When searching our Virus Descriptions database for a specific program (e.g., Trojan-PSW:W32/Example.A), you may be directed to this page if the overview below sufficiently describes the program.
Alternatively, you may be directed to this page if no description matching that specific query is currently available. You can submit a sample of the suspect file to our Response Lab for further analysis via:
A Trojan-PSW is very similar to a Trojan-Spy, but is geared mainly towards stealing account log-in details, including passwords (the PSW stands for password stealer). In addition, some Trojan-PSW may also include spying and data-stealing routines.
To perform its password-stealing routine, a Trojan-PSW will usually drop a keylogging component. Such components stays active in Windows memory and starts keylogging (recording keystrokes) when a user is asked to input a log-in ID and a password. Stolen log-ins and passwords can allow an attacker to read a user's e-mail on public and corporate mail servers, as well as giving access to more sensitive material, such as online banking accounts.
As of March 2010, the naming convention 'Trojan-PSW' has been updated to 'Trojan-PWS' to make identification easier for users and to ensure naming practices are in line with current industry standards.