Windows Security - Virus, Trojan, Spyware and Adware
Dr. Herong Yang, Version 2.20

Windows Security - Virus, Trojan, Spyware and Adware

PWS (Password Stealer) Trojan Infection Removal

What Is PWS (Password Stealer) Trojan?

This section provides a quick introduction of what is PWS (Password Stealer) Trojan, a malware that monitors your keystokes, captures personal information such as user names and passwords, and send this information to the malware originator.

PWS (Password Stealer): A malware that monitors your keystokes, captures personal information such as user names and passwords, and send this information to the malware originator.

A McAfee reports shows that as of year 2006, there were about 12000 PWSs known on the Internet. About 62% of them were designed to target financial institution accesses, see the list below: 

Banks and e-commerce - PWS-Banker, PWS-Goldun, etc.: 62%
Online Games - PWS-Lineage, PWS-Legmir, PWS-WoW, etc.: 18%
IM, Social Networking - PWS-LDPinch, PWS-QQPass, etc.: 10%
Others: 10%

Most of PWS Trojans come from China, followed by Brazil and Russia. Here is a list of top 5 countries where PWS generic.y Trojan originated: 

China              533
Brazil              66
Russian Federation  45
Germany             12
Switzerland          7

Read the other sections in this chapter to see a real example of PWS Trojans.

Table of Contents

 About This Windows Security Book

 Spyware Adware Detection and Removal

 IE Addon Program Listing and Removal

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 Anti-Virus Tool - McAfee VirusScan Enterprise

 Spybot - Spyware Blocker, Detection and Removal

PWS (Password Stealer) Trojan Infection Removal

What Is PWS (Password Stealer) Trojan?

 JS/Downloader.gen - JavaScript Downloader Malware

 PWS-Mmorpg.gen - A Password Stealer Trojan

 heb.exe - The Trojan Installer Program

 .exe and .dll Files Installed by the Trojan

 my.exe - A Second PWS Trojan Infection

 .exe and .dll Files of the Second Trojan

 Explorer.EXE Trying to Install a Trojan

 AccessProtectionLog.txt Log File Records

 ATF-Cleaner.exe - Temporary File Remover

 Trajon Files Left in the System Folder

 Removing PWS Trojan Files

 Removing PWS Trojan Startup Entries

 Command Processor AutoRun - Registry Value

 UserInit - Winlogon Registry Key

 js.users.51.la - hosts File Entries

 Image File Execution Options - Registry Key

 regedit.exe Not Working

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 Glossary of Terms

 References

 PDF Printing Version

Dr. Herong Yang, updated in 2009
What Is PWS (Password Stealer) Trojan?