Published Oct 06, 2009 | Updated Sep 15, 2017


Detected with Windows Defender Antivirus

Aliases: URLZone (other) Trojan-Spy.Win32.Bebloh!IK (other) Win-Trojan/Runner.82176 (AhnLab) Packed.Monder (AVG) Trojan.Agent.ANBR (BitDefender) Win32/Sipay.IU (CA) Trojan.Win32.Runner.fq (Kaspersky) Generic PWS.y!cy (McAfee) W32/Zbot.gen20 (Norman) Trj/Runner.J (Panda) Mal/BredoPk-B (Sophos) Trojan.Runner.EQ (VirusBuster)


TrojanSpy:Win32/Bebloh.A is a trojan that monitors and captures logon credentials to certain online banking and financial institutions. The trojan also changes Windows settings, forces use of Internet Explorer as a Web browser and may be used by an attacker to withdraw funds from online banking accounts.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see
TrojanSpy:Win32/Bebloh.A attempts to steal sensitive and confidential information from affecters users in order to perpetrate fraud. If you believe that your personal financial information may have been compromised, please refer to the following advisory for additional advice:
Follow us