VirTool.Win32.Vbinder
VirTool.Win32.Vbinder is a banking Trojan that disables the firewall and steals sensitive financial data like credit card numbers, online banking login details. VirTool.Win32.Vbinder also contains threat characteristics of a ZBot and will make screen snapshots, download additional components and provide a hacker with the remote access to the compromised system. VirTool.Win32.Vbinder operates in stealth-mode and can also download a keylogger program that steals personal information such as banking details and credit card numbers. VirTool.Win32.Vbinder contains characteristics of a high security risk and should be terminated from the compromised computer upon detection.
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\lowsec\local.ds 2 %System%\lowsec\user.ds 3 %System%\lowsec\user.ds.lll 4 %System%\sdra64.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.