Jump to content

What is Trojan.PassThief ?


Recommended Posts

Hi Everyone,

I just finished a full system scan . And Malwarebytes found this file : HKEY_CURRENT_USER\SOFTWARE\NirSoft (Trojan.PassThief) . And it is now in Quarantine . Now can anyone give any information on what the Trojan.PassThief could do my computer . And also how does this Trojan gets into a computer?

I did a Google search , but came up with no information on the Trojan.PassThief , other than that exists.

Thanks.

Link to post
Share on other sites

It's a generic name for a program that is known to steal passwords/logins of some sort. Since theirs so many variants, its highly unlikely you will find a description that would actually cover whichever one it is you found.

As an old saying goes, It is what it is...

Link to post
Share on other sites

Thanks for the replies . I did consider that it maybe a false positive , but I also considered the fact that the Trojan may have attached it's self to a Nirsoft reg key to look legit. For now I'll keep it in quarantine until I can find more info .

Nirsoft does have some password recovery tools available for download . But I have only downloaded the nicmd tool , I haven't downloaded any Nirsoft password tools which makes this Trojan look suspicious .

Link to post
Share on other sites

This probably doesn't help much but I got the same just today also.

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\NirSoft (Trojan.PassThief)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver)

Both show up today on two computers both behind the same home network router.

Link to post
Share on other sites

This probably doesn't help much but I got the same just today also.

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\NirSoft (Trojan.PassThief)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver)

Both show up today on two computers both behind the same home network router.

What NirSoft tools do have on your machine ?

Link to post
Share on other sites

These are most likely false positives. Sorry for any inconvenience. We will have this corrected with the next database update which should already be available. Please update and scan again.

I just finished a quick scan and was surprised to see the EXACT same two hits. Looks like a false positive to me.

Louis

Link to post
Share on other sites

I sent NirSoft a e-mail yesterday and received their response today . Here is what they told me.......................

"Hello,

First.... It's a False Positive.

Also, your USBDeview is very old. The current version doesn't save the settings to the Registry, but into ini file created in the same folder of usbdeview.exe, so if you download and use the new version, this Registry key won't be created at all.

Nir. "

So it looks like it was a false positive. I'm also updating to the latest version of " USBDeview " .

Link to post
Share on other sites

So it looks like it was a false positive. I'm also updating to the latest version of " USBDeview "

I am using USBDeview v1.35 and it does not store an ini file created in the same folder of usbdeview.exe

The issue is resolved by the latest MBAM Database version: 1835 update.

Link to post
Share on other sites

I am using USBDeview v1.35 and it does not store an ini file created in the same folder of usbdeview.exe

The issue is resolved by the latest MBAM Database version: 1835 update.

You're correct. After updating MBAM , I didn't have any false positives. Also, after using the latest version of USBDeview v1.35 , I too didn't find any ini file in my USBDeview folder.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.