|
|
#1
January 26th, 2004, 05:10 AM
|
|||
|
|||
Trojan - win32/psw.narod
Ran Nod32 on WinXP - results showed a Trojan called win32/psw.Narod. Nod32 could not remove the malware - a general search on the net points to Nod32 site but they don't have anything on this trojan.
I've done a lot searching but can't find anything. Does anyone know what this Trojan is, what it does and most importantly - how to get rid of it? Thanks a lot - Marv |
|
#2
January 26th, 2004, 05:17 AM
|
||||
|
||||
|
Re:Trojan - win32/psw.narod
Hi marvik,
Welcome at Wilders.  Do you have a filename for the file that NOD flags as the trojan? Maybe that helps. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#3
January 26th, 2004, 05:29 AM
|
|||
|
|||
|
Re:Trojan - win32/psw.narod
The best I can find is (I don't know if this will help much)
File C:\WINDOWS\SYSTEM32\systemie.exe is infected with trojan Win32/PSW.Narod.A. File C:\WINDOWS\SYSTEM32\sysie.dll is infected with trojan Win32/PSW.Narod.A. NOD32 cannot clean this infiltration. trojan Win32/PSW.Narod.A found in operating memory. Thanks Marv |
|
#4
January 26th, 2004, 05:40 AM
|
||||
|
||||
|
Re:Trojan - win32/psw.narod
Hi Marvik,
Sure it helps. Please copy the part in bold belwow to Notepad. Name the file as keylogbegone.reg (set it to save as all files). Double click on keylogbegone.reg and confirm you want to merge it with the registry. This will prevent it from starting at next boot. *** REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D1228C9-F556-4158-BC0B-D3FF4F3F3E1B}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "systemie"=-*** Reboot after doing so, preferably into safe mode and delete: systemie.exe sysie.dll systemie.dll systemie.dat After it is removed you will need to change any passwords and all passwords or sensitive infomration you may have typed into a form. This is a Keylogger and that information could have been transmitted to someone. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#6
January 26th, 2004, 06:13 AM
|
||||
|
||||
|
Re:Trojan - win32/psw.narod
OK. Keep us posted.
Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#7
January 27th, 2004, 10:38 PM
|
||||
|
||||
|
Re:Trojan - win32/psw.narod
http://vil.nai.com/vil/content/v_100477.htm
Narod is a password stealing trojan removal info at the link.
__________________
 The Only Safe Computer Is Unplugged MEMBER ASAP since 2004 Alliance of Security Analysis Professionals |
|
#8
January 27th, 2004, 11:02 PM
|
||||
|
||||
|
Re:Trojan - win32/psw.narod
The mcafee stinger utilitie will remove pws narod can be downloaded at the link http://vil.nai.com/vil/stinger/
__________________
The Only Safe Computer Is Unplugged MEMBER ASAP since 2004 Alliance of Security Analysis Professionals |
|
#9
June 14th, 2004, 12:54 PM
|
|||
|
|||
Re: Trojan - win32/psw.narod
I renamed systemie.exe to oldsystemie.exe and I renamed systemie.dll to
oldsystemie.dll, restarted the computer and then deleted oldsystemie.exe and oldsystemie.dll. Never saw them again. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
