high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | March 2005 (3.91) |
| Protection available since | 7 February 2005 23:01:21 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Change any data that may have become compromised.
More Information
Troj/Bankgerm-C is a password-stealing Trojan.
Troj/Bankgerm-C drops the file iempview.dll, detected as Troj/Bancsde-A, to the Windows folder to assist in its Trojan functionality.
Troj/Bankgerm-C steals information related to certain banking-related websites as they are accessed, sending this information periodically using Microsoft Internet Explorer to a predefined.
Troj/Bankgerm-C may display fake websites to get the user to enter private information. The urls being tracked are:
'banking-classic.postbank.de'
'banking.postbank.de'
'cc-bank.de'
'citibank.de'
'deutsche-bank.de'
Troj/Bankgerm-C may create or modify the following registry entries:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Setting\
WarnOnPostRedirect
0
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Setting\
WarnOnZoneCrossing
0
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\
1609
0
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\
1609
0
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
1609
0
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
1609
0
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\
1609
0
|
