Thursday, November 6, 2008

Bancos Trojan

Bancos malware description and removal detail
Categories:Trojan,Spyware,Downloader,Hacker Tool
Also known as:

[Kaspersky]Trojan-Spy.Win32.Banker.axc,Trojan-Spy.Win32.Bancos.to,Trojan-Spy.Win32.Banker.anv,Trojan-Spy.Win32.Banker.bdn,Trojan-Spy.Win32.Banker.yy,Trojan-spy.Win32.Banker.bfb,Trojan-Spy.Win32.Bancos.ha,Trojan-Spy.win32.Bancos.ha,Trojan-Spy.Win32.Banker.aww,Trojan-Spy.Win32.Banker.bfv,Trojan-Spy.Win32.Banker.bnz,Trojan-Spy.Win32.Banker.bot,Trojan-Clicker.Win32.Agent.gg,Trojan.Win32.Bancos.ab,Backdoor.Win32.VB.awd,Trojan-Spy.Win32.Banbra.hn,Trojan-Downloader.Win32.Banload.ayg,Trojan-Spy.Win32.Bancos.ro,Trojan-Spy.Win32.Banker.alv,Trojan-spy.Win32.Bancos.yt,Trojan-Spy.Win32.Banker.buc,Trojan-Spy.Win32.Bancos.mi,Trojan-Spy.Win32.Bancos.rx,Trojan-Spy.Win32.Bancos.yz,Trojan-Spy.Win32.Banbra.bq,Trojan-Spy.Win32.Bancos.n,Trojan.Win32.Bancos.c,Trojan-Spy.Win32.Bancos.u,Trojan-Spy.Win32.Banbra.dq,Trojan-Spy.Win32.Bancos.cr,Trojan-Spy.Win32.Delf.cp,Trojan-Spy.Win32.Banker.dv,Trojan-Downloader.Win32.Banload.bqz,Trojan-Spy.Win32.Banker.bkl,Trojan-Spy.Win32.KeyLogger.lj,AdWare.Win32.Beginto.f,Trojan-Spy.Win32.Banker.qu,Trojan-Spy.Win32.Banker.ark,Trojan-Spy.Win32.Banker.ciy;
[McAfee]PWS-Banker.gen.b,PWS-Banker.gen.i,PWS-Banker.gen.aa,PWS-Baker.gen.i,Generic AdClicker.d,PWS-Banker.gen.bc,PWS-Banker.gen.t,PWS-Banker.gen.ac,PWS-Banker.gen.bb,PWS-Banker.gen.j,PWS-Bancker.gen.i,PWS-Banker.gen.I;
[F-Prot]W32/Banker.XF,W32/Bancos.JYT;
[Panda]Trojan Horse;
[Computer Associates]Win32/Bancos!PWS!Trojan,Win32/Bancos.2027520!PWS!Trojan,Win32.PSW.Bancos.K;
[Other]Win32/Bancos.EUF,Win32/Bancos.ETC,Infostealer.Bancos!gen,Win32/Bancos.EPL,Win32/Bancos.EWV,Infostealer.Banpaes,Win32/Bancos.EWW,Win32/Bancos.EWX,Infostealer.Bancos,Win32/Bancos.EWU,Win32/Bancos.EXV,Win32/.EOV,Win32/Bancos.EOW,Win32/Bancos.EOZ,Win32.Bancos.EOP,Trojan-Spy.Win32.Banker.bpf,Win32/Bancos.EPF,Win32/Bancos.EPG,Win32/Bancos.EPA,Win32/Bancos.EPC,Downloader.Bancos,Win32/Bancos.ENZ,Win32/Bancos.EON,Downloader.Bancos!gen,Win32/Bancos.EOS,Win32/Bancos.EOT,Win32/Bancos.EOL,Win32/Bancos.FRL,Win32/Bancos.FRM,Win32/PSW.Bancos.FTT,Win32/PSW.Bancos.V,Infostealer.Bancos.gen,Win32/Bancos.FYD,Win32/Bancos.IC,Win32/Bancos.PG,Win32/Bancos.CD,Troj/Baoncos-N,Win32/Bancos.AQ,Win32/Bancos.PH,Win32/Bancos.RD,Win32/Bancos.TL,Win32/Bancos.W,Troj/Bancos-BY,Win32/Bancos.GKE,Win32/Bancos.RW,W32/Bancos.KM,Troj/Bancos-BQ,Win32/Bancos.MQ,Trojan