PDA

View Full Version : Dangerous Trojan [virus updates]


caleb_yee
23-08-03, 15:08
PWSteal.Navu is a Trojan Horse with keylogging capabilities.

The presence of the file Msdirectx.dll or Navupd.dll is an indication of a possible infection

It can lock ya pc...not joking
PWSteal.Navu consists of a .dll file. Routines within the .dll are invoked using Rundll32.exe.

When PWSteal.Navu is executed, it performs the following actions:

Copies itself to the %Windir% directory as:

msdirectx.dll
navupd.dll

NOTE: %Windir% is a variable. The Trojan locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.

Adds the value:

"NAVUpd" = "rundll32.exe navupd.dll,Startup"

to the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

so that the Trojan starts when Windows starts.

Uses ICQ to send a notification to the Trojan's author that it is running.

Hooks keyboard events, allowing it to log keystrokes.

May display one of the following error messages while the Trojan is running:

"failed at address conversion"
"failed at socket creation"
"failed at startup"

Removing it a little tricky..
1.Disable System Restore (Windows Me/XP).
2.Update the virus definitions.
3.Restart the computer in safe mode or VGA mode.
4.Run a full system scan and delete all the files detected as PWSteal.Navu.
5.Reverse the changes that the Trojan made to the registry

Details about removal Virus Removal Details (http://www.tombraiderforums.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=9;t=003986)

Ps.Please take some time reading the w32.sowsat,j@mm virus...it's a clever faking worm