|
PwDump 3 removal
| Spyware PwDump 3 Information |
Name: PwDump 3
Category: Password Cracker
Date: 2001-02-25
Author: Phil Staubs
Dangerous: Yes
|
PwDump 3 is one of Password Cracker spywares.
Finding it on your computer means that your computer is infected with Password Cracker and crucial data could be endangered or even lost.
PwDump 3 description by Phil Staubs:
Creator : "pwdump3 provides enhanced protection of the password hash data by encrypting the information before it´s passed across the network. It uses Diffie-Hellman key agreement to generate a shared key that´s not passed across the network, & employs the Windows Crypto API to protect the´shes. The Crypto API, which is available on Windows 2000 or on NT Service Pack 3 & up, must be present on the machine where pwdump3e is running, & on the remote machine. The enhanced protection of the´sh data effectively prevents network snoopers from obtaining this information. This version should be preferred whenever it´s possible to use it. Developed by Phil Staubs, a Polivec, Inc. senior developer, & Erik Hjelmstad, senior security engineer for Polivec, pwdump3 enhances the existing pwdump & pwdump2 applications developed by Jeremy Allison & Todd Sabin, respectively. The 1st version, allowed users with administrator privileges to extract password hashes from a remote NT system, but did not work if syskey was enabled. The 2nd version worked whether or not syskey was enabled, but only on the local machine. Pwdump3 works across the network & whether or not syskey is enabled. Like the previous pwdump utilities, pwdump3 does not represent a new exploit since administrative privileges are still required on the remote system. One of the largest improvements with pwdump3 over pwdump2 is that it allows network administrators to retrieve hashes from a remote NT system. Administrators are no longer required to run the application directly on each machine. Additionally, pwdump3 prints password hashes in upper case letters to ensure all hashes are interpreted correctly by L0pht Heavy Industries´ L0phtcrack. Pwdump3 also correctly identifies accounts without passwords & allows administrators to enter a username if a connection to the remote machine does not exist, minimizing connection steps for the administrator."
This Password Cracker is also known as:
•Pwdump - named by McAfee.
>> Delete PwDump 3 automatically - Download Spyware Doctor
| PwDump 3 Removal Instructions |
|
Kill the following processes
-1533267128.exe, -1533267128.exe, pwdump3.exe, pwdump3.exe, pwservice.exe, pwservice.exe
|
|
Unregister the following DLLs and reboot
lsaext.dll, lsaext.dll.
|
|
Remove the following files
-1533267128.exe, -1533267128.exe, lsaext.dll, lsaext.dll, lsaext.dsp, lsaext.dsp, lsaext.lib, lsaext.lib, pwdump3.dsp, pwdump3.dsp, pwdump3.dsw, pwdump3.dsw, pwdump3.exe, pwdump3.exe, pwservice.dsp, pwservice.dsp, pwservice.exe, pwservice.exe, readme, readme.
|
Bookmark PwDump 3 page
|