>The actual files do look too small for a fully blown password stealing trojan?

http://securityresponse.symantec.com...al.refest.html

PWSteal.Refest is a Trojan Horse that installs itself as a BHO (Browser Helper Object) for Internet Explorer and steals online banking information when it is submitted in web forms.


Type: Trojan Horse
Infection Length: 81,920 (.exe), 45,056 (.dll)

and ps.exe psgui.exe is just 4 kb 15kb somthing ...