Trojan - win32/psw.narod

Discussion in 'malware problems & news' started by marvik, Jan 26, 2004.

Thread Status:
Not open for further replies.
  1. marvik

    marvik Registered Member

    Joined:
    Jan 26, 2004
    Posts:
    3
    Ran Nod32 on WinXP - results showed a Trojan called win32/psw.Narod. Nod32 could not remove the malware - a general search on the net points to Nod32 site but they don't have anything on this trojan.
    I've done a lot searching but can't find anything. Does anyone know what this Trojan is, what it does and most importantly - how to get rid of it?
    Thanks a lot - Marv
     
    marvik, Jan 26, 2004
    #1
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi marvik,

    Welcome at Wilders. :)
    Do you have a filename for the file that NOD flags as the trojan?
    Maybe that helps.

    Regards,

    Pieter
     
    Pieter_Arntz, Jan 26, 2004
    #2
  3. marvik

    marvik Registered Member

    Joined:
    Jan 26, 2004
    Posts:
    3
    The best I can find is (I don't know if this will help much)
    File C:\WINDOWS\SYSTEM32\systemie.exe is infected with trojan Win32/PSW.Narod.A.
    File C:\WINDOWS\SYSTEM32\sysie.dll is infected with trojan Win32/PSW.Narod.A. NOD32 cannot clean this infiltration.
    trojan Win32/PSW.Narod.A found in operating memory.

    Thanks
    Marv
     
    marvik, Jan 26, 2004
    #3
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi Marvik,

    Sure it helps.
    Please copy the part in bold belwow to Notepad. Name the file as keylogbegone.reg (set it to save as all files). Double click on keylogbegone.reg and confirm you want to merge it with the registry.
    This will prevent it from starting at next boot.

       
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D1228C9-F556-4158-BC0B-D3FF4F3F3E1B}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    "systemie"=-   


    Reboot after doing so, preferably into safe mode and delete:

    systemie.exe
    sysie.dll
    systemie.dll
    systemie.dat

    After it is removed you will need to change any passwords and all passwords or sensitive infomration you may have typed into a form. This is a Keylogger and that information could have been transmitted to someone.

    Regards,

    Pieter
     
    Pieter_Arntz, Jan 26, 2004
    #4
  5. marvik

    marvik Registered Member

    Joined:
    Jan 26, 2004
    Posts:
    3
    Thanks a lot! I'll do it now.
    Marv :)
     
    marvik, Jan 26, 2004
    #5
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    OK. Keep us posted.

    Pieter
     
    Pieter_Arntz, Jan 26, 2004
    #6
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    http://vil.nai.com/vil/content/v_100477.htm


    Narod is a password stealing trojan

    removal info at the link.
     
    bigc73542, Jan 27, 2004
    #7
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    The mcafee stinger utilitie will remove pws narod can be downloaded at the link


    http://vil.nai.com/vil/stinger/
     
    bigc73542, Jan 27, 2004
    #8
  9. bobby dias

    bobby dias Guest

    I renamed systemie.exe to oldsystemie.exe and I renamed systemie.dll to
    oldsystemie.dll, restarted the computer and then deleted oldsystemie.exe and
    oldsystemie.dll. Never saw them again.
     
    bobby dias, Jun 14, 2004
    #9
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...