From here:
Trojan.Naid is a Trojan horse that opens a back door on the compromised computer.
When the Trojan is executed, it creates the following files:
%UserProfile%\AppMgmt.dll %Windir%\Temp\uid.ax
The Trojan creates the following registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\"Start" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\Parameters\"ServiceDll"
= "%UserProfile%\AppMgmt.dll" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\"Type" = "272"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\"FailureActions"
= "[BINARY DATA]"
The Trojan may create one of the following services so that it runs
every time Windows starts:
AppMgmt BITS
The Trojan collects the following system information from the
compromised computer:
domain name unique identifier (UID)
The Trojan utilises its own custom communications protocol to connect
to the following IP address over port 443:
219.90.117.132
The Trojan then opens a back door on the compromised computer.
So you should inspect at least mentioned paths, keys and services.
But trojan could be modified, so I'd also recommend to inspect network connections using netstat or Process Monitor and other tools from Sysinternals Suite.
Trojan.Naid. The alert tells you what is infected. Your question about whether Windows and Tomcat combination is dangerous is an odd question when Tomcat 6 went end-of-life in 2016. Tomcat is not the problem, but the fact that you are using an out of support piece of software. Tomcat is now at 9.0. – schroeder Oct 30 '18 at 20:26