Trojan Horse PSW Generic VRA, VRH, VQN - all passwords compromised?

Posted on 2006-04-25
Last Modified: 2013-12-04
I've been infected with the Trojan Horse PSW Generic. I think that VRA, VRH, VQN are the variants.

The day i got this spyware I soon recognized it as there were new apps installed at once in my taskbar and my desktop, so  I cleaned using M$ Antispyware.
The day after I was at work and connected to MSN Messenger, disconnected. Reconnected again and got disconnected another time.

I thought that something was odd, so I logged in my account and immediately changed my password. Then I could connect again without being disconnected to MSN Messenger.

I've googled a bit and read some topics about the Trojan Horse PSW Generic and it seems that "PSW" stands for password spyware.
So now I think that the spyware sniffed my MSN password...

Unluckily I didn't check with an antivirus the same day. I did a complete scan only today and discovered the trojan horse and cleaned it.

My request in this question is the following: I need more in depth information about this trojan and what it does exactly.

Must I change all my passwords stored in my firefox signons file? (I have a lot of accounts there)
Must I change all my FTP, SSH passwords?

What would you do?
Question by:firepol
    LVL 32

    Accepted Solution

    "What would you do?"

    I would change all my passwords. At least, anything that was of importance.

    I would also want to make sure first that the spyware is completely removed. Try the following:

    (1) Download and run RootkitRevealer from: to make sure no rootkit was installed.

    (2) Do a few online scans. I would suggest:

    Do report back if anything new is found.
    Good luck.
    LVL 2

    Author Comment

    thanks r-k.

    as i told you i've already cleaned everything. i did an online scan with kaspersky and found nothing new.

    the only news is that each time i reboot my system i get this warning:

    i tried to check in regedit currentversion.... run. there is nothing there.

    i checked also with "autoruns.exe" a software that should show you all the programs runned at startup... but i didnt find any entry so im really wondering what's that.

    also when i shutdown or reboot i get a warning about "dwwin.exe".

    any ideas?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now