Horse,Bancos.AON,Win32/Bancos.FD,Win32/Bancos.TP,Win32/Bancos.UP,Win32/Bancos.AW,Win32/Bancos.BE,WIn32/Bancos.OT
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ins4.exe
[%PROFILE_TEMP%]\ins7.exe
[%PROFILE_TEMP%]\insE2.exe
[%STARTUP%]\Reboot.exe
[%SYSTEM%]\imgrt.txt
[%SYSTEM%]\network.exe
[%SYSTEM%]\system32.exe
[%SYSTEM%]\vhosts2
[%SYSTEM%]\wab.exe
[%WINDOWS%]\4-efb7bab6499fc415ee93f4097033deae.exe
[%WINDOWS%]\foxdll.vxd
[%WINDOWS%]\lsass.exe
[%WINDOWS%]\msnmsgr.exe
[%WINDOWS%]\svhs.ocx
[%WINDOWS%]\system\taskmgr.exe
[%WINDOWS%]\winhlp13.dat
[%WINDOWS%]\winhlp32.dat
[%WINDOWS%]\wink1r.dat
[%DESKTOP%]\aindateamo.exe
[%DESKTOP%]\cartao.exe
[%DESKTOP%]\cartaozinho.exe
[%DESKTOP%]\Mensagem__Amor.exe
[%DESKTOP%]\photo.exe
[%DESKTOP%]\portal.exe
[%DESKTOP%]\Software\aindateamo.udd
[%SYSTEM%]\Central de Segurança\csrss.exe
[%SYSTEM%]\clds.scr
[%SYSTEM%]\crss1.ocx
[%SYSTEM%]\csrs.scr
[%SYSTEM%]\csvclhosts.exe
[%SYSTEM%]\drivers\System.exe
[%SYSTEM%]\first.dll
[%SYSTEM%]\HDLL.DLL
[%SYSTEM%]\iexplore.scr
[%SYSTEM%]\imgrt.scr
[%SYSTEM%]\intertrat.exe
[%SYSTEM%]\Isass.scr
[%SYSTEM%]\ItaKbaço
[%SYSTEM%]\kerlupa.exe
[%SYSTEM%]\lsass32.exe
[%SYSTEM%]\n0tepad.exe
[%SYSTEM%]\netburn.scr
[%SYSTEM%]\NETNV66.EXE
[%SYSTEM%]\nsnmsgr.exe
[%SYSTEM%]\nspackk.exe
[%SYSTEM%]\NTX5BMWEXALL.EXE
[%SYSTEM%]\orisys.inf
[%SYSTEM%]\rededint.exe
[%SYSTEM%]\sms32.exe
[%SYSTEM%]\sms32.ini
[%SYSTEM%]\systens32.exe
[%SYSTEM%]\task.scr
[%SYSTEM%]\tasklist32.exe
[%SYSTEM%]\taskmgr.scr
[%SYSTEM%]\tonto.exe
[%SYSTEM%]\WINCTRG.SYS
[%WINDOWS%]\help\unicox.exe
[%WINDOWS%]\ieupdate.dat
[%WINDOWS%]\imgrt.scr
[%WINDOWS%]\jdbgmgrnt.exe
[%WINDOWS%]\kernels32.exe
[%WINDOWS%]\mnsys.exe
[%WINDOWS%]\n0tepad.exe
[%WINDOWS%]\NETVID.EXE
[%WINDOWS%]\regcleaner.exe
[%WINDOWS%]\reterx.exe
[%WINDOWS%]\runlog.dat
[%WINDOWS%]\sampaerio.exe
[%WINDOWS%]\setdebugnt.exe
