Trojan Horse PSW Generic VRA, VRH, VQN - all passwords compromised?

I've been infected with the Trojan Horse PSW Generic. I think that VRA, VRH, VQN are the variants.

The day i got this spyware I soon recognized it as there were new apps installed at once in my taskbar and my desktop, so  I cleaned using M$ Antispyware.
The day after I was at work and connected to MSN Messenger, disconnected. Reconnected again and got disconnected another time.

I thought that something was odd, so I logged in my passport.net account and immediately changed my password. Then I could connect again without being disconnected to MSN Messenger.

I've googled a bit and read some topics about the Trojan Horse PSW Generic and it seems that "PSW" stands for password spyware.
So now I think that the spyware sniffed my MSN password...

Unluckily I didn't check with an antivirus the same day. I did a complete scan only today and discovered the trojan horse and cleaned it.

My request in this question is the following: I need more in depth information about this trojan and what it does exactly.

Must I change all my passwords stored in my firefox signons file? (I have a lot of accounts there)
Must I change all my FTP, SSH passwords?

What would you do?
LVL 2
firepolAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

r-kCommented:
"What would you do?"

I would change all my passwords. At least, anything that was of importance.

I would also want to make sure first that the spyware is completely removed. Try the following:

(1) Download and run RootkitRevealer from: http://www.sysinternals.com/Utilities/RootkitRevealer.html to make sure no rootkit was installed.

(2) Do a few online scans. I would suggest:

  http://safety.live.com/site/en-US/default.htm
  http://www.ewido.net/en/
  http://www.kaspersky.com/virusscanner/

Do report back if anything new is found.
Good luck.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
firepolAuthor Commented:
thanks r-k.

as i told you i've already cleaned everything. i did an online scan with kaspersky and found nothing new.

the only news is that each time i reboot my system i get this warning: http://www.pbworks.net/images/boot.png

i tried to check in regedit currentversion.... run. there is nothing there.

i checked also with "autoruns.exe" a software that should show you all the programs runned at startup... but i didnt find any entry so im really wondering what's that.

also when i shutdown or reboot i get a warning about "dwwin.exe".

any ideas?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.