PWS (Password Stealer) Trojan Infection Removal

This chapter provides a quick introduction of PWS (Password Stealer). Topics include PWS-Mmorpg.gen Trojan; McAfee VirusScan logs on Trojan infection traces; Trojan files installed in system folders; startup programs and registry settings added by the Trojan; HijackThis and Spybot used to remove Trojan files.

What Is PWS (Password Stealer) Trojan?

JS/Downloader.gen - JavaScript Downloader Malware

PWS-Mmorpg.gen - A Password Stealer Trojan

heb.exe - The Trojan Installer Program

.exe and .dll Files Installed by the Trojan

my.exe - A Second PWS Trojan Infection

.exe and .dll Files of the Second Trojan

Explorer.EXE Trying to Install a Trojan

AccessProtectionLog.txt Log File Records

ATF-Cleaner.exe - Temporary File Remover

Trajon Files Left in the System Folder

Removing PWS Trojan Files

Removing PWS Trojan Startup Entries

Command Processor AutoRun - Registry Value

UserInit - Winlogon Registry Key

js.users.51.la - hosts File Entries

Image File Execution Options - Registry Key

regedit.exe Not Working

Conclusion:

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 References

 PDF Printing Version