PWS-Banker!ftm
PWS-Banker!ftm is a dangerous password stealing Trojan that should be removed upon detection. PWS-Banker!ftm spreads manually, usually disguised as a beneficial download or attachment. The distribution channels for PWS-Banker!ftm include peer-to-peer networks, unsolicited e-mails and IRC. On infiltrating a system, PWS-Banker!ftm will capture a victim's keystrokes and send harvested information to a remote server via HTTP. E-mail and bank account information is particularly vulnerable to this threat.
Registry Details
PWS-Banker!ftm may create the following registry entry or registry entries:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{38DF0ADA-84F0-4F17-A072-DA8D738A3B6E}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{38DF0ADA-84F0-4F17-A072-DA8D738A3B6E}\1.0\0\win32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1263456A-B837-4B57-8C66-5C2933B6AE2E}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BFF3D53-96CC-4ABC-B8AD-60F7931471C1}\ProxyStubClsid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07}\Verb\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHHS_Portal_Login_09.MHHS_Login_2009\Clsid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{38DF0ADA-84F0-4F17-A072-DA8D738A3B6E}\1.0\HELPDIR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1263456A-B837-4B57-8C66-5C2933B6AE2E}\ProxyStubClsid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BFF3D53-96CC-4ABC-B8AD-60F7931471C1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BFF3D53-96CC-4ABC-B8AD-60F7931471C1}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHHS_Portal_Login_09.MHHS_Login_2009]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{38DF0ADA-84F0-4F17-A072-DA8D738A3B6E}\1.0\FLAGS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1263456A-B837-4B57-8C66-5C2933B6AE2E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1263456A-B837-4B57-8C66-5C2933B6AE2E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BFF3D53-96CC-4ABC-B8AD-60F7931471C1}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07}\Control]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07}\Verb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07}\MiscStatus\1]
