Sophos

Sophos blogs

CashBank

Category
Type
What to do
  • If you've received an alert for a blocked PUA or adware and decide that the application is not suitable for your workplace, then follow the instructions for removing PUAs.

Summary

 
Affected operating systems Windows
Characteristics
  • Installs itself in the registry
  • Monitors browser activity
Protection available since 3 May 2007 08:24:35 (GMT)
Detected by Sophos Anti-Virus for Windows, version 7, and PureMessage for Microsoft Exchange.

More Information

CashBank is a Trojan for the Windows platform.

CashBank includes functionality to access the internet and communicate with a remote server via HTTP.

When CashBank is installed the following files are created:

<Windows>\cashn.exe
<Windows>\cashr.dll
<Windows>\delpa.exe
<System>\tlnter.exe

The file tlnter.exe is registered as a new system driver service named "wkststp", with a display name of "Workstation Service" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\wkststp

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mycashbank

CashBank provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "Mycashbank".

RSS|Atom
Get reports about the latest adware and potentially unwanted applications (PUAs) delivered to your computer