Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
Removing PWS Trojan Files
This section provides a tutorial example on how to remove malicious files left by the PWS Trojan infection with the help of McAfee On-Demand Scan function.
In order to validate if McAfee can detect or not those malicious files left in my system folder, I did a "On-Demand Scan". The following files were detected and deleted:
c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YTBUII29 20[1].EXE PWS-Mmorpg.gen(Trojan) 20[1].exe\20[1].exe\000060b0.EXE PWS-Mmorpg.gen(Trojan) c:\windows\system32 5102a80.sys PWS-Mmorpg.gen (Trojan) 9fd8db.sys PWS-Mmorpg.gen (Trojan) abzpqaxboq.exe Generic Downloader.x (Trojan) conmie.exe Generic.dx (Trojan) hbasktao.dll PWS-OnlineGames.co (Trojan) hbbo.dll PWS-OnlineGames.co (Trojan) hbwow.dll PWS-OnlineGames.co (Trojan) hbyy.dll PWS-OnlineGames.co (Trojan) hbzhuxian.dll PWS-OnlineGames.co (Trojan) pcxyqr.exe PWS-Mmorpg.gen (Trojan) qcabyoprxy.exe Generic.dx (Trojan) sovhst.exe Generic.dx (Trojan) sovhst.exe\sovhst.exe\0000b200.EXE Generic.dx (Trojan) System.exe PWS-Mmorpg.gen (Trojan) xboqpxabzp.exe PWS-Mmorpg.gen (Trojan) xboqpxabzp.exe\xboqpxabzp.exe\00008090.EXE PWS-Mmorpg.gen (Trojan) xyoqrxabzp.exe PWS-Mmorpg.gen (Trojan)
This tells me that:
After running the On-Demand Scan, I deleted all remaining malicious files manually system folders. I hoped that this PWS Trojan infection was fully removed now.
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
►PWS (Password Stealer) Trojan Infection Removal
What Is PWS (Password Stealer) Trojan?
JS/Downloader.gen - JavaScript Downloader Malware
PWS-Mmorpg.gen - A Password Stealer Trojan
heb.exe - The Trojan Installer Program
.exe and .dll Files Installed by the Trojan
my.exe - A Second PWS Trojan Infection
.exe and .dll Files of the Second Trojan
Explorer.EXE Trying to Install a Trojan
AccessProtectionLog.txt Log File Records
ATF-Cleaner.exe - Temporary File Remover
Trajon Files Left in the System Folder
Removing PWS Trojan Startup Entries
Command Processor AutoRun - Registry Value
UserInit - Winlogon Registry Key
js.users.51.la - hosts File Entries
Image File Execution Options - Registry Key