Home Malware Programs Trojans Infostealer.Bancos

Infostealer.Bancos

Posted: October 12, 2009

Infostealer.Bancos is a Trojan horse, which steals passwords. It imitates the interface of certain Brazilian banks with a purpose to collect passwords and other sensitive information from users of an affected computer. The Trojan usually comes as an e-mail attachment that appears to have come from Symantec. Symantec is in no way associated or affiliated with Infostealer.Bancos.
The following instructions related to all existing and recent Symantec antivirus products, which include the Symantec AntiVirus and Norton AntiVirus product lines, should be taken to remove Infostealer.Bancos:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.
4. Eliminate any values added to the registry.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\Msvbvm60.dll
    2 %System%\Winmaxy.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"WinMenssage"
Loading...