Sophos

Sophos blogs

Troj/Banker-CZ

Aliases
  • Trojan-Spy.Win32.Banker.ii
  • TSPY_BANCBAN.MA
Category
Type
What to do
Prevalence low high

Summary

 
Affected operating systems Windows
Protection available since 2 June 2005 13:22:44 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

Troj/Banker-CZ is an internet banking Trojan.

Troj/Banker-CZ includes functionality to disable other applications, steal confidential information and capture keystrokes.

When Troj/Banker-CZ is installed it creates the file <System>\D5133\words.vxd. This file may be deleted.

The following registry entry is created to run csrss.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Norton Protect Activies
<System>\D5133\csrss.exe

Troj/Banker-CZ attempts to disable the following processes:

NAVAP Wnd Class
ccAppWindow
Navapw32.exe

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows\Shell
Nome_Email_Definido
<random number>.bkp

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer