Troj/Bancban-OX

Aliases	Trojan-Spy.Win32.Banker.bjg Infostealer.Bancos
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	5 June 2006 21:00:16 (GMT)
Last updated	22 November 2006 06:12:43 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Bancban-OX is a banking Trojan for the Windows platform.

Troj/Bancban-OX attempts to log information sent to certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information may sent by email to a remote user.

Troj/Bancban-OX sets the following registry entry to run the file netburn.scr on startup, which may be a copy of itself:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
boby
<Windows system folder>\netburn.scr

Troj/Bancban-OX drops the clean file <Windows system folder>\csrs.txt.

Troj/Bancban-OX attempts to download files from remote websites to the following locations and then execute them:

<Windows system folder>\Isass.scr
<Windows system folder>\msnmsnr.scr
RemotoMSN.txt
sys.txt

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Troj/Bancban-OX

Summary

Action

More Information