Content

Generic.dx!51AC2AA0

Type
Trojan
SubType
-
Discovery Date
09/07/2008
Length
1001840
Minimum DAT
5378 (09/05/2008)
Updated DAT
5378 (09/05/2008)
Minimum Engine
5.3.00
Description Added
09/07/2008
Description Modified
09/07/2008 8:05 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

File PropertyProperty Value
FileName86c11552.exe
McAfee DetectionPWS-Banker
Length1,001,840 bytes
CRC51AC2AA0
MD586C11552517CED2640549D1CFDE66959
SHA1CAF7DDB69080791A1B4CE5EDD698D618FDFAD3FD

Other Common Detection Aliases

Company NameDetection Name
ahnlabWin-Trojan/Banker.1001840
avastWin32:Trojan-gen {Other}
AVG (GriSoft)Generic10.OSI
AviraTR/Crypt.CFI.Gen
BitDefenderGeneric.Banker.Delf.757D1B86
clamavTrojan.Spy.Banker-94
eSafe (Alladin)Win32.Stration
Eset~a variant of Win32/Spy.Banker
microsoftTrojanSpy:Win32/Bancos.gen!A
normanw32/packed/mew_1.a
panda~NEW_VIRUS
SophosMal/Banspy-F
SymantecTrojan Horse
Trend MicroCryp_MEW-11
V-Buster~Packed/MEW

Avert® Labs has observed the following system activities:

ActivityRisk Level
Enumerates open windows
Medium
Writes executable in the windows folder
Low
Creates registry keys and data values to persist on OS reboot
Informational

Other detections that have been observed.

FileNameMcAfee Supported
%WINDIR%\system32\taskmgnr.exe
PWS-Banker

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files have been added to the system:

  • %WINDIR%\kb03032008.txt
  • %WINDIR%\system32\taskmgnr.exe

    • The following registry elements have been changed:

  • hkey_local_machine\software\microsoft\windows\currentversion\run\
    • taskmgnr = c:\windows\system32\taskmgnr.exe

    • Symptoms

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

    Removal

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants

      N/A

    All Information

    Overview -

    This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

    Characteristics

    Characteristics -

    File PropertyProperty Value
    FileName86c11552.exe
    McAfee DetectionPWS-Banker
    Length1,001,840 bytes
    CRC51AC2AA0
    MD586C11552517CED2640549D1CFDE66959
    SHA1CAF7DDB69080791A1B4CE5EDD698D618FDFAD3FD

    Other Common Detection Aliases

    Company NameDetection Name
    ahnlabWin-Trojan/Banker.1001840
    avastWin32:Trojan-gen {Other}
    AVG (GriSoft)Generic10.OSI
    AviraTR/Crypt.CFI.Gen
    BitDefenderGeneric.Banker.Delf.757D1B86
    clamavTrojan.Spy.Banker-94
    eSafe (Alladin)Win32.Stration
    Eset~a variant of Win32/Spy.Banker
    microsoftTrojanSpy:Win32/Bancos.gen!A
    normanw32/packed/mew_1.a
    panda~NEW_VIRUS
    SophosMal/Banspy-F
    SymantecTrojan Horse
    Trend MicroCryp_MEW-11
    V-Buster~Packed/MEW

    Avert® Labs has observed the following system activities:

    ActivityRisk Level
    Enumerates open windows
    		Medium
    Writes executable in the windows folder
    		Low
    Creates registry keys and data values to persist on OS reboot
    		Informational

    Other detections that have been observed.

    FileNameMcAfee Supported
    %WINDIR%\system32\taskmgnr.exe
    		PWS-Banker

    System Changes

    These are general defaults for typical path variables. (Although they may differ, these examples are common.):
    %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
    %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
    %ProgramFiles% = \Program Files

    The following files have been added to the system:

  • %WINDIR%\kb03032008.txt
  • %WINDIR%\system32\taskmgnr.exe

    • The following registry elements have been changed:

  • hkey_local_machine\software\microsoft\windows\currentversion\run\
    • taskmgnr = c:\windows\system32\taskmgnr.exe

    • Symptoms

    Symptoms -

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    Method of Infection -

    Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

    Removal -

    Removal -

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants -

      N/A