Technical details:
Categories: Trojan
[Kaspersky]Backdoor.Win32.Bandok.h,Backdoor.Win32.Bandok.ad,Trojan-Downlaoder.Win32.BHO.I,Trojan.Win32.BHO.cs,Trojan.Win32.Kolweb.v;
[McAfee]Spy-Agent.cf;
[Other]Win32/Banbot.B,Win32/Banbot,Win32/Banbot.C,Win32/Banbot.J,Win32/Banbot.K,Win32/Banbot.N,Win32/Banbot.O
Banbot Files:
[%SYSTEM%]\scvhost.exe
[%PROFILE%]\microsoft.dll
[%PROFILE%]\microsoft.exe
[%SYSTEM%]\alrri.exe
[%WINDOWS%]\bndkhook.dll
[%SYSTEM_DRIVE%]\windows_xp.exe
[%SYSTEM%]\scvhost.exe
[%PROFILE%]\microsoft.dll
[%PROFILE%]\microsoft.exe
[%SYSTEM%]\alrri.exe
[%WINDOWS%]\bndkhook.dll
[%SYSTEM_DRIVE%]\windows_xp.exe
Banbot Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
HKEY_CLASSES_ROOT\clsid\{20f49338-a318-478f-8f91-2c7c440e4c0e}
HKEY_CLASSES_ROOT\clsid\{3080b29a-04b0-4095-beb7-b797b7d7f690}
HKEY_CLASSES_ROOT\clsid\{48aafe68-bfe3-4e05-9451-6cf4db7dafb7}
HKEY_CLASSES_ROOT\clsid\{5af61f75-e322-4f98-af9f-03886cb025f6}
HKEY_CLASSES_ROOT\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b6a807n6-42df-4w02-93e5-b156b3fa8al1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{20f49338-a318-478f-8f91-2c7c440e4c0e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5af61f75-e322-4f98-af9f-03886cb025f6}
Banbot Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
Banbot indications of infection
This symptoms of Banbot detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
Nuke.Nukeit Trojan Information
No comments:
Post a Comment