Microsoft security software detects and removes this threat.

This threat can redirect your browser to another website.

It might be installed by other malware or through drive-by downloads.

What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

You can also visit the Microsoft virus and malware community for more help.

Threat behavior

JS/Banker.gen!A redirects your browser when you try to go to any of the websites associated with the following companies; the complete list contains banks, payment systems, email and social media, and security programs:

In Brazil:

  • B!Cash
  • Banco Amazonia
  • Banco Banese
  • Banco Banrisul
  • Banco Bradesco
  • Banco do Brasil
  • Banco Itaú
  • Banco Santander
  • Banco Sicredi
  • Caixabank
  • Cetelem Brasil
  • Check Check
  • CheckOK
  • Citibank
  • Confirme Online
  • Credicard
  • DigitalSSL
  • Equifax Brasil
  • HSBC Brasil
  • Ingresso
  • Intouch
  • Pagseguro
  • Safra Group
  • Serasa Experian
  • SPC Brasil
  • TAM
  • UOL Produtos e Servicos

In Russia:

  • Ebiblioteka
  • Promsvyazbank
  • Qiq
  • Rustorka
  • Rutracker
  • Sberbank
  • Telebank
  • Visa Qiwi Wallet

Payment systems:

  • American Express
  • Mastercard
  • Paypal
  • Visa

Email and social media:

  • 4shared
  • Facebook
  • Gmail
  • Hotmail
  • Live
  • MSN
  • Orkut
  • Sogou
  • Twitter

Security-related websites:

  • Linha Defensiva
  • Phishtank
  • Threat Expert
  • Virus Total
  • VirusScan
  • ...and majority of antivirus vendor websites
Additional information

TrojanProxy:JS/Banker.gen!A is a detection for malicious Proxy Auto-Config (PAC) files.

PAC files are similar to the HOSTS file in that they can redirect your browser to another website other than the one you originally intended to visit. They are usually set as the configuration script for your Local Area Network (LAN) settings.



The following could indicate that you have this threat on your PC:

  • Your Internet Explorer has a configuration file that you didn't set. To check:
    1. Open Internet Explorer
    2. Click on the Gear icon on the upper right hand corner, and select Internet options
    3. In the Connections tab, click on LAN settings:
    4. Check if there is a file specified in Use automatic configuration script, like the example below (note that the file name is an example only):

    If there is a file specified in that setting, but you didn't specify it, your PC might be infected with this threat.


Alert level: Severe
First detected by definition: 1.165.1380.0
Latest detected by definition: 1.195.3225.0 and higher
First detected on: Jan 07, 2014
This entry was first published on: Feb 27, 2014
This entry was updated on: Feb 28, 2014

This threat is also detected as:
  • Trojan-Banker.JS.Proxy.i (Kaspersky)
  • JS/Banker.EK.1 (Avira)
  • Trojan-Banker.JS.Proxy (Ikarus)