Infostealer.Banker.C Description

Infostealer.Banker.C is a Trojan horse with the ability to steal confidential data from a targeted computer. Infostealer.Banker.C may spread via infected e-mails purportedly from ABN-AMRO bank. Infostealer.Banker.C may gather banking details and send them to a remote attacker. The manual removal of Infostealer.Banker.C is not advised due to it stealth tactics and risk of damage to essential system files.

Type: Trojans

Aliases: Trojan-Spy.Win32.Zbot.gen (Kaspersky Lab)
, PWS:Win32/Zbot.gen!R (Microsoft)
, Win32/IRCBot.worm.variant (AhnLab)
, PWS-Zbot.gen.c (McAfee).

Automatic Detection of Infostealer.Banker.C

Infostealer.Banker.C Technical Report

As new Infostealer.Banker.C details are reported by our customers and findings from our Threat Research Center, we will update this section.

Infostealer.Banker.C’s Country of Origin:

• Russia

Infostealer.Banker.C has typically the following processes in memory:

• %ProgramFiles%\carb.exe
• %ProgramFiles%\microsoft common\svchost.exe
• %Programs%\startup\ihaupd32.exe
• %System%\drivers\ub6owr1pvlu.sys
• %System%\intel32.exe
• %System%\kerneldrv.exe
• %System%\mail.exe
• %System%\oembios.exe
• %System%\sfnp.exe
• %System%\twex.exe
• %System%\win32avs.exe
• %System%\winds32.exe
• %Temp%\090322-5-4.exe
• %Temp%\baracudanew.exe
• %Temp%\game.exe
• %Temp%\jdey.exe
• %Temp%\my.exe
• %Temp%\svchost.exe
• %Temp%\tmp2.exe
• %Temp%\ziqkj4zjgl.exe
• %UserProfile%\yerg.exe
• %Windir%\help\eb6c4499b05f.exe
• %Windir%\svhoster.exe
• c:\programm files\premium_crypter.exe
• %ProgramFiles%\bifrost\server.exe
• %ProgramFiles%\internet explorer\hunterp.exe
• %ProgramFiles%\test.exe
• %System%\drivers\no3kkjcgtts.sys
• %System%\htmlxyexy.dll
• %System%\javaz.exe
• %System%\logon.exe
• %System%\ntos.exe
• %System%\sdra64.exe
• %System%\sys2_32.dll
• %System%\updat.exe
• %System%\windows64.exe
• %System%\yvinvul.exe
• %Temp%\6_ldr.exe
• %Temp%\file.exe
• %Temp%\ixp000.tmp\serv.exe
• %Temp%\ldr_cosmosi.ru_recrypted.exe
• %Temp%\s09016.exe
• %Temp%\tmp1.exe
• %Temp%\zews.exe
• %UserProfile%\xrt_mgec.exe
• %Windir%\help\eb6c4499b05f.dll
• %Windir%\shl.exe
• %Windir%\system\keygen.exe
• c:\setup\setup.exe
• %CommonAppData%\uvafwncj\gvcnglid.exe
• %ProgramFiles%\crakall\madness crypter\madness crypter\stub.exe
• %ProgramFiles%\microsoft common\wuacult.exe
• %System%\1033v.exe
• %System%\htmlxsixs.dll
• %System%\javaa.exe
• %System%\linkvc5.dll
• %System%\mcenspc.dll
• %System%\pavuppad.exe
• %System%\spools.exe
• %System%\twext.exe
• %System%\win32z.exe
• %System%\wsnpoema.exe
• %Temp%\090322-c-12.exe
• %Temp%\dll.exe
• %Temp%\ixp000.tmp\keygen.exe
• %Temp%\ldr.exe
• %Temp%\rarsfx0\1.exe
• %Temp%\temp.exe
• %Temp%\u83724.exe
• %UserProfile%\mekoa.exe
• %Windir%\csrss.exe
• %Windir%\iexplorer.exe
• %Windir%\svzip.exe
• c:\restore\k-1-3542-4232123213-7676767-8888886\ogard.exe

Important Article Disclaimer