TrojanDownloader:Win32/Tinbanker.A

By Sumo3000 in Trojans

TrojanDownloader:Win32/Tinbanker.A is a Trojan that connects to a particular website to drop and install other malware threats on the corrupted PC. TrojanDownloader:Win32/Tinbanker.A also reduces security settings on the affected computer to drop other security infections. While being installed, TrojanDownloader:Win32/Tinbanker.A makes system changes by adding malevolent files and making registry modifications. TrojanDownloader:Win32/Tinbanker.A creates the registry entry so that it can load automatically whenever you boot up Windows. TrojanDownloader:Win32/Tinbanker.A also alters the Internet Explorer settings. TrojanDownloader:Win32/Tinbanker.A restricts Internet Explorer from checking for signatures in a downloaded program to affirm its legitimacy. TrojanDownloader:Win32/Tinbanker.A also restricts Windows from marking file attachments using their zone information. TrojanDownloader:Win32/Tinbanker.A adds certain files as low-risk, even though these files are mainly used by malware infectionsTrojanDownloader:Win32/Tinbanker.A can drop and install other malware threats. TrojanDownloader:Win32/Tinbanker.A drops a RAR file named 'Geral.rar' from a particular domain.

SpyHunter Detects & Remove TrojanDownloader:Win32/Tinbanker.A

File System Details

TrojanDownloader:Win32/Tinbanker.A may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	[system folder]\revents.dll
Name: [system folder]\revents.dll Type: Dynamic link library Group: Malware file
2.	[SYSTEM FOLFER]\mplayer2.exe
Name: [SYSTEM FOLFER]\mplayer2.exe Type: Executable File Group: Malware file
3.	Geral.rar
Name: Geral.rar Group: Malware file
4.	d235a8756ddc051ce22ed2308dbe1b01.a114a883f5c8827b1eeaadb14ae06e8a9311246d	d235a8756ddc051ce22ed2308dbe1b01	0
Name: d235a8756ddc051ce22ed2308dbe1b01.a114a883f5c8827b1eeaadb14ae06e8a9311246d MD5: d235a8756ddc051ce22ed2308dbe1b01 Size: 322.56 KB (322560 bytes) Detections: 0 Group: Malware file Last Updated: February 11, 2013
5.	b0b9e967f1eb84a7f7a7471b1c9546c6	b0b9e967f1eb84a7f7a7471b1c9546c6	0
Name: b0b9e967f1eb84a7f7a7471b1c9546c6 MD5: b0b9e967f1eb84a7f7a7471b1c9546c6 Size: 583.93 KB (583936 bytes) Detections: 0 Group: Malware file Last Updated: February 11, 2013

Registry Details

TrojanDownloader:Win32/Tinbanker.A may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "00000001"

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run "wmplayer" = "\mplayer2.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;"

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent "Platform" = "gecko/20100101 firefox/16.0"