Infostealer.Banker.E
Infostealer.Banker.E is a banking Trojan infection that steals personal information, specifically banking and user account details from the infected computer. When Infostealer.Banker.E is installed, it creates its startup registry entry to run each time you start your PC. Infostealer.Banker.E also drops malicious files and creates registry entries to harm a computer system. Infostealer.Banker.E may create files to collect the stolen data and to exchange commands with the remote server. Infostealer.Banker.E also has backdoor capabilities and contacts a remote host on TCP port 80. Infostealer.Banker.E receives commands from the remote attacker and can execute numerous malicious actions. You should remove Infostealer.Banker.E as quickly as possible to protect your PC.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%System%\tns1.dll
File name: %System%\tns1.dllFile type: Dynamic link library
Mime Type: unknown/dll
%System%\conf.dat
File name: %System%\conf.datFile type: Data file
Mime Type: unknown/dat
%System%\conf1.dat
File name: %System%\conf1.datFile type: Data file
Mime Type: unknown/dat
%System%\cookie1.dat
File name: %System%\cookie1.datFile type: Data file
Mime Type: unknown/dat
%System%\rc.dat
File name: %System%\rc.datFile type: Data file
Mime Type: unknown/dat
%System%\ps1.dat
File name: %System%\ps1.datFile type: Data file
Mime Type: unknown/dat
%System%\te.dat
File name: %System%\te.datFile type: Data file
Mime Type: unknown/dat
%System%\bb1.dat
File name: %System%\bb1.datFile type: Data file
Mime Type: unknown/dat
%System%\cs.dat
File name: %System%\cs.datFile type: Data file
Mime Type: unknown/dat
%System%\boa1.dat
File name: %System%\boa1.datFile type: Data file
Mime Type: unknown/dat
%System%\cmds.txt
File name: %System%\cmds.txtMime Type: unknown/txt
%System%\alog.txt
File name: %System%\alog.txtMime Type: unknown/txt
%System%\di1.gif
File name: %System%\di1.gifMime Type: unknown/gif
%System%\dr1.gif
File name: %System%\dr1.gifMime Type: unknown/gif
Registry Modifications
HKEY..\..\{CLSID Path}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLISD\{775B738B-4540-4b16-A1DA-932C402FD8F7}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{775B738B-4540-4b16-A1DA-932C402FD8F7}HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\MRSoftHKEY_LOCAL_MACHINE\SOFTWARE\MRSoft\"1" = "[ENCRYPTED CHARACTERS]"HKEY_LOCAL_MACHINE\SOFTWARE\MRSoft\"P" = "[HEX VALUES]"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.