Troj/Banker-DNM

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	March 2007 (4.15)
Protection available since	22 September 2006 09:23:11 (GMT)
Last updated	25 January 2007 04:59:50 (GMT)
Detected by	All Sophos products

Troj/Banker-DNM is an internet banking Trojan for the Windows platform.

When run, the Trojan creates the following files:

<System>\agpbrdg0.dll (Detected as Troj/Banker-DLD)
<System>\agpbrdg5.sys (Detected as Troj/Haxdor-Gen)
<System>\ksl48.bin (Can be safely removed)

The Trojan sets registry entries under:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\agpbrdg0

Get reports about the latest virus and spyware threats delivered to your computer