptoms | |
Recovery is easy to recognize once it has affected the computer, as it displays the following message box when it is run: |
Tech details
Effects |
Recovery obtains files with a PWL extension from the affected computer. These files contain sensitive information like dial-up and network passwords and are usually used only by Microsoft programs. Additionally, Recovery only affects computers with Windows ME/98/95 operating systems. |
Infection strategy
Recovery creates the following entry in the Windows Registry:
- HKEY_CURRENT_USER\ Software\ Microsoft\ InternetExplorer\ Main
StartPage = www.progenic.com
By creating this entry, Recovery modifies the home page of Internet Explorer.
Further Details
Recovery is written in the programming language Visual C++ v4.20. This hacking tool is 26,112 bytes in size.
Additionally, the option menu of Recovery is the following: