AccessProtectionLog.txt Log File Records

This section provides detailed information on malicious files left by two Trojan attacks. Somehow McAfee failed to detect and delete them.

I also reviewed the other McAfee log file, AccessProtectionLog.txt and saw many records related to this PWS Trojan:

<date> 5:58:59 PM Would be blocked by Access Protection rule
   (rule is currently not enforced) hyang 
   C:\Program Files\Mozilla Firefox\firefox.exe	
   C:\Documents and Settings\hyang\Local Settings\Temp\mmc.exe	
   Common Standard Protection:Prevent common programs from running
   files from the Temp folder Action blocked: Execute

And many other similar records:
<date> 5:58:59 PM hyang C:\Program Files\Mozilla Firefox\firefox.exe
   C:\Documents and Settings\hyang.Local Settings\Temp\mmc.exe

<date> 6:00:52 PM hyang C:\Program Files\Mozilla Firefox\firefox.exe
   C:\WINDOWS\Temp\mmhtml.dll 

<date> 6:15:23 PM hyang C:\Program Files\Mozilla Firefox\firefox.exe 
   C:\WINDOWS\Temp\mmhtml.dll

<date> 6:20:46 PM hyang C:\WINDOWS\explorer.exe 
   C:\temp\windows\system32\HBASKTAO.dll

<date> 6:20:55 PM hyang C:\WINDOWS\explorer.exe 
   C:\temp\windows\system32\HBASKTAO.dll  

<date> 6:21:02 PM hyang C:\WINDOWS\explorer.exe 
   C:\temp\windows\system32\xboqpxabzp.exe  

<date> 6:21:05 PM hyang C:\WINDOWS\explorer.exe 
   C:\temp\windows\system32\HBASKTAO.dll  

<date> 6:21:19 PM hyang C:\WINDOWS\explorer.exe 
   C:\temp\windows\system32\xboqpxabzp.exe  

<date> 6:21:44 PM hyang C:\WINDOWS\explorer.exe 
   C:\temp\windows\system32\System.exe  

<date> 6:21:51 PM hyang C:\WINDOWS\explorer.exe 
   C:\temp\windows\system32\heb.exe  

<date> 6:21:55 PM hyang C:\WINDOWS\explorer.exe 
   C:\temp\windows\system32\qcabyoprxy.exe  

<date> 6:21:56 PM hyang C:\WINDOWS\explorer.exe 
   C:\temp\windows\system32\HBZHUXIAN.dll  

<date> 6:21:59 PM hyang C:\WINDOWS\explorer.exe 
   C:\temp\windows\system32\heb.exe  

<date> 6:22:01 PM hyang C:\WINDOWS\explorer.exe 
   C:\temp\windows\system32\HBZHUXIAN.dll  

<date> 6:22:44 PM hyang C:\Program Files\Internet Explorer
   \IEXPLORE.EXE C:\WINDOWS\Downloaded Program Files\Manager.exe

<date> 6:28:45 PM hyang C:\WINDOWS\Explorer.EXE C:\temp\wuauclt.exe

<date> 6:29:30 PM hyang C:\WINDOWS\Explorer.EXE C:\temp\wuauclt.exe

<date> 6:29:35 PM hyang C:\WINDOWS\Explorer.EXE C:\temp\windows
   \wuauclt.exe common programs 

<date> 6:29:44 PM hyang C:\WINDOWS\Explorer.EXE C:\temp\windows
   \wuauclt.exe   common programs 

<date> 6:34:05 PM hyang C:\Program Files\Mozilla Firefox
   \firefox.exe C:\WINDOWS\Temp\mmhtml.dll 
   
<date> 7:21:09 PM hyang C:\Program Files\Internet Explorer
   \iexplore.exe C:\WINDOWS\Temp\mmhtml.dll 

<date> 7:36:25 PM hyang C:\Program Files\Internet Explorer
   \iexplore.exe C:\WINDOWS\Temp\mmhtml.dll 

<date> 10:06:28 PM hyang C:\WINDOWS\Explorer.EXE 
   C:\WINDOWS\Temp\mmhtml.dll common programs 

<date> 10:32:11 PM hyang C:\Program Files\Mozilla Firefox
   \firefox.exe C:\WINDOWS\Temp\mmhtml.dll 

<date> 10:33:31 PM hyang C:\WINDOWS\Explorer.EXE 
   C:\WINDOWS\Temp\mmhtml.dll common programs 

<date> 10:37:58 PM hyang C:\WINDOWS\Explorer.EXE 
   C:\WINDOWS\Temp\mmhtml.dll common programs 

<date> 10:39:08 PM hyang C:\Program Files\Mozilla Firefox
   \firefox.exe C:\WINDOWS\Temp\mmhtml.dll 

<date> 10:51:15 PM hyang C:\WINDOWS\Explorer.EXE 
   C:\WINDOWS\Temp\mmhtml.dll common programs 

Last update: 2006.

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

PWS (Password Stealer) Trojan Infection Removal

 What Is PWS (Password Stealer) Trojan?

 JS/Downloader.gen - JavaScript Downloader Malware

 PWS-Mmorpg.gen - A Password Stealer Trojan

 heb.exe - The Trojan Installer Program

 .exe and .dll Files Installed by the Trojan

 my.exe - A Second PWS Trojan Infection

 .exe and .dll Files of the Second Trojan

 Explorer.EXE Trying to Install a Trojan

AccessProtectionLog.txt Log File Records

 ATF-Cleaner.exe - Temporary File Remover

 Trajon Files Left in the System Folder

 Removing PWS Trojan Files

 Removing PWS Trojan Startup Entries

 Command Processor AutoRun - Registry Value

 UserInit - Winlogon Registry Key

 js.users.51.la - hosts File Entries

 Image File Execution Options - Registry Key

 regedit.exe Not Working

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 References

 PDF Printing Version