How do I get rid of the PSW.OnlineGames.NMY trojan

Posted on 2009-02-20
Last Modified: 2013-11-22
I have a PC that is infected with the WIN32/PSW.OnlineGames.NMY trojan virus.  My Eset Nod32 antivirus keeps bouncing every five seconds to tell me that it has been placed in quarantine and  doesn't stop.  The exact message is:
Win32/PSW.OnlineGames.NMY trojan
cleaned by deleting-quarantined

I did a search for autorun on the computer and it displayed the following

cdautorun          c:\program file\picas2
autorun              c:\program files\microsoft plus! Digitial Media editor\plus
autorun              c:\prgrram files\online services\perople pc
autorun              c:\windows\system32\pcintro
autorun              c:\windows\system32\pcintro
autorun              c:\program files\ho\Digital Imaging\{OFABD3D7-3O36-4E78-B29D-58957ADBOA12}

How can I get rid of this trojan?
Question by:theofficeshop
    LVL 4

    Expert Comment

    from ESET

    First of all, remove any removable devices (e.g. usb sticks, memory cards, etc.). Look into the file C:\autorun.inf and put down the file name listed at the line commencing with "shell\open\command=".
    Look up and rename that file and restart the computer.

    Send the file you've previously renamed in a password protected archive and this thread's url in the subject to samples[at]

    You can also do the following

    You don't have to uninstall NOD if you use clamwin portable anti-virus.

    Install portable version of ClamWin anti-virus in a USB pen drive and scan your PC with it.

    Use another clean PC to download Clamwin portable anti-virus and install it on a USB pen drive.
    Download here

    Document on how to configure ClamWin

    1) Start Clamwin anti-virus and update the latest anti-virus definition files.
    2)Select the tools menu bar, set the preferences to remove virus.
    3)Start the infected PC in safe mode by pressing F8 during start up.
    4) Run the Clamwin Anti-virus that is installed on the USB pen drive to scan the
    infected PC.
    5)After removing the virus, install crap cleaner (ccleaner) to get rid of the
    viruses left over setting in the windows registry.

    ClamWin is a Free Antivirus for Microsoft Windows that uses the GNU General
    Public License by the Free Software Foundation and is free (as in freedom)
    software. It can detect and remove more than 430,000 Trojans and viruses.

    5 months ago
    LVL 12

    Accepted Solution

    Please download and run Malwarebytes and clean any trojans it finds.

    After the Malwarebytes scan, download and run Hijackthis and post your log for further evaluation.

    LVL 23

    Assisted Solution

    The most immediate way to immunize your system against USB ridden malware is running Flash disinfector.
    the program will create a write protected autorun.inf  folder that will stop malware from using this method to infect your machine in the future.
    also the MBAM scan as suggested above is a good tool to help remove the infection if it is still present.


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Azure Remote Apps and an Access program 5 53
    Format underline a range 2 48
    encryption on machine 7 51
    Excel object stays open 19 56
    The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
    Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
    Viewers will learn how to maximize accessibility options in an Excel workbook for users with accessibility issues.
    The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now