Windows Security Tutorials - Herong's Tutorial Examples
Dr. Herong Yang, Version 3.00

PWS (Password Stealer) Trojan Infection Removal

This chapter provides a quick introduction of PWS (Password Stealer). Topics include PWS-Mmorpg.gen Trojan; McAfee VirusScan logs on Trojan infection traces; Trojan files installed in system folders; startup programs and registry settings added by the Trojan; HijackThis and Spybot used to remove Trojan files.

What Is PWS (Password Stealer) Trojan?

JS/Downloader.gen - JavaScript Downloader Malware

PWS-Mmorpg.gen - A Password Stealer Trojan

heb.exe - The Trojan Installer Program

.exe and .dll Files Installed by the Trojan

my.exe - A Second PWS Trojan Infection

.exe and .dll Files of the Second Trojan

Explorer.EXE Trying to Install a Trojan

AccessProtectionLog.txt Log File Records

ATF-Cleaner.exe - Temporary File Remover

Trajon Files Left in the System Folder

Removing PWS Trojan Files

Removing PWS Trojan Startup Entries

Command Processor AutoRun - Registry Value

UserInit - Winlogon Registry Key

js.users.51.la - hosts File Entries

Image File Execution Options - Registry Key

regedit.exe Not Working

Conclusion:

  • PWS (Password Stealer) Trojan is nasty malicious program that tries to capture and steal your passwords of on-line accounts.
  • My computer got infected after visiting a Web page with a malicious JavaScript code.
  • McAfee VirusScan On-Access program partially detected and blocked the infection process. but failed to completely protect my Windows system.
  • The Trojan installer program got executed and installed a number of Trojan programs and files into system folders.
  • Some registry settings and hosts entries were also added by the Trojan.
  • McAfee VirusScan On-Demand program was used detect and remove some Trojan files.
  • Spybot - Search & Destroy was used to detect and remove some Trojan registry settings. I will leave it running on my computer to help McAfee VirusScan to protect my computer.

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 References

 PDF Printing Version

Dr. Herong Yang, updated in 2013
PWS (Password Stealer) Trojan Infection Removal