PWSteal.Jomloon.E

If you want to keep your passwords safe, be aware of PWSteal.Jomloon.E Trojan, which can not only record your personal information, but also allow your system to get infected with malware, which could be even more harmful to your personal security and Windows system’s functionality. PWSteal.Jomloon.E, also known by PWS:Win32/Jomloon.E name, has been first spotted in July of 2009, and attacks Windows users all around the world; although, most prominently in China. The Trojan’s main target is active users of an online game, called Dungeon Fighter (DNF), who are monitored by the criminals of PWSteal.Jomloon.E. As the Trojan infiltrates and hooks to the game account, schemers can use this information for their own intentions.

PWSteal.Jomloon.E is a Trojan, which is built on two very strong executables b.exe and chrome.exe. The first one, found under C:\Documents and Settings\User\Application Data, is categorized as an information stealing worm, with ability to download and drop additional malware. This file is also cloaked, using the original name of Ageia PhysX and iTunes programs’ b.exe files. The camouflaged executable can add and delete processes in the Registry, or even connect your computer and accounts to remote servers. This way, without any of your knowledge, you email and Chat room accounts can be used to spread malignant PWSteal.Jomloon.E files. B.exe is also known to check and copy data from autoexec.bat file, which allows your mouse and keyboard activity to be recorded.

Another PWSteal.Jomloon.E Trojan’s file chrome.exe is also cloaked, and uses the name of the Google Chrome browser’s executable. If the access to Registry Editor was not removed by this malignant component, you could easily discover that instead of the authentic file’s location (C:\Documents and Settings\User), PWSteal.Jomloon.E’s chrome.exe is found in C:\Program Files\Google Chrome\bin folder. This Trojan’s executable is also known to look at your phone book details and autoexec.bat file, just as b.exe, but this malicious component is responsible for hiding PWSteal.Jomloon.E from removal. Disabled safe mode and access to Task Manager help the Trojan stay hidden from being found and deleted. Moreover, if you are using Internet Explorer as your only browser, you might find it impossible to connect to the Internet, as PWSteal.Jomloon.E’s chrome.exe can change browser’s settings, leaving only the Trojan to be bale to communicate to remote servers.

It is not advised to remove PWSteal.Jomloon.E manually, because of b.exe component, which is polymorphic and can slip through the detection of less experienced Windows users. What is more, with removed access to Windows Tools (Task Manager, Registry Editor) it will be a highly tedious and complex task to delete PWSteal.Jomloon.E Trojan from your operating system. Therefore, simply install legal security software, which will guarantee an operative and successful Trojan’s removal.