Sus/Banspy-A

Category	Suspicious behavior and files
Type	Suspicious behavior
What's been detected	Sus/Banspy-A exhibits characteristics commonly, but not exclusively, found in malware.
What to do	If you've received an alert, then the detected file is likely to be malicious, but it's up to you to choose whether to trust the file or take other action.

Summary

Summary
Action
More Information


Affected operating systems	Windows
Included in our products from	May 2008 (4.29)
Protection available since	4 April 2008 19:19:08 (GMT)
Detected by	Sophos Anti-Virus for Windows, version 7

Action

Summary
Action
More Information

Your options

If you've received an alert, then you have 2 options:

authorize the file
send the file to the lab for analysis

Authorize the file if it's from a trusted source.

Send it to the lab for analysis if:

you trust the file, but it generates alerts.
you don't trust the file

To reduce the chance of unwanted detections, Sophos HIPS should be set to 'Alert only' mode for the duration of any software installations.

Sending a file to the lab?

When you complete the sample submission form, please give a reason for your submission and mention this "HIPS/" detection.

More Information

Summary
Action
More Information

Sus/Banspy-A has typical characteristics of an internet banking Trojan.

Typical functionality includes hooking system events, stealing information, and sending it to a remote server.

Get reports about the latest suspicious behavior and file detections delivered to your computer