Follow:

 

TrojanDownloader:Win32/Banload.ACO


TrojanDownloader:Win32/Banload.ACO is a member of Win32/Banload - a family of trojans that downloads other malware. Banload is usually used to download and install members of the Win32/Banker and Win32/Bancos families onto affected computers. Win32/Banker and Win32/Bancos are trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker.


What to do now

To detect and remove this threat and other malicious software that may have been installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following: For more information about using antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
TrojanDownloader:Win32/Banload.ACO attempts to steal sensitive and confidential information from affecters users in order to perpetrate fraud. If you believe that your personal financial information may have been compromised, please refer to the following advisory for additional advice:

Threat behavior

TrojanDownloader:Win32/Banload.ACO is a member of Win32/Banload - a family of trojans that downloads other malware. Banload is usually used to download and install members of the Win32/Banker and Win32/Bancos families onto affected computers. Win32/Banker and Win32/Bancos are trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker.
Installation
TrojanDownloader:Win32/Banload.ACO creates the following files on an affected computer:

  • c:\arquivos de programas\fashplayer.exe
Payload
Contacts remote host
TrojanDownloader:Win32/Banload.ACO may contact a remote host at www.contagotas.com.br using port 80. Commonly, malware may contact a remote host for the following purposes:
  • To report a new infection to its author
  • To receive configuration or other data
  • To download and execute arbitrary files (including updates or additional malware)
  • To receive instruction from a remote attacker
  • To upload data taken from the affected computer

This malware description was produced and published using our automated analysis system's examination of file SHA1 0115bb489b9d22cef684f13613dfe9f72693b8ac.

Symptoms

System changes
The following system changes may indicate the presence of this malware:

  • The presence of the following files:

  • c:\arquivos de programas\fashplayer.exe


Prevention


Alert level: Severe
First detected by definition: 1.111.2565.0
Latest detected by definition: 1.191.758.0 and higher
First detected on: Sep 19, 2011
This entry was first published on: Sep 29, 2011
This entry was updated on: Sep 30, 2011

This threat is also detected as:
  • PWS-Banker!gwx (McAfee)