Troj/Banker-DMN

Category: Viruses and Spyware Protection available since:20 Sep 2006 00:00:00 (GMT)
Type: Trojan Last Updated:20 Sep 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Banker-DMN is an internet banking Trojan for the Windows platform.

Troj/Banker-DMN monitors the user's internet access and steals on-line banking details.

When Troj/Banker-DMN is installed the following files are created:

<System>\agpbrdg0.dll - detected as Troj/Banker-DLD
<System>\agpbrdg5.sys - detected as Troj/Haxdor-Gen
<System>\ksl48.bin - can be safely deleted

The following registry entries are created to run code exported by agpbrdg0.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\agpbrdg0
DllName
agpbrdg0.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\agpbrdg0
Startup
agpbrdg0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\agpbrdg0
Impersonate
1

Troj/Banker-DMN includes functionality to:

- modify the HOSTS file
- harvest the usernames and passwords from the Protected storage areas as well as from the Internet Account Manager

The Trojan also attempts to block access to anti-virus and security related websites including:

updates1.kaspersky-labs.com
customer.symantec.com
download.mcafee.com
downloads1.kaspersky-labs.com
downloads1.kaspersky-labs.com
downloads2.kaspersky-labs.com
avp.com
avp.ru
awaps.net
downloads3.kaspersky-labs.com
dispatch.mcafee.com
downloads4.kaspersky-labs.com
avp.ch
updates1.kaspersky-labs.com
updates2.kaspersky-labs.com
virustotal.com
updates3.kaspersky-labs.com
d-ru-2f.kaspersky-labs.com
updates3.kaspersky-labs.com
updates4.kaspersky-labs.com
updates5.kaspersky-labs.com
downloads-us1.kaspersky-labs.com
downloads-us2.kaspersky-labs.com
downloads-us3.kaspersky-labs.com
engine.awaps.net
f-secure.com
ftp.avp.ch
ftp.downloads2.kaspersky-labs.com
ftp.f-secure.com
ftp.kasperskylab.ru
ftp.kaspersky.ru
d-ru-1f.kaspersky-labs.com
d-eu-1f.kaspersky-labs.com
rads.mcafee.com
d-eu-2f.kaspersky-labs.com
liveupdate.symantec.com
d-us-1f.kaspersky-labs.com
ftp.sophos.com
ids.kaspersky-labs.com
kaspersky.com
kaspersky-labs.com
kaspersky.ru
liveupdate.symantecliveupdate.com
mast.mcafee.com
mcafee.com
my-etrust.com
networkassociates.com
phx.corporate-ir.net
securityresponse.symantec.com
service1.symantec.com
sophos.com
spd.atdmt.com
symantec.com
trendmicro.com
update.symantec.com
updates.symantec.com
us.mcafee.com

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy