From here:
Trojan.Naid is a Trojan horse that opens a back door on the compromised computer.
When the Trojan is executed, it creates the following files:
%UserProfile%\AppMgmt.dll %Windir%\Temp\uid.ax
The Trojan creates the following registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\"Start" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\Parameters\"ServiceDll"
= "%UserProfile%\AppMgmt.dll" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\"Type" = "272"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\"FailureActions"
= "[BINARY DATA]"
The Trojan may create one of the following services so that it runs
every time Windows starts:
AppMgmt BITS
The Trojan collects the following system information from the
compromised computer:
domain name unique identifier (UID)
The Trojan utilises its own custom communications protocol to connect
to the following IP address over port 443:
219.90.117.132
The Trojan then opens a back door on the compromised computer.
So you should inspect at least mentioned paths, keys and services.
But trojan could be modified, so I'd also recommend to inspect network connections using netstat
or Process Monitor and other tools from Sysinternals Suite.