Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Recovery

 
Threat LevelHigh threat
DamageSevere
DistributionNot widespread

At a glance

Common name:Recovery
Technical name:Hacktool/Recovery
Threat level:Medium
Alias:not-a-virus:RiskWare.PSWTool.PWLView.c
Type:Hacking Tool
Effects:  

It obtains files with a PWL extension from the affected computer, which contain sensitive information such as Internet access passwords. It only affects computers with Windows ME/98/95 operating systems.

Affected platforms:

Windows ME/98/95

First detected on:May 13, 2005
Detection updated on:March 6, 2006
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Recovery is a hacking tool that obtains files with a PWL extension from the affected computer. These files contain sensitive information like dial-up and network passwords and are usually used only by Microsoft programs.

Additionally, Recovery only affects computers with Windows ME/98/95 operating systems.

Visible Symptoms 

    

Recovery is easy to recognize once it has affected the computer, as it displays the following message box when it is run:

Tech details

Effects

Recovery obtains files with a PWL extension from the affected computer. These files contain sensitive information like dial-up and network passwords and are usually used only by Microsoft programs.

Additionally, Recovery only affects computers with Windows ME/98/95 operating systems.

Infection strategy 

Recovery creates the following entry in the Windows Registry:

  • HKEY_CURRENT_USER\ Software\ Microsoft\ InternetExplorer\ Main
    StartPage = www.progenic.com

    By creating this entry, Recovery modifies the home page of Internet Explorer.

Further Details  

Recovery is written in the programming language Visual C++ v4.20. This hacking tool is 26,112 bytes in size.

Additionally, the option menu of Recovery is the following:

Solution

See solution