TrojanSpy:Win32/Bancos.TH

Detected by Microsoft Defender Antivirus

Aliases: Win-Trojan/Banker.973824.L (AhnLab) Trojan-Banker.Win32.Banker.aucg (Kaspersky) Trojan.PWS.Banker.CTSF (VirusBuster) PSW.Banker5.AWLG (AVG) TR/Banker.Banker.aucg.7 (Avira) Trojan.PWS.Banker.45208 (Dr.Web) Win32/Spy.Banker.TNQ (ESET) PWS-Banker!fyc (McAfee) Trojan-Banker.Win32.Banker (Sunbelt Software) Infostealer (Symantec) TROJ_BANKER.LNG (Trend Micro)

Summary

TrojanSpy:Win32/Bancos.TH is a password stealing trojan that targets specific online banking Web sites. Captured credentials are sent via SMTP e-mail to a specified address.

Manual removal is not recommended for this threat. Use the Microsoft Malicious Software Removal Tool, Microsoft Security Essentials, Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

TrojanSpy:Win32/Bancos.TH attempts to steal sensitive and confidential information from affected users to perpetrate fraud. If you believe that your personal financial information may have been compromised, please refer to the following advisory for additional advice:

What to do if you are a victim of fraud

TrojanSpy:Win32/Bancos.TH

Summary

What to do now

Technical information

Threat behavior

Prevention

Symptoms