Windows Security Tutorials - Herong's Tutorial Examples
Dr. Herong Yang, Version 3.00

What Is PWS (Password Stealer) Trojan?

This section provides a quick introduction of what is PWS (Password Stealer) Trojan, a malware that monitors your keystokes, captures personal information such as user names and passwords, and send this information to the malware originator.

PWS (Password Stealer): A malware that monitors your keystokes, captures personal information such as user names and passwords, and send this information to the malware originator.

A McAfee reports shows that as of year 2006, there were about 12000 PWSs known on the Internet. About 62% of them were designed to target financial institution accesses, see the list below:

Banks and e-commerce - PWS-Banker, PWS-Goldun, etc.: 62%
Online Games - PWS-Lineage, PWS-Legmir, PWS-WoW, etc.: 18%
IM, Social Networking - PWS-LDPinch, PWS-QQPass, etc.: 10%
Others: 10%

Most of PWS Trojans come from China, followed by Brazil and Russia. Here is a list of top 5 countries where PWS generic.y Trojan originated:

China              533
Brazil              66
Russian Federation  45
Germany             12
Switzerland          7

Read the other sections in this chapter to see a real example of PWS Trojans.

Last update: 2006.

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

PWS (Password Stealer) Trojan Infection Removal

What Is PWS (Password Stealer) Trojan?

 JS/Downloader.gen - JavaScript Downloader Malware

 PWS-Mmorpg.gen - A Password Stealer Trojan

 heb.exe - The Trojan Installer Program

 .exe and .dll Files Installed by the Trojan

 my.exe - A Second PWS Trojan Infection

 .exe and .dll Files of the Second Trojan

 Explorer.EXE Trying to Install a Trojan

 AccessProtectionLog.txt Log File Records

 ATF-Cleaner.exe - Temporary File Remover

 Trajon Files Left in the System Folder

 Removing PWS Trojan Files

 Removing PWS Trojan Startup Entries

 Command Processor AutoRun - Registry Value

 UserInit - Winlogon Registry Key

 js.users.51.la - hosts File Entries

 Image File Execution Options - Registry Key

 regedit.exe Not Working

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 References

 PDF Printing Version

Dr. Herong Yang, updated in 2013
What Is PWS (Password Stealer) Trojan?