» Category Sponsors
Get Your Link Here - Limited Time Bargain at only $11/month!

Home » Computers » Software » How to Detect and Remove the Trojan-PSW.Win32.Agent.skv

AndyHuang

Article written by AndyHuang

View Full Profile

Get Html Code

PDF |

Print View | Post to your Site

How to Detect and Remove the Trojan-PSW.Win32.Agent.skv

Submitted by AndyHuang
Mon, 4 Oct 2010

	Your Ad Here

1. What is the Trojan.PSW.Agent.skv

Trojan.PSW.Agent monitors and records your keystrokes and scans your computer for stored passwords. This information is then sent to the parasite authors. Trojan.PSW.Agent is highly dangerous and is a serious threat to your financial and personal information.
a. File System Modifications

%ProgramFiles%\auclt.exe

%System%\engine32.dll

%System%\mlang32.dat

%System%\sound32.exe

5 %System%\winmn.dll

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
b. Memory Modifications

There were new processes created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 561,152 bytes
sound32.exe %System%\sound32.exe 561,152 bytes
c. Other details

* There was registered attempt to establish connection with the remote host. The connection details are:
Remote Host Port Number
222.73.165.154 80

* The data identified by the following URL was then requested from the remote web server:
o http://m468.3322.org/m/t.php?m=&v=&is=0
2. How-to's

a. Please update the policy basic knowledge of Sax2 in time, Once sax2 detects the communication of these trojans, it will break them and ensure your network & business security.
b. How to Remove the Trojan.PSW.Agent.skv Manually?

Step 1 : Use Windows Task Manager to Remove Trojan.PSW.Agent Processes
Remove the "Trojan.PSW.Agent" processes files:
relpop.exe
svvosts.exe
nmhxy.exe
5Sy.exe
5[1].exe

Step 2 : Use Windows Command Prompt to Unregister Trojan.PSW.Agent DLL Files
Search and unregister "Trojan.PSW.Agent" DLL files:
nmhxy.dll
mywow.dll

Step 3 : Detect and Delete Other Trojan.PSW.Agent Files
Remove the "Trojan.PSW.Agent" processes files:
relpop.exe
svc
svvosts.exe
nmhxy.exe
5Sy.exe
5[1].exe
nmhxy.dll
mywow.dll

Step 4 : View the Trojan.PSW.Agent Components with its MD5s
Remove the "Trojan.PSW.Agent" components:

File Name File Size MD5
svchost.exe 35840 65cdc258d2ec47f25d2bec762d6550df
c. How to Remove these trojans Instantly?

Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.
3. Appendix

For more information, please visit http://www.ids-sax2.com/ComputerSecurityNewsletter.htm

I'm a network security export and found to dectect and resovle network security problems with intrusion software Sax2 is a good way. It can reslove many problems, such as ARP spoof, SQL Inject attacks, worms, backdor Trojans and so on.

Source: ArticleTrader.com

Comments

No comments posted.

Add Comment

You do not have permission to comment. If you log in, you may be able to comment.