Follow:

 

TrojanSpy:Win32/Banker.AMK


Microsoft security software detects and removes this threat.

This threat is a member of the Win32/Banker family of data-stealing trojans.

These threats can steal your online banking user names and passwords and send them to a hacker.

They mostly target Brazilian bank customers.



What to do now

The following free Microsoft security software detects and removes this threat:

This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:

You should change your passwords after you've removed this threat:

Threat behavior

Installation
TrojanSpy:Win32/Banker.AMK copies itself to c:\documents and settings\administrator\application data\adobearm\adobearm.exe.
 
The malware creates the following files on your PC:

  • c:\documents and settings\administrator\application data\adobearm\funcs.dll
Payload
Contacts remote host
 
TrojanSpy:Win32/Banker.AMK might contact a remote host at smtps.uol.com.br using port 587. Commonly, malware does this to:
  • Report a new infection to its author
  • Receive configuration or other data
  • Download and run files, including updates or other malware
  • Receive instructions from a remote hacker
  • Upload data taken from your PC
This malware description was produced and published using automated analysis of file SHA1 76a59435f1c79a9f8770fca43b8fe6e03fcfe661.

Symptoms

System changes
The following could indicate that you have this threat on your PC:

  • You have these files:

    c:\documents and settings\administrator\application data\adobearm\adobearm.exe
    c:\documents and settings\administrator\application data\adobearm\funcs.dll
 

Prevention


Alert level: Severe
First detected by definition: 1.169.900.0
Latest detected by definition: 1.177.2222.0 and higher
First detected on: Mar 26, 2014
This entry was first published on: Mar 31, 2014
This entry was updated on: Apr 01, 2014

This threat is also detected as:
No known aliases