• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6474
  • Last Modified:

Trojan Horse PSW Generic VRA, VRH, VQN - all passwords compromised?

I've been infected with the Trojan Horse PSW Generic. I think that VRA, VRH, VQN are the variants.

The day i got this spyware I soon recognized it as there were new apps installed at once in my taskbar and my desktop, so  I cleaned using M$ Antispyware.
The day after I was at work and connected to MSN Messenger, disconnected. Reconnected again and got disconnected another time.

I thought that something was odd, so I logged in my passport.net account and immediately changed my password. Then I could connect again without being disconnected to MSN Messenger.

I've googled a bit and read some topics about the Trojan Horse PSW Generic and it seems that "PSW" stands for password spyware.
So now I think that the spyware sniffed my MSN password...

Unluckily I didn't check with an antivirus the same day. I did a complete scan only today and discovered the trojan horse and cleaned it.

My request in this question is the following: I need more in depth information about this trojan and what it does exactly.

Must I change all my passwords stored in my firefox signons file? (I have a lot of accounts there)
Must I change all my FTP, SSH passwords?

What would you do?
1 Solution
"What would you do?"

I would change all my passwords. At least, anything that was of importance.

I would also want to make sure first that the spyware is completely removed. Try the following:

(1) Download and run RootkitRevealer from: http://www.sysinternals.com/Utilities/RootkitRevealer.html to make sure no rootkit was installed.

(2) Do a few online scans. I would suggest:


Do report back if anything new is found.
Good luck.
firepolAuthor Commented:
thanks r-k.

as i told you i've already cleaned everything. i did an online scan with kaspersky and found nothing new.

the only news is that each time i reboot my system i get this warning: http://www.pbworks.net/images/boot.png

i tried to check in regedit currentversion.... run. there is nothing there.

i checked also with "autoruns.exe" a software that should show you all the programs runned at startup... but i didnt find any entry so im really wondering what's that.

also when i shutdown or reboot i get a warning about "dwwin.exe".

any ideas?

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now