Threat Database Trojans TrojanProxy:BAT/Banker.E

TrojanProxy:BAT/Banker.E

By Domesticus in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 328
First Seen: November 16, 2012
Last Seen: May 27, 2023
OS(es) Affected: Windows

TrojanProxy:BAT/Banker.E is a Trojan that causes unwanted redirects of the haked web browser to dubious websites that are designed by cybercriminals to steal or 'phish' personal information from the victims. In order to fulfill this, TrojanProxy:BAT/Banker.E alters system and browser settings that may make the compromised PC unsafe. While being installed on the corrupted machine, TrojanProxy:BAT/Banker.E makes modifications to the Windows Registry. TrojanProxy:BAT/Banker.E drops and loads a file, via a server, that may involve configuration settings for Internet Explorer. TrojanProxy:BAT/Banker.E guarantees that Internet Explorer uses the HTTP 1.1 standard, possibly to guarantee websites that the affected computer user is diverted to are illustrated correctly on the computer. TrojanProxy:BAT/Banker.E disables the option to specify a proxy for connecting to websites via a LAN (local area network), and guarantees that it uses the HTTP 1.1 standard for proxy connections. TrojanProxy:BAT/Banker.E makes the Advanced tab invisible in the Internet Explorer options window and disables the ability to restore the home page and search engines to their defaults. TrojanProxy:BAT/Banker.E urges Internet Explorer to use configuration settings given in a file and alters settings for the Mozilla Firefox Internet browser by making the changes in the preferences file. TrojanProxy:BAT/Banker.E also erases content in the particular folders that may be linked to security settings for the web browser including Google Chrome, Mozilla Firefox and Internet Explorer.

File System Details

TrojanProxy:BAT/Banker.E may create the following file(s):
# File Name Detections
1. "%AppData%\Mozilla\Firefox\Profiles\prefs.js"

Registry Details

TrojanProxy:BAT/Banker.E may create the following registry entry or registry entries:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "0"
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel "ResetWebSettings" = "1"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "EnableHttp1_1" = "1"
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel "AdvancedTab" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "AutoConfigUrl" = "top3.msnbrasiltop.com"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyHttp1.1" = "0"
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel "Autoconfig" = "1"

Trending

Most Viewed

Loading...