Spyware free software spyware removal Anti Spyware software free spyware check adware spyware remover anti virus downloadAnti Spyware Software
Spyware Detector - HomeSpyware Detector - PurchaseSpyware Detector - AffiliatesSpyware Detector - Download UpdatesSpyware Detector -FAQSpyware Detector -Contact Us

Home/ Spyware Encyclopedia / PSW.Nilage

 PSW.Nilage Technical Details
 Category PSW
 Discovered   7/13/2006 5:10:00 PM
 Modified   11/19/2008 4:27:28 PM
 Threat Level Critical
 Category Description
This family of Trojans steals passwords, normally system passwords from victim machines. They search for system files which contain confidential information such as passwords and Internet access telephone numbers and then send this information to an email address coded into the body of the Trojan. The 'master' or user of the illegal program will then retrieve and misuse this information. Most common behavior: 1. Ask for password using fake window 2. Change ICQ, MSN and AOL configuration 3. Get cached Windows passwords
 Notice

Please note that the following information is not controlled or endorsed by Max Secure Software. They are captured automatically in our Research Lab as a result of executing Spyware Files or browsing Internet. Please contact us if you find any information inappropriate for removal. All the work contained in this report is copyrighted and should not be copied without permission from Max Secure Software.

We do not recommend browsing or removing these entries on your own manually. We do not take any warranty against the use or result of the use of this information.
 Summary
The following http urls were started: NA
The hosts file was updated with the following url-to-ip mappings:
192.168.0.101avp.com
192.168.0.101ca.com
192.168.0.101customer.symantec.com
The following internet connection was established: NA
 The following Files were created:
 
NameVersionPublisherSignature (MD5)File Size (in KB)
..\37903DB2.DLL  20A9F444C2CF42E26A31C4FCD320D443 
..\temp\clobs.dll2.6.0.0??????????(cnnic)fa920e8bcf39861974fea8bb3b0405ca36864
..\temp\renewup.exe2.6.0.1??????????c854f9fc4adb9e0de8f44aaf141d1f33457568
..\627A2209.DLL  30EF187C2B70A3DDDC773257E54FECB5 
..\8835438F.DLL  A1A0DF1768709BA7BBC64698FE4B4172 
..\NETWORK DEE.EXE  CAD26B5953214B80EB70E96F6928940E 
..\BB5B03DC.DLL  91C0FD02E67417107B42139700AB771F 
..\F9231B21.DLL  CB180652505CBCC4AB267371B8288B85 
..\16B1131C.EXE  E334614A0A79C53A36BF0D79ABF3483D89034
..\820D1A83.EXE  965583B539FB59B643C7BDD83E269A7E89917
..\ocinfo.dat    
..\TEMP\REWFDR.EXEEVO.EXE4.0.6.316COMPLEX NEW TECHNOLOGIESD8948DC3A6BBD6725CB0CB2A4E8A9BA61324623
..\B0923CAD.DLL  0D0214CEBAAE720CCB56E343C2F25B09 
..\EB691C66.EXE  D301C86F3D7793A32BC7A5C0CF16716C 
..\E75001F2.DLL  7EC61F4C7609DC4AFF0B8195BB8FB82D 
..\ocins\cnprovh.dll    
..\plugin1.dat  2b07eadc904f688ba13934426a2d218151733
..\1\CDN.DLL2.0.0.1cnnic14AE2B7AC49D740662F2DF2EE275B40333344
..\1\CDNPRH.DLL2.4.0.3CNNICF80FCDCBC72F619431C10A7E0AABD75174432
..\2\AUSTR.DLL    
..\3\AUSTR.DLL    
..\3\CONVF.DLL    
..\temp\clobs.exe2.0.0.0CNNICdaabae24cd2fd6af02210c29b01c120228672
..\5BC064BF.DLL  2B7D0FBEAB52D1D560C2321E6073179C 
..\2\cndsv.dll    
 The following Registry Entries were created:
 
..\Software\Classes\Clsid\{61db8fbd-b64b-401e-bda7-f36e44180805}
..\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7605cc7c-00fd-4a5f-bafd-828342de6279}
..\Software\Classes\Interface\{c4cb9237-6a94-4efd-9fce-c254b5262984}
..\Software\Classes\Typelib\{d0728b0a-cd30-4f44-96f9-19de77f662a9}
..\Software\Classes\idnreg.idnobj.1
..\Software\Classes\iesrch.srchhook.1
..\Software\Microsoft\INTERNET EXPLORER\SEARCH\"CUSTOMIZESEARCH"\"HTTP://CLIENT.JOGO.CN/CDN/BROWSER/CUSTOMSEARCH/CUSTOMSEARCH-EN.HTML"
..\Software\Classes\Clsid\KVBITNOD32
..\Software\Classes\Interface\{30e2f066-7fd9-417b-bb14-14cd960b346b}
..\Software\Classes\Typelib\{72584095-b0b2-4058-8cdc-6ae69f8b199b}
..\System\CurrentControlSet\Services\idnaux
..\Software\Classes\ieaux.iehlprobj.1
..\Software\WGET
..\System\CurrentControlSet\Services\CEAMGK
..\Software\Microsoft\Windows NT\CurrentVersion\WINLOGON\"USERINIT"\"%WIN.SYS32%\USERINIT.EXE,%WIN.SYS32%\EXPLORER.EXE,"
..\Software\Classes\Clsid\{22f86f33-9cbb-49a8-bb12-cdbe51b4c294}
..\Software\Classes\Interface\{7605cc7a-00fd-4a5f-bafd-828342de6279}
..\Software\Classes\Typelib\{7605cc7b-00fd-4a5f-bafd-828342de6279}
..\Software\Microsoft\Internet Explorer\Extensions\{b012491e-8fa4-4851-aa9b-22e33784fbad}
..\Software\Microsoft\Active Setup\Installed Components\{20080625-1111-2222-3333-444444444444}
..\Software\Classes\idnreg.idnobj
..\Software\Classes\iesrch.srchhook
..\Software\Microsoft\INTERNET EXPLORER\SEARCH\"SEARCHASSISTANT"\"HTTP://CLIENT.JOGO.CN/CDN/BROWSER/SIDESEARCH/SIDESEARCH-EN.HTML"
Recommendation to remove PSW.Nilage
Spyware Detector can remove PSW.Nilage, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.
Download Spyware Detector and Scan for FREE
 
Personalized E-mail support by our Research Team. You send an "Export Log" report to us, we then add new definition and you eliminate spyware found on YOUR PC in the next Live Update. So, not only do you benefit but the whole community enjoys the feedback.
Speed up your computer and increase browsing performance by deleting Spyware & Adware
Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software.
Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes.
 
Free Spyware Scan
 Search Threats
Testimonials

Read More
Information Desk
Spyware & Adware Categories we scan
  
List of Spyware &
Adware we remove
Submit a Threat
Submit a threat to be reviewed by our research team

Submit a Threat
Home| About Us| Purchase| Contact Us| FAQ| Privacy Policy
Copyrights© 2003-2008 Max Secure Software. All rights reserved