[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1807
  • Last Modified:

How do I get rid of the PSW.OnlineGames.NMY trojan

I have a PC that is infected with the WIN32/PSW.OnlineGames.NMY trojan virus.  My Eset Nod32 antivirus keeps bouncing every five seconds to tell me that it has been placed in quarantine and  doesn't stop.  The exact message is:
Win32/PSW.OnlineGames.NMY trojan
cleaned by deleting-quarantined

I did a search for autorun on the computer and it displayed the following

cdautorun          c:\program file\picas2
autorun              c:\program files\microsoft plus! Digitial Media editor\plus dme11.cab
autorun              c:\prgrram files\online services\perople pc
autorun              c:\windows\system32\pcintro
autorun              c:\windows\system32\pcintro
autorun              c:\program files\ho\Digital Imaging\{OFABD3D7-3O36-4E78-B29D-58957ADBOA12}

How can I get rid of this trojan?
2 Solutions
from ESET

First of all, remove any removable devices (e.g. usb sticks, memory cards, etc.). Look into the file C:\autorun.inf and put down the file name listed at the line commencing with "shell\open\command=".
Look up and rename that file and restart the computer.

Send the file you've previously renamed in a password protected archive and this thread's url in the subject to samples[at]eset.com.

You can also do the following

You don't have to uninstall NOD if you use clamwin portable anti-virus.

Install portable version of ClamWin anti-virus in a USB pen drive and scan your PC with it.

Use another clean PC to download Clamwin portable anti-virus and install it on a USB pen drive.
Download here

Document on how to configure ClamWin

1) Start Clamwin anti-virus and update the latest anti-virus definition files.
2)Select the tools menu bar, set the preferences to remove virus.
3)Start the infected PC in safe mode by pressing F8 during start up.
4) Run the Clamwin Anti-virus that is installed on the USB pen drive to scan the
infected PC.
5)After removing the virus, install crap cleaner (ccleaner) to get rid of the
viruses left over setting in the windows registry.

ClamWin is a Free Antivirus for Microsoft Windows that uses the GNU General
Public License by the Free Software Foundation and is free (as in freedom)
software. It can detect and remove more than 430,000 Trojans and viruses.

5 months ago
Please download and run Malwarebytes and clean any trojans it finds.

After the Malwarebytes scan, download and run Hijackthis and post your log for further evaluation.

Mohamed OsamaSenior IT ConsultantCommented:
The most immediate way to immunize your system against USB ridden malware is running Flash disinfector.
the program will create a write protected autorun.inf  folder that will stop malware from using this method to infect your machine in the future.
also the MBAM scan as suggested above is a good tool to help remove the infection if it is still present.


Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now