[%WINDOWS%]\softdwind.exe
[%WINDOWS%]\system\cartao.htm
[%WINDOWS%]\system\lsass.html
[%WINDOWS%]\system\n0tepad.exe
[%WINDOWS%]\system\smsc.exe
[%WINDOWS%]\system\windll.dll
[%WINDOWS%]\windows.exe
[%WINDOWS%]\winx.log
[%PROFILE_TEMP%]\ins4.exe
[%PROFILE_TEMP%]\ins7.exe
[%PROFILE_TEMP%]\insE2.exe
[%STARTUP%]\Reboot.exe
[%SYSTEM%]\imgrt.txt
[%SYSTEM%]\network.exe
[%SYSTEM%]\system32.exe
[%SYSTEM%]\vhosts2
[%SYSTEM%]\wab.exe
[%WINDOWS%]\4-efb7bab6499fc415ee93f4097033deae.exe
[%WINDOWS%]\foxdll.vxd
[%WINDOWS%]\lsass.exe
[%WINDOWS%]\msnmsgr.exe
[%WINDOWS%]\svhs.ocx
[%WINDOWS%]\system\taskmgr.exe
[%WINDOWS%]\winhlp13.dat
[%WINDOWS%]\winhlp32.dat
[%WINDOWS%]\wink1r.dat
[%DESKTOP%]\aindateamo.exe
[%DESKTOP%]\cartao.exe
[%DESKTOP%]\cartaozinho.exe
[%DESKTOP%]\Mensagem__Amor.exe
[%DESKTOP%]\photo.exe
[%DESKTOP%]\portal.exe
[%DESKTOP%]\Software\aindateamo.udd
[%SYSTEM%]\Central de Segurança\csrss.exe
[%SYSTEM%]\clds.scr
[%SYSTEM%]\crss1.ocx
[%SYSTEM%]\csrs.scr
[%SYSTEM%]\csvclhosts.exe
[%SYSTEM%]\drivers\System.exe
[%SYSTEM%]\first.dll
[%SYSTEM%]\HDLL.DLL
[%SYSTEM%]\iexplore.scr
[%SYSTEM%]\imgrt.scr
[%SYSTEM%]\intertrat.exe
[%SYSTEM%]\Isass.scr
[%SYSTEM%]\ItaKbaço
[%SYSTEM%]\kerlupa.exe
[%SYSTEM%]\lsass32.exe
[%SYSTEM%]\n0tepad.exe
[%SYSTEM%]\netburn.scr
[%SYSTEM%]\NETNV66.EXE
[%SYSTEM%]\nsnmsgr.exe
[%SYSTEM%]\nspackk.exe
[%SYSTEM%]\NTX5BMWEXALL.EXE
[%SYSTEM%]\orisys.inf
[%SYSTEM%]\rededint.exe
[%SYSTEM%]\sms32.exe
[%SYSTEM%]\sms32.ini
[%SYSTEM%]\systens32.exe
[%SYSTEM%]\task.scr
[%SYSTEM%]\tasklist32.exe
[%SYSTEM%]\taskmgr.scr
[%SYSTEM%]\tonto.exe
[%SYSTEM%]\WINCTRG.SYS
[%WINDOWS%]\help\unicox.exe
[%WINDOWS%]\ieupdate.dat
[%WINDOWS%]\imgrt.scr
[%WINDOWS%]\jdbgmgrnt.exe
[%WINDOWS%]\kernels32.exe
[%WINDOWS%]\mnsys.exe
[%WINDOWS%]\n0tepad.exe
[%WINDOWS%]\NETVID.EXE
[%WINDOWS%]\regcleaner.exe
[%WINDOWS%]\reterx.exe
[%WINDOWS%]\runlog.dat
[%WINDOWS%]\sampaerio.exe
[%WINDOWS%]\setdebugnt.exe
[%WINDOWS%]\softdwind.exe
[%WINDOWS%]\system\cartao.htm
[%WINDOWS%]\system\lsass.html
[%WINDOWS%]\system\n0tepad.exe
[%WINDOWS%]\system\smsc.exe
[%WINDOWS%]\system\windll.dll
[%WINDOWS%]\windows.exe
[%WINDOWS%]\winx.log

