Sophos

Sophos blogs

Troj/Banker-R

Aliases
  • TrojanSpy.Win32.Banker.r
Category
Type
What to do
Prevalence low high

Summary

 
Protection available since 22 April 2004 13:34:33 (GMT)
Last updated 8 July 2004 10:04:36 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

Troj/Banker-R is a password stealing Trojan that attempts to capture keylogs
associated with web browsing.

Troj/Banker-R creates the following files which are all detected by this
identity:

<Windows>\dllreg.exe
<Windows>\sock64.dll
<StartUp>\rundllw.exe
<Windows System>\load32.exe
<Windows System>\vxdmgr32.exe

In order to run on system restart Troj/Banker-R creates the following
registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32

Troj/Banker-R attempts to send details to a Russian email address.

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer