Warning!!! Bogus "key grabber" being shared - ABA DSS

**edwinsao** · March 27th, 2008

Warning!

A user and/or others are trying to share a "key grabber" via posted urls in this and possibly other forums on the internet.

This program is a password stealing program in disguise. It has a known file name as "server1.exe", but it can be named any 'exe' file.

The user must download and run the application. The found variant was 517kb in size and had the icon frequently used by installer apps. This file can be created with various "options", so its size, name and any icon be variable.

The program when run will scour the pc for login information from saved lists in Internet Explorer, Firefox and other browsers. Also it will steal passwords from window's password databases, steal the windows registered user info & cd key. It can also find passwords for other software like Outlook, MSN, AOL, Yahoo, games and more. It is very thorough.

It does create a log file (pwfile.log) in the "C:\Documents and Settings\"windows user"\Local Settings\Temp folder of the info it finds.

It then will send the info to a specific ftp server or email address. It then deletes the log file and the program. This happens very quickly.

If you have an installed firewall with outbound protection/notification, you likely will not be victimized by this threat. Though it is a threat that if you have any remembered passwords or username/passwords in your browser, changing those would be very prudent.

Regarding this site; a post was found in the Key Chat section that contained the url for this app and was shortly removed by staff. But because it was a posted text url, it was visible to some members.

Any member who might have seen and downloaded the "server1.exe" file from the url, is at risk!
Change your passwords for this & any sites you use.

If you do online banking and have the browser save any of your login info,
change it immediately.

This goes for webmail sites you use, like google, yahoo, hotmail, earthlink, or any other, and also, if you use Outlook, Outlook express, AOL, MSN or similar,
change your passwords!

this is a c/p from norw. site,just keep your eyes open folks

**buddyjh** · March 27th, 2008

thanks ed. we need to keep on our toes

**aladin 13** · March 27th, 2008

Quote:

Originally Posted by edwinsao

Warning!

A user and/or others are trying to share a "key grabber" via posted urls in this and possibly other forums on the internet.

This program is a password stealing program in disguise. It has a known file name as "server1.exe", but it can be named any 'exe' file.

The user must download and run the application. The found variant was 517kb in size and had the icon frequently used by installer apps. This file can be created with various "options", so its size, name and any icon be variable.

The program when run will scour the pc for login information from saved lists in Internet Explorer, Firefox and other browsers. Also it will steal passwords from window's password databases, steal the windows registered user info & cd key. It can also find passwords for other software like Outlook, MSN, AOL, Yahoo, games and more. It is very thorough.

It does create a log file (pwfile.log) in the "C:\Documents and Settings\"windows user"\Local Settings\Temp folder of the info it finds.

It then will send the info to a specific ftp server or email address. It then deletes the log file and the program. This happens very quickly.

If you have an installed firewall with outbound protection/notification, you likely will not be victimized by this threat. Though it is a threat that if you have any remembered passwords or username/passwords in your browser, changing those would be very prudent.

Regarding this site; a post was found in the Key Chat section that contained the url for this app and was shortly removed by staff. But because it was a posted text url, it was visible to some members.

Any member who might have seen and downloaded the "server1.exe" file from the url, is at risk!
Change your passwords for this & any sites you use.

If you do online banking and have the browser save any of your login info,
change it immediately.

This goes for webmail sites you use, like google, yahoo, hotmail, earthlink, or any other, and also, if you use Outlook, Outlook express, AOL, MSN or similar,
change your passwords!

this is a c/p from norw. site,just keep your eyes open folks

thanks allways on top of averything..you guys are the best

**goldie05** · March 27th, 2008

Thank you for keeping us update, this info is quite helpful. thanks again

**SatelliteJunkie** · March 27th, 2008

This is a good example of why I posted a link for keys on my signature for everybody here. GET NEW KEYS HERE (below) >>>

I quit using all the key tools about 1 year ago...why bother when we have this?

Everybody should save this link to your PC for the future. SJ

**Bud_Alcor** · March 27th, 2008

Gracias Edwinsao. No wonder I dont Like to chat.!!

**zekester** · March 28th, 2008

Dang straight Bud. That's phuking scary, but never had a use for keys anyways with my VSP a/r works all the time.
Great work Edwin keepin us abreast of all the

that lurks on the Internet.

**snakebite** · April 16th, 2009

thanks for the heads up.