Infostealer.Banker.C
Infostealer.Banker.C has the capability to steal confidential information stored on an infected computer and sends the gathered data onto a remote source. Infostealer.Banker.C is another malicious trojan horse that may represent security risk for a compromised PC system or a network environment. Infostealer.Banker.C penetrates the system without the user's knowledge or permission. Infostealer.Banker.C can easily contact a remote server to download other harmful parasites onto the infected computer that can later cause damage. Symptoms for Infostealer.Banker.C include the computer screen flipping upside down or inverting and documents or messages printing by themselves. For the safety of your computer, Infostealer.Banker.C should be immediately removed.
Aliases
PWS:Win32/Zbot.gen!R (Microsoft)
Win32/IRCBot.worm.variant (AhnLab)
PWS-Zbot.gen.c (McAfee)
File System Modifications
- The following files were created in the system:
# File Name 1 %CommonAppData%\uvafwncj\gvcnglid.exe 2 %ProgramFiles%\bifrost\server.exe 3 %ProgramFiles%\carb.exe 4 %ProgramFiles%\crakall\madness crypter\madness crypter\stub.exe 5 %ProgramFiles%\internet explorer\hunterp.exe 6 %ProgramFiles%\microsoft common\svchost.exe 7 %ProgramFiles%\microsoft common\wuacult.exe 8 %ProgramFiles%\test.exe 9 %Programs%\startup\ihaupd32.exe 10 %System%\1033v.exe 11 %System%\drivers\no3kkjcgtts.sys 12 %System%\drivers\ub6owr1pvlu.sys 13 %System%\htmlxsixs.dll 14 %System%\htmlxyexy.dll 15 %System%\intel32.exe 16 %System%\javaa.exe 17 %System%\javaz.exe 18 %System%\kerneldrv.exe 19 %System%\linkvc5.dll 20 %System%\logon.exe 21 %System%\mail.exe 22 %System%\mcenspc.dll 23 %System%\ntos.exe 24 %System%\oembios.exe 25 %System%\pavuppad.exe 26 %System%\sdra64.exe 27 %System%\sfnp.exe 28 %System%\spools.exe 29 %System%\sys2_32.dll 30 %System%\twex.exe 31 %System%\twext.exe 32 %System%\updat.exe 33 %System%\win32avs.exe 34 %System%\win32z.exe 35 %System%\windows64.exe 36 %System%\winds32.exe 37 %System%\wsnpoema.exe 38 %System%\yvinvul.exe 39 %Temp%\090322-5-4.exe 40 %Temp%\090322-c-12.exe 41 %Temp%\6_ldr.exe 42 %Temp%\baracudanew.exe 43 %Temp%\dll.exe 44 %Temp%\file.exe 45 %Temp%\game.exe 46 %Temp%\ixp000.tmp\keygen.exe 47 %Temp%\ixp000.tmp\serv.exe 48 %Temp%\jdey.exe 49 %Temp%\ldr.exe 50 %Temp%\ldr_cosmosi.ru_recrypted.exe 51 %Temp%\my.exe 52 %Temp%\rarsfx0\1.exe 53 %Temp%\s09016.exe 54 %Temp%\svchost.exe 55 %Temp%\temp.exe 56 %Temp%\tmp1.exe 57 %Temp%\tmp2.exe 58 %Temp%\u83724.exe 59 %Temp%\zews.exe 60 %Temp%\ziqkj4zjgl.exe 61 %UserProfile%\mekoa.exe 62 %UserProfile%\xrt_mgec.exe 63 %UserProfile%\yerg.exe 64 %Windir%\csrss.exe 65 %Windir%\help\eb6c4499b05f.dll 66 %Windir%\help\eb6c4499b05f.exe 67 %Windir%\iexplorer.exe 68 %Windir%\shl.exe 69 %Windir%\svhoster.exe 70 %Windir%\svzip.exe 71 %Windir%\system\keygen.exe 72 c:\programm files\premium_crypter.exe 73 c:\restore\k-1-3542-4232123213-7676767-8888886\ogard.exe 74 c:\setup\setup.exe
This actually answered my problem, thank you!