Trojan-PSW.Banker
Trojan-PSW.Banker is a banking trojan that uses malicious stealth-mode tactics to download other harmful files from the Internet. Trojan-PSW.Banker can disable firewalls and steal sensitive financial data like credit card numbers and online banking login details. Trojan-PSW.Banker also takes screen snapshots and download additional components before providing a hacker with the remote access to the compromised system. Trojan-PSW.Banker contains all the characteristics of an identified security risk and should be exterminated immediately.
Aliases
PWS:Win32/Zbot.gen!R (Microsoft)
Generic PWS.y!bbb (McAfee)
Trojan-Spy.Win32.Zbot.gen (Kaspersky Lab)
Mal/EncPk-LE, Mal/Behav-353 (Sophos)
Trojan-Spy.Win32.Zbot (Ikarus)
Win32/IRCBot.worm.variant (AhnLab)
Generic PWS.y!bbb (McAfee)
Trojan-Spy.Win32.Zbot.gen (Kaspersky Lab)
Mal/EncPk-LE, Mal/Behav-353 (Sophos)
Trojan-Spy.Win32.Zbot (Ikarus)
Win32/IRCBot.worm.variant (AhnLab)
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\lowsec\local.ds 2 %System%\lowsec\user.ds 3 %System%\lowsec\user.ds.lll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.