Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
Published Feb 10, 2005 | Updated Sep 15, 2017

TrojanSpy:Win32/Banker.JV.dll

Detected by Microsoft Defender Antivirus

Aliases: PWS-Banker.j (McAfee) PWSteal.Trojan (Symantec) Troj/BankAsh-A (Sophos) Win32/PSW.Bancos.163840!Trojan (CA)

Summary

TrojanSpy:Win32/Banker.JV drops TrojanSpy:Win32/Banker.JV.dll and registers it as an Internet Explorer browser helper object (BHO). The .dll file monitors user browsing activity and captures logon information at certain online banking Web sites. It then sends this information to a remote server.
To recover manually from TrojanSpy:Win32/Banker.JV.dll, follow these steps:
  1. Disconnect from the Internet.
  2. Delete the .dll file.
  3. Restart your computer.
  4. Take steps to prevent re-infection.

Disconnect from the Internet

To help ensure that your computer is not actively infecting other computers, disconnect it from the Internet before proceeding. Print this Web page or save a copy on your computer; then unplug your network cable and disable your wireless connection. You can reconnect to the Internet after completing these steps.

Delete the .dll file

To delete the .dll file
  1. Click Start, and click Run.
  2. In the Open field, type <system folder>, for example, C:\Windows\System32
  3. Click OK.
  4. Click Name to sort files by name.
  5. If the file ash.dll is in the list, delete it.
  6. On the Desktop, right-click the Recycle Bin and click Empty Recycle Bin.
  7. Click Yes to confirm the deletion.

Restart your computer

To restart your computer
  1. On the Start menu, click Shut Down.
  2. Select Restart from the drop-down list and click OK.

Take steps to prevent re-infection

Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the "Preventing Infection" section for more information.
Follow us