Troj/Bankgerm-C

Category:	Viruses and Spyware
Type:	Trojan
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Bankgerm-C is a password-stealing Trojan.

Troj/Bankgerm-C drops the file iempview.dll, detected as Troj/Bancsde-A, to the Windows folder to assist in its Trojan functionality.

Troj/Bankgerm-C steals information related to certain banking-related websites as they are accessed, sending this information periodically using Microsoft Internet Explorer to a predefined.

Troj/Bankgerm-C may display fake websites to get the user to enter private information. The urls being tracked are:

'banking-classic.postbank.de'
'banking.postbank.de'
'cc-bank.de'
'citibank.de'
'deutsche-bank.de'

Troj/Bankgerm-C may create or modify the following registry entries:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Setting\
WarnOnPostRedirect
0

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Setting\
WarnOnZoneCrossing
0

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\
1609
0

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\
1609
0

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
1609
0

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
1609
0

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\
1609
0

Try Sophos products for free
Download now

Troj/Bankgerm-C

Free Mac Anti-Virus

Popular topics