In order to ensure that the Bancos is launched automatically each time the system is booted, the Bancos adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run
[%PROFILE_TEMP%]\ins4.exe
[%PROFILE_TEMP%]\ins7.exe
[%PROFILE_TEMP%]\insE2.exe
[%STARTUP%]\Reboot.exe
[%SYSTEM%]\network.exe
[%SYSTEM%]\system32.exe
[%SYSTEM%]\wab.exe
[%WINDOWS%]\4-efb7bab6499fc415ee93f4097033deae.exe
[%WINDOWS%]\lsass.exe
[%WINDOWS%]\msnmsgr.exe
[%WINDOWS%]\system\taskmgr.exe
[%DESKTOP%]\aindateamo.exe
[%DESKTOP%]\cartao.exe
[%DESKTOP%]\cartaozinho.exe
[%DESKTOP%]\Mensagem__Amor.exe
[%DESKTOP%]\photo.exe
[%DESKTOP%]\portal.exe
[%SYSTEM%]\Central de Segurança\csrss.exe
[%SYSTEM%]\csvclhosts.exe
[%SYSTEM%]\drivers\System.exe
[%SYSTEM%]\intertrat.exe
[%SYSTEM%]\kerlupa.exe
[%SYSTEM%]\lsass32.exe
[%SYSTEM%]\n0tepad.exe
[%SYSTEM%]\nsnmsgr.exe
[%SYSTEM%]\nspackk.exe
[%SYSTEM%]\rededint.exe
[%SYSTEM%]\sms32.exe
[%SYSTEM%]\systens32.exe
[%SYSTEM%]\tasklist32.exe
[%SYSTEM%]\tonto.exe
[%WINDOWS%]\help\unicox.exe
[%WINDOWS%]\jdbgmgrnt.exe
[%WINDOWS%]\kernels32.exe
[%WINDOWS%]\mnsys.exe
[%WINDOWS%]\n0tepad.exe
[%WINDOWS%]\regcleaner.exe
[%WINDOWS%]\reterx.exe
[%WINDOWS%]\sampaerio.exe
[%WINDOWS%]\setdebugnt.exe
[%WINDOWS%]\softdwind.exe
[%WINDOWS%]\system\n0tepad.exe
[%WINDOWS%]\system\smsc.exe
[%WINDOWS%]\windows.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Bancos:

Files:
[%PROFILE_TEMP%]\ins4.exe
[%PROFILE_TEMP%]\ins7.exe
[%PROFILE_TEMP%]\insE2.exe
[%STARTUP%]\Reboot.exe
[%SYSTEM%]\imgrt.txt
[%SYSTEM%]\network.exe
[%SYSTEM%]\system32.exe
[%SYSTEM%]\vhosts2
[%SYSTEM%]\wab.exe
[%WINDOWS%]\4-efb7bab6499fc415ee93f4097033deae.exe
[%WINDOWS%]\foxdll.vxd
[%WINDOWS%]\lsass.exe
[%WINDOWS%]\msnmsgr.exe
[%WINDOWS%]\svhs.ocx
[%WINDOWS%]\system\taskmgr.exe
[%WINDOWS%]\winhlp13.dat
[%WINDOWS%]\winhlp32.dat
[%WINDOWS%]\wink1r.dat
[%DESKTOP%]\aindateamo.exe
[%DESKTOP%]\cartao.exe
[%DESKTOP%]\cartaozinho.exe
[%DESKTOP%]\Mensagem__Amor.exe
[%DESKTOP%]\photo.exe
[%DESKTOP%]\portal.exe
[%DESKTOP%]\Software\aindateamo.udd
[%SYSTEM%]\Central de Segurança\csrss.exe
[%SYSTEM%]\clds.scr
[%SYSTEM%]\crss1.ocx
[%SYSTEM%]\csrs.scr
[%SYSTEM%]\csvclhosts.exe
[%SYSTEM%]\drivers\System.exe
[%SYSTEM%]\first.dll
[%SYSTEM%]\HDLL.DLL
[%SYSTEM%]\iexplore.scr
[%SYSTEM%]\imgrt.scr
[%SYSTEM%]\intertrat.exe
[%SYSTEM%]\Isass.scr
[%SYSTEM%]\ItaKbaço
[%SYSTEM%]\kerlupa.exe
[%SYSTEM%]\lsass32.exe
[%SYSTEM%]\n0tepad.exe
[%SYSTEM%]\netburn.scr
[%SYSTEM%]\NETNV66.EXE
[%SYSTEM%]\nsnmsgr.exe
[%SYSTEM%]\nspackk.exe
[%SYSTEM%]\NTX5BMWEXALL.EXE
[%SYSTEM%]\orisys.inf
[%SYSTEM%]\rededint.exe
[%SYSTEM%]\sms32.exe
[%SYSTEM%]\sms32.ini
[%SYSTEM%]\systens32.exe
[%SYSTEM%]\task.scr
[%SYSTEM%]\tasklist32.exe
[%SYSTEM%]\taskmgr.scr
[%SYSTEM%]\tonto.exe
[%SYSTEM%]\WINCTRG.SYS
[%WINDOWS%]\help\unicox.exe
[%WINDOWS%]\ieupdate.dat
[%WINDOWS%]\imgrt.scr
[%WINDOWS%]\jdbgmgrnt.exe
[%WINDOWS%]\kernels32.exe
[%WINDOWS%]\mnsys.exe
[%WINDOWS%]\n0tepad.exe
[%WINDOWS%]\NETVID.EXE
[%WINDOWS%]\regcleaner.exe
[%WINDOWS%]\reterx.exe
[%WINDOWS%]\runlog.dat
[%WINDOWS%]\sampaerio.exe
[%WINDOWS%]\setdebugnt.exe
[%WINDOWS%]\softdwind.exe
[%WINDOWS%]\system\cartao.htm
[%WINDOWS%]\system\lsass.html
[%WINDOWS%]\system\n0tepad.exe
[%WINDOWS%]\system\smsc.exe
[%WINDOWS%]\system\windll.dll
[%WINDOWS%]\windows.exe
[%WINDOWS%]\winx.log
[%PROFILE_TEMP%]\ins4.exe
[%PROFILE_TEMP%]\ins7.exe
[%PROFILE_TEMP%]\insE2.exe
[%STARTUP%]\Reboot.exe
[%SYSTEM%]\imgrt.txt
[%SYSTEM%]\network.exe
[%SYSTEM%]\system32.exe
[%SYSTEM%]\vhosts2
[%SYSTEM%]\wab.exe
[%WINDOWS%]\4-efb7bab6499fc415ee93f4097033deae.exe
[%WINDOWS%]\foxdll.vxd
[%WINDOWS%]\lsass.exe
[%WINDOWS%]\msnmsgr.exe
[%WINDOWS%]\svhs.ocx
[%WINDOWS%]\system\taskmgr.exe
[%WINDOWS%]\winhlp13.dat
[%WINDOWS%]\winhlp32.dat
[%WINDOWS%]\wink1r.dat
[%DESKTOP%]\aindateamo.exe
[%DESKTOP%]\cartao.exe
[%DESKTOP%]\cartaozinho.exe
[%DESKTOP%]\Mensagem__Amor.exe
[%DESKTOP%]\photo.exe
[%DESKTOP%]\portal.exe
[%DESKTOP%]\Software\aindateamo.udd
[%SYSTEM%]\Central de Segurança\csrss.exe
[%SYSTEM%]\clds.scr
[%SYSTEM%]\crss1.ocx
[%SYSTEM%]\csrs.scr
[%SYSTEM%]\csvclhosts.exe
[%SYSTEM%]\drivers\System.exe
[%SYSTEM%]\first.dll
[%SYSTEM%]\HDLL.DLL
[%SYSTEM%]\iexplore.scr
[%SYSTEM%]\imgrt.scr
[%SYSTEM%]\intertrat.exe
[%SYSTEM%]\Isass.scr
[%SYSTEM%]\ItaKbaço
[%SYSTEM%]\kerlupa.exe
[%SYSTEM%]\lsass32.exe
[%SYSTEM%]\n0tepad.exe
[%SYSTEM%]\netburn.scr
[%SYSTEM%]\NETNV66.EXE
[%SYSTEM%]\nsnmsgr.exe
[%SYSTEM%]\nspackk.exe
[%SYSTEM%]\NTX5BMWEXALL.EXE
[%SYSTEM%]\orisys.inf
[%SYSTEM%]\rededint.exe
[%SYSTEM%]\sms32.exe
[%SYSTEM%]\sms32.ini
[%SYSTEM%]\systens32.exe
[%SYSTEM%]\task.scr
[%SYSTEM%]\tasklist32.exe
[%SYSTEM%]\taskmgr.scr
[%SYSTEM%]\tonto.exe
[%SYSTEM%]\WINCTRG.SYS
[%WINDOWS%]\help\unicox.exe
[%WINDOWS%]\ieupdate.dat
[%WINDOWS%]\imgrt.scr
[%WINDOWS%]\jdbgmgrnt.exe
[%WINDOWS%]\kernels32.exe
[%WINDOWS%]\mnsys.exe
[%WINDOWS%]\n0tepad.exe
[%WINDOWS%]\NETVID.EXE
[%WINDOWS%]\regcleaner.exe
[%WINDOWS%]\reterx.exe
[%WINDOWS%]\runlog.dat
[%WINDOWS%]\sampaerio.exe
[%WINDOWS%]\setdebugnt.exe
[%WINDOWS%]\softdwind.exe
[%WINDOWS%]\system\cartao.htm
[%WINDOWS%]\system\lsass.html
[%WINDOWS%]\system\n0tepad.exe
[%WINDOWS%]\system\smsc.exe
[%WINDOWS%]\system\windll.dll
[%WINDOWS%]\windows.exe
[%WINDOWS%]\winx.log

