Troj/Banker-AR

Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Banker-AR is an information stealing Trojan.

Troj/Banker-AR creates registro.exe and explore.exe in the folder C:\windows\system.

registro.exe executes explore.exe and creates the registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
explore.exe = c:\windows\system\explore.exe

explore.exe monitors the user's internet activity and displays fake login pages if the user visits any of the following web sites:

http://www.bradesco.com.br
https://wwwss.bradesco.com.br
http://www.itau.com.br
https://internetcaixa.caixa.gov.br
https://internetbanking-asp.caixa.gov.br
http://www.caixa.gov.br
https://www2.bancobrasil.com.br
https://www11.bb.com.br
http://www.bb.com.br
http://www.caixa.com.br
https://bankline.itau.com.br

Any login details entered on the fake page are recorded by the Trojan.

The Trojan also creates a number of JPG and TXT files in the c:\windows\system folder.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy