Trojan-PSW.Win32.Agent.skv

Trojan-PSW.Win32.Agent.skv

Bookmark and Share

1. What is the Trojan.PSW.Agent.skv

Trojan.PSW.Agent monitors and records your keystrokes and scans your computer for stored passwords. This information is then sent to the parasite authors. Trojan.PSW.Agent is highly dangerous and is a serious threat to your financial and personal information.

 

a. File System Modifications

       %ProgramFiles%\auclt.exe

         %System%\engine32.dll

         %System%\mlang32.dat

         %System%\sound32.exe

         5 %System%\winmn.dll

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

b. Memory Modifications

       There were new processes created in the system:

Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 561,152 bytes
sound32.exe %System%\sound32.exe 561,152 bytes

c. Other details

  • There was registered attempt to establish connection with the remote host. The connection details are:

 

Remote Host Port Number
222.73.165.154 80
  • The data identified by the following URL was then requested from the remote web server:
    • http://m468.3322.org/m/t.php?m=&v=&is=0

 

2. How-to's

a. Please update the policy basic knowledge of Sax2  in time, Once  sax2 detects  the communication of these trojans, it will break them and  ensure your network & business security.

b. How to Remove the Trojan.PSW.Agent.skv  Manually?

Step 1 : Use Windows Task Manager to Remove Trojan.PSW.Agent Processes
Remove the "Trojan.PSW.Agent" processes files:
relpop.exe
svvosts.exe
nmhxy.exe
5Sy.exe
5[1].exe

Step 2 : Use Windows Command Prompt to Unregister Trojan.PSW.Agent DLL Files
Search and unregister "Trojan.PSW.Agent" DLL files:
nmhxy.dll
mywow.dll

Step 3 : Detect and Delete Other Trojan.PSW.Agent Files
Remove the "Trojan.PSW.Agent" processes files:
relpop.exe
svc
svvosts.exe
nmhxy.exe
5Sy.exe
5[1].exe
nmhxy.dll
mywow.dll

Step 4 : View the Trojan.PSW.Agent Components with its MD5s
Remove the "Trojan.PSW.Agent" components:
 

File Name File Size MD5
svchost.exe 35840 65cdc258d2ec47f25d2bec762d6550df

 

c. How to Remove these trojans Instantly?

Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.

 

3. Appendix

For more information, please visit  http://www.ids-sax2.com/ComputerSecurityNewsletter.htm