Folders:
[%PROGRAM_FILES%]\Microsoft Studio Files

Registry Keys:
HKEY_CLASSES_ROOT\typelib\{14a5f3e7-b235-4d98-9264-5c67d2657bc4}
HKEY_CURRENT_USER\dark
HKEY_LOCAL_MACHINE\software\sos
HKEY_CLASSES_ROOT\ib.cbrowserhelper
HKEY_CLASSES_ROOT\ib1dll6.cbrowserhelper
HKEY_CLASSES_ROOT\interface\{1c9f6e80-19b7-4b6c-a992-eb7809fc6be6}
HKEY_CLASSES_ROOT\interface\{8c691f25-c565-4fb7-8bcc-e85169bd7c47}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\javavm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\service system
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\system32
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\winupd
HKEY_LOCAL_MACHINE\software\microsoft\windows\huhu549

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices\microsoft service manager
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\dark
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\microsoft service manager

Removing Bancos:

An up-to-date copy of ExterminateIt should detect and prevent infection from Bancos.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Bancos manually.

To completely manually remove Bancos malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.

  1. Use Task Manager to terminate the Bancos process.
  2. Delete the original Bancos file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.

ExterminateIt effectively and automatically removes Bancos from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Bancos!

Also Be Aware of the Following Threats:
Remove Deggoo Trojan
Stub BHO Removal instruction
Removing Pigeon.AVW Trojan
Screen.Control RAT Information
Removing Vxidl.BBQ Trojan

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)