high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | November 2006 (4.11) |
| Protection available since | 20 September 2006 08:19:02 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Banker-DMN is an internet banking Trojan for the Windows platform.
Troj/Banker-DMN monitors the user's internet access and steals on-line banking details.
When Troj/Banker-DMN is installed the following files are created:
<System>\agpbrdg0.dll - detected as Troj/Banker-DLD
<System>\agpbrdg5.sys - detected as Troj/Haxdor-Gen
<System>\ksl48.bin - can be safely deleted
The following registry entries are created to run code exported by agpbrdg0.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\agpbrdg0
DllName
agpbrdg0.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\agpbrdg0
Startup
agpbrdg0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\agpbrdg0
Impersonate
1
Troj/Banker-DMN includes functionality to:
- modify the HOSTS file
- harvest the usernames and passwords from the Protected storage areas as well as from the Internet Account Manager
The Trojan also attempts to block access to anti-virus and security related websites including:
updates1.kaspersky-labs.com
customer.symantec.com
download.mcafee.com
downloads1.kaspersky-labs.com
downloads1.kaspersky-labs.com
downloads2.kaspersky-labs.com
avp.com
avp.ru
awaps.net
downloads3.kaspersky-labs.com
dispatch.mcafee.com
downloads4.kaspersky-labs.com
avp.ch
updates1.kaspersky-labs.com
updates2.kaspersky-labs.com
virustotal.com
updates3.kaspersky-labs.com
d-ru-2f.kaspersky-labs.com
updates3.kaspersky-labs.com
updates4.kaspersky-labs.com
updates5.kaspersky-labs.com
downloads-us1.kaspersky-labs.com
downloads-us2.kaspersky-labs.com
downloads-us3.kaspersky-labs.com
engine.awaps.net
f-secure.com
ftp.avp.ch
ftp.downloads2.kaspersky-labs.com
ftp.f-secure.com
ftp.kasperskylab.ru
ftp.kaspersky.ru
d-ru-1f.kaspersky-labs.com
d-eu-1f.kaspersky-labs.com
rads.mcafee.com
d-eu-2f.kaspersky-labs.com
liveupdate.symantec.com
d-us-1f.kaspersky-labs.com
ftp.sophos.com
ids.kaspersky-labs.com
kaspersky.com
kaspersky-labs.com
kaspersky.ru
liveupdate.symantecliveupdate.com
mast.mcafee.com
mcafee.com
my-etrust.com
networkassociates.com
phx.corporate-ir.net
securityresponse.symantec.com
service1.symantec.com
sophos.com
spd.atdmt.com
symantec.com
trendmicro.com
update.symantec.com
updates.symantec.com
us.mcafee.com
|
