Home / malware TrojanSpy:WinNT/Bancos.MV
First posted on 28 May 2009.
Source: SecurityHomeAliases :
TrojanSpy:WinNT/Bancos.MV is also known as Also Known As:Trojan.Win32.KillFiles.anw (Kaspersky), Trojan.KillFiles.AGU (VirusBuster), Trojan.PWS.Bancos.CMR (BitDefender), Win32/KillFiles.NCC (ESET), Generic Del.x!a (McAfee), :Rootkit/Killfiles.CH (Panda).
Explanation :
TrojanSpy:WinNT/Bancos.MV is a detection for the device driver component of TrojanSpy:Win32/Bancos.MV. It attempts to deletes files related to a program designed to defend against malware like Win32/Bancos.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
TrojanSpy:WinNT/Bancos.MV is a detection for the device driver component of TrojanSpy:Win32/Bancos.MV. It attempts to deletes files related to a program designed to defend against malware like Win32/Bancos. TrojanSpy:WinNT/Bancos.MV may be dropped and run by TrojanSpy:Win32/Bancos.MV. It attempts to delete the following files, which may be components of G-Buster Browser Defense, a security program offered by certain banks:all files under the folder %ProgramFiles%GbPlugin %Windir%Downloaded Program FilesGbPlugin<string>.inf %Windir%Downloaded Program Filesgb<string>.dll %Windir%Downloaded Program FilesGbpSv.exe WindowsDownloaded Program Filesisg.gpc WindowsDownloaded Program Filesuni.gpc <system folder>driversgbpkm.sys where <string> is an alphabetical string Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:WinntSystem32; and for XP and Vista is C:WindowsSystem32.
Analysis by Shawn WangLast update 28 May 2009
