Ads PWSteal.Bancos.X Thursday, 26 May 2005 PWSteal.Bancos.X is a password stealing Trojan horse that logs keystrokes and steals information entered into certain banking Web sites. The Trojan may also take screenshots of certain banking Web pages in an attempt to collect passwords and other sensitive information. Type: Trojan Horse Infection Length: 700,416 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Once executed,PWSteal.Bancos.X performs the following actions: Copies itself as %System%svchost.scr Note: %System% is a variable that refers to the System folder. By default this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP). Adds the value: "1" = "svchost.scr" to the registry subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun so that it runs every time Windows starts. Monitors active Internet Explorer windows. When a Web site that matches the characteristics of certain banking sites is visited, the Trojan logs keystrokes and steals account details. Captures screenshots or display a fake Web page, depending on what Web site is being visited. Monitors Internet Explorer for access to Web sites containing the following strings in the URL or title: /aapf/aai/login.pbk /hom/index.asp /scripts/engine_brpi.dll /templates/GCMRequest.do?page=1010 GRIPNET/gracgi.exe ibpf.unibanco.com.br/index.asp Banco Bradesco S/A Banespa Bank of America | Home | Personal BEC - Banco do Estado do Cear Bradesco Internet Banking Bradesco S/A CityBank Online Gerenciador Financeiro Internet Banking CAIXA Sends the captured information to an email address on one of the following domains: yahoo.com.br zipmail.com.br To delete the value from the registry Click Start > Run. Type regedit Click OK. Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal. Navigate to the subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun In the right pane, delete the value: "1" = "svchost.scr" Exit the Registry Editor. =============================================   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.