F-Secure
Tools
Trojan-PSW:W32/Trojan-PSW
| Name : | Trojan-PSW:W32/Trojan-PSW |
| Category: | Malware |
| Type: | Trojan-PSW |
| Platform: | W32 |
Summary
This type of trojan steals passwords and other sensitive information. It may also secretly install other malicious programs.
Disinfection
Automatic Disinfection
Starting from F-Secure Anti-Virus (FSAV) version 5.40, standalone malware (backdoors, worms, trojans, etc.) is automatically removed. FSAV automatically renames malware files to prevent them from being executed.
In rare cases, automatic disinfection is not possible and the user must instruct FSAV to perform disinfection (renaming and/or deleting the infected file).
In special cases, the user is recommended to perform disinfection using specific tools provided by F-Secure. The tools can be downloaded from:
- ftp://ftp.f-secure.com/anti-virus/tools/
- http://www.f-secure.com/download-purchase/tools.shtml
In some cases F-Secure Anti-Virus may not automatically disinfect a system. If so, please visit our Support pages at:
- http://support.f-secure.com/enu/home/virusproblem/howtoclean/
Windows System Restore Issues
If the computer is running on the Windows ME or XP operating systems, disabling the System Restore feature before disinfection is recommended. This is to avoid possible re-infection by a threat that has just been disinfected, as the System Restore feature may have unknowingly saved a copy of the infected file during its normal procedures. If the System Restore feature is active, it may then copy the infected file back to the hard drive after the user or an antivirus program has renamed or deleted it.
Instructions on how to disable the System Restore feature are here:
- Windows ME: http://www.f-secure.com/v-descs/sfc_dis.shtml
- Windows XP: http://www.f-secure.com/v-descs/sfc_dis1.shtml
Once disinfection is complete, re-enabling the System Restore feature is recommended. This will allow the user to restore the system to a stable configuration in the event that a crash or incompatibility issue occurs in the future.
F-Secure Anti-Virus
F-Secure Anti-Virus can be purchased from our online web store or from authorized distributors. A 30-day limited trial verson of F-Secure Anti-Virus may be downloaded from our website:
- http://www.f-secure.com/download-purchase/
All the latest versions of FSAV can automatically download the latest signature database updates. These updates can also be manually downloaded and installed from our web or ftp sites:
- http://www.f-secure.com/download-purchase/updates.shtml
Contacting F-Secure for help
If you have problems with disinfection, please consult a computer technician or send a message (and a sample) to our Response Lab. We have guidelines for sending virus samples, hoaxes and virus-related questions to F-Secure Response Lab published here:
- http://support.f-secure.com/enu/home/virusproblem/sample/
Starting from F-Secure Anti-Virus (FSAV) version 5.40, standalone malware (backdoors, worms, trojans, etc.) is automatically removed. FSAV automatically renames malware files to prevent them from being executed.
In rare cases, automatic disinfection is not possible and the user must instruct FSAV to perform disinfection (renaming and/or deleting the infected file).
In special cases, the user is recommended to perform disinfection using specific tools provided by F-Secure. The tools can be downloaded from:
- ftp://ftp.f-secure.com/anti-virus/tools/
- http://www.f-secure.com/download-purchase/tools.shtml
In some cases F-Secure Anti-Virus may not automatically disinfect a system. If so, please visit our Support pages at:
- http://support.f-secure.com/enu/home/virusproblem/howtoclean/
Windows System Restore Issues
If the computer is running on the Windows ME or XP operating systems, disabling the System Restore feature before disinfection is recommended. This is to avoid possible re-infection by a threat that has just been disinfected, as the System Restore feature may have unknowingly saved a copy of the infected file during its normal procedures. If the System Restore feature is active, it may then copy the infected file back to the hard drive after the user or an antivirus program has renamed or deleted it.
Instructions on how to disable the System Restore feature are here:
- Windows ME: http://www.f-secure.com/v-descs/sfc_dis.shtml
- Windows XP: http://www.f-secure.com/v-descs/sfc_dis1.shtml
Once disinfection is complete, re-enabling the System Restore feature is recommended. This will allow the user to restore the system to a stable configuration in the event that a crash or incompatibility issue occurs in the future.
F-Secure Anti-Virus
F-Secure Anti-Virus can be purchased from our online web store or from authorized distributors. A 30-day limited trial verson of F-Secure Anti-Virus may be downloaded from our website:
- http://www.f-secure.com/download-purchase/
All the latest versions of FSAV can automatically download the latest signature database updates. These updates can also be manually downloaded and installed from our web or ftp sites:
- http://www.f-secure.com/download-purchase/updates.shtml
Contacting F-Secure for help
If you have problems with disinfection, please consult a computer technician or send a message (and a sample) to our Response Lab. We have guidelines for sending virus samples, hoaxes and virus-related questions to F-Secure Response Lab published here:
- http://support.f-secure.com/enu/home/virusproblem/sample/
Additional Details
This is the Trojan-PSW General Information page.
A Trojan-PSW is very similar to a Trojan-Spy, but is geared mainly towards stealing account log-in details, including passwords (the PSW stands for password). In addition, some Trojan-PSWs may also include spying and data-stealing routines.
To perform its password-stealing routine, a Trojan-PSW will usually drop a keylogging component. Such components stays active in Windows memory and starts keylogging (recording keystrokes) when a user is asked to input a log-in ID and a password. Stolen log-ins and passwords can allow an attacker to read a user's e-mail on public and corporate mail servers, as well as giving access to more sensitive material, such as online banking accounts.
A Trojan-PSW is very similar to a Trojan-Spy, but is geared mainly towards stealing account log-in details, including passwords (the PSW stands for password). In addition, some Trojan-PSWs may also include spying and data-stealing routines.
To perform its password-stealing routine, a Trojan-PSW will usually drop a keylogging component. Such components stays active in Windows memory and starts keylogging (recording keystrokes) when a user is asked to input a log-in ID and a password. Stolen log-ins and passwords can allow an attacker to read a user's e-mail on public and corporate mail servers, as well as giving access to more sensitive material, such as online banking accounts.