high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 13 May 2005 12:46:15 (GMT) |
| Last updated | 6 June 2005 13:04:34 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Change any data that may have become compromised.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
<filename>
<path and filename>
and delete it if it exists.
Close the registry editor.
More Information
Troj/Banker-HC is a password stealing Trojan for the Windows platform.
Troj/Banker-HC monitors which URLs are visited by the web browser and creates fake web pages for certain Brazilian banking sites in order to log account information. The logged information is sent to remote users via email. Troj/Banker-HC is a password stealing Trojan for the Windows platform.
Troj/Banker-HC creates the following registry entry using the name of the file when executed to ensure it is run at system logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
<filename>
<path and filename>
Troj/Banker-HC monitors which URLs are visited by the web browser and creates fake web pages for certain Brazilian banking sites in order to log account information. The logged information is sent to remote users via email.
|
