Trojan Horse PSW Generic VRA, VRH, VQN - all passwords compromised?

I've been infected with the Trojan Horse PSW Generic. I think that VRA, VRH, VQN are the variants.

The day i got this spyware I soon recognized it as there were new apps installed at once in my taskbar and my desktop, so  I cleaned using M$ Antispyware.
The day after I was at work and connected to MSN Messenger, disconnected. Reconnected again and got disconnected another time.

I thought that something was odd, so I logged in my passport.net account and immediately changed my password. Then I could connect again without being disconnected to MSN Messenger.

I've googled a bit and read some topics about the Trojan Horse PSW Generic and it seems that "PSW" stands for password spyware.
So now I think that the spyware sniffed my MSN password...

Unluckily I didn't check with an antivirus the same day. I did a complete scan only today and discovered the trojan horse and cleaned it.

My request in this question is the following: I need more in depth information about this trojan and what it does exactly.

Must I change all my passwords stored in my firefox signons file? (I have a lot of accounts there)
Must I change all my FTP, SSH passwords?

What would you do?
LVL 2
firepolAsked:
Who is Participating?
 
r-kCommented:
"What would you do?"

I would change all my passwords. At least, anything that was of importance.

I would also want to make sure first that the spyware is completely removed. Try the following:

(1) Download and run RootkitRevealer from: http://www.sysinternals.com/Utilities/RootkitRevealer.html to make sure no rootkit was installed.

(2) Do a few online scans. I would suggest:

  http://safety.live.com/site/en-US/default.htm
  http://www.ewido.net/en/
  http://www.kaspersky.com/virusscanner/

Do report back if anything new is found.
Good luck.
0
 
firepolAuthor Commented:
thanks r-k.

as i told you i've already cleaned everything. i did an online scan with kaspersky and found nothing new.

the only news is that each time i reboot my system i get this warning: http://www.pbworks.net/images/boot.png

i tried to check in regedit currentversion.... run. there is nothing there.

i checked also with "autoruns.exe" a software that should show you all the programs runned at startup... but i didnt find any entry so im really wondering what's that.

also when i shutdown or reboot i get a warning about "dwwin.exe".

any ideas?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.