How to Detect and Remove the Trojan-PSW.Win32.Agent.skv

1. What is the Trojan.PSW.Agent.skv
Trojan.PSW.Agent monitors and records your keystrokes and scans your computer for stored passwords. This information is then sent to the parasite authors. Trojan.PSW.Agent is highly dangerous and is a serious threat to your financial and personal information.

a. File System Modifications
%ProgramFiles%\auclt.exe
%System%\engine32.dll
%System%\mlang32.dat
%System%\sound32.exe
5 %System%\winmn.dll
Notes:
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
b. Memory Modifications
There were new processes created in the system:
Process Name
Process Filename
Main Module Size
[filename of the sample #1]
[file and pathname of the sample #1]
561,152 bytes
sound32.exe
%System%\sound32.exe
561,152 bytes
c. Other details
There was registered attempt to establish connection with the remote host. The connection details are:

Remote Host
Port Number
222.73.165.154
80
The data identified by the following URL was then requested from the remote web server:
http://m468.3322.org/m/t.php?m=&v=&is=0

2. How-to's
a. Please update the policy basic knowledge of Sax2 in time, Once sax2 detects the communication of these trojans, it will break them and ensure your network & business security.
b. How to Remove the Trojan.PSW.Agent.skv Manually?
Step 1 : Use Windows Task Manager to Remove Trojan.PSW.Agent ProcessesRemove the "Trojan.PSW.Agent" processes files:relpop.exesvvosts.exenmhxy.exe5Sy.exe5[1].exeStep 2 : Use Windows Command Prompt to Unregister Trojan.PSW.Agent DLL FilesSearch and unregister "Trojan.PSW.Agent" DLL files:nmhxy.dllmywow.dllStep 3 : Detect and Delete Other Trojan.PSW.Agent FilesRemove the "Trojan.PSW.Agent" processes files:relpop.exesvcsvvosts.exenmhxy.exe5Sy.exe5[1].exenmhxy.dllmywow.dllStep 4 : View the Trojan.PSW.Agent Components with its MD5sRemove the "Trojan.PSW.Agent" components:
File Name
File Size
MD5
svchost.exe
35840
65cdc258d2ec47f25d2bec762d6550df

c. How to Remove these trojans Instantly?
Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.

3. Appendix
For more information, please visit http://www.ids-sax2.com/ComputerSecurityNewsletter.htm