Proactive Password Auditor

PPAuditor (Proactive Password Auditor) is a program that will recover passwords based on their hashes. The program will perform a range of password recovery methods on password hash values. It includes medium risk threats that are often bundled with functionally unrelated software or installed without adequate notice and consent, and may display unwanted advertising on the user's desktop. Such threats may track users' online browsing habits and transmit non-personally identifying data back to a server in order to target advertising. These threats may be configured to start automatically with the operating system, use an auto-updater that the user cannot control, or install other functionally separate programs without adequate notice and consent.0

General information:

Malware Name: Proactive Password Auditor
Malware Type: Adware
Company Name: ElcomSoft Co. Ltd
Company URL: http://www.elcomsoft.com/
Threat Level: Low Risk
Operating System: WIN XP
Installation Type: Installed through EXE
Operation: Time of After Installation

Company Description:

Established in 1990, ElcomSoft Co. Ltd (referred hereafter as ElcomSoft) is a privately owned software company headquartered in Moscow, Russia, specialising in Windows productivity and utility applications for businesses and end users. ElcomSoft's award-winning password file protection retrieval software uses powerful algorithms, which are constantly under development. This means that the enormous permutations involved in retrieving a password from a protected file allows businesses and end users to continue using their valuable data. ElcomSoft is a member of the Russian Cryptology Association (RCA), Computer Security Institute, a lifetime member of the Association of Shareware Professionals (ASP) and Microsoft Partner Program.

Spyware Description:

PPAuditor (Proactive Password Auditor) is a program that will recover passwords based on their hashes. The program will perform a range of password recovery methods on password hash values. It includes medium risk threats that are often bundled with functionally unrelated software or installed without adequate notice and consent, and may display unwanted advertising on the user's desktop. Such threats may track users' online browsing habits and transmit non-personally identifying data back to a server in order to target advertising. These threats may be configured to start automatically with the operating system, use an auto-updater that the user cannot control, or install other functionally separate programs without adequate notice and consent.0

Characteristics/Symptoms:

    -> Displays third-party advertising on the computer -> Tracks browsing habits -> Degrade the performance and stability of the computer. -> Bundled with other adware0

Additional information might be found here:

google Search at Google for Proactive Password Auditor
bing Search at Bing for Proactive Password Auditor
yahoo Search at Yahoo for Proactive Password Auditor

Processes Running:

ppa.exe

File information Created after Installation:

File Location Size (Bytes) Type
C:\Documents and Settings\[USER]\Start Menu\Programs\Proactive Password Auditor\Readme.lnk 661 Shortcut
C:\Program Files\ElcomSoft\PPA\english.xml 47897 XML Document
C:\Program Files\ElcomSoft\PPA\russian.xml 49708 XML Document

Folder information Created after Installation:

Folder Location
C:\Program Files\ElcomSoft\PPA

Registry information Created after Installation:

Main Registry Key Sub Registry Key Key Value Name
HKEY_CURRENT_USER \Software\ElcomSoft\Proactive Password Auditor\Credentials Quantity
HKEY_CURRENT_USER \Software\ElcomSoft\Proactive Password Auditor\Last settings Challenge
HKEY_CURRENT_USER \Software\ElcomSoft\Proactive Password Auditor\Last settings Remote computer name