MessenPass
MessenPass is a password recovery tool that may be used to gain unauthorized access to a computer and to a user s data. It is harmful if installed without the knowledge of the user.
General information:
| Malware Name: |
MessenPass |
| Malware Type: |
Password Recovery Tool |
| Company Name: |
Nir Sofer |
| Company URL: |
http://www.nirsoft.net/
|
| Threat Level: |
Low Risk |
| Operating System: |
WIN XP |
| Installation Type: |
Installed through EXE |
| Operation: |
Time of After Installation |
Company Description:
Nir Sofer provides you the software MessenPass that is a password recovery tool that reveals the passwords of the following instant messenger applications: MSN Messenger, Windows Messenger (In Windows XP), Yahoo Messenger (Versions 5.x and 6.x), ICQ
Lite 4.x/2003, AOL Instant Messenger (only older versions, the password in newer versions of AIM cannot be recovered), AOL Instant Messenger/Netscape 7, Trillian, Miranda and GAIM. MessenPass can only be used to recover the passwords for the current
logged-on user on the local computer. It cannot be used for grabbing the passwords of other users on a network.
Spyware Description:
MessenPass is a password recovery tool that may be used to gain unauthorized access to a computer and to a user s data. It is harmful if installed without the knowledge of the user.
Characteristics/Symptoms:
-> It may be used to gain unauthorized access to a computer and to a user s data. -> It is harmful if installed without the knowledge of the user.
Additional information might be found here:
Processes Running:
mspass.exe
File information Created after Installation:
| File Location |
Size (Bytes) |
Type |
| C:\Documents and Settings\[USER]\Start Menu\Programs\MessenPass\Uninstall MessenPass.lnk |
1416 |
Shortcut |
| C:\Program Files\MessenPass\mspass.chm |
13494 |
Compiled HTML Help file |
| C:\Program Files\MessenPass\mspass.exe |
44544 |
Application |
Folder information Created after Installation:
| Folder Location |
| C:\Documents and Settings\[USER]\Start Menu\Programs\MessenPas |
Registry information Created after Installation:
| Main Registry Key |
Sub Registry Key |
Key Value Name |
| HKEY_CURRENT_USER |
\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\MessenPass |
|
| HKEY_CURRENT_USER |
\Software\NirSoft\MessenPass |
ShowGridLines |
| HKEY_LOCAL_MACHINE |
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MessenPass |
UninstallString |
