Troj/Bancos-DT is an internet banking Trojan for the Windows platform.
When Troj/Bancos-DT is installed it creates the file <System>\rundll_32.exe.
The file rundll_32.exe is detected as Troj/Bancos-DT.
The Trojan monitors the user's internet activity and displays fake login pages if the user visits certain predefined URLs. Any login details entered on the fake page are recorded by the Trojan.
The following registry entry is created to run rundll_32.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Run05
<System>\rundll_32.exe
Sophos's anti-virus products include Genotype™ detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against Troj/Bancos-DT (detected as Troj/Bancf-Fam) since version 3.96.