Bancos.VE is a password stealing trojan specifically designed for stealing Bank Information from users of Brazilian Banks.
Disinfection & Removal
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
Upon execution, Bancos.VE displays the following fake error message:
It will then drop a copy of itself into the System Directory as Tasklist32.exe:
Note: %systemdir% by default is C:\Windows\System32.
It also creates the following registry value for its auto-start mechanism:
TaskList = "%systemdir%\tasklist32.exe"
This malware monitors users' visited URLs. When specific URLs are viewed by a user, it will log all keyboard strokes.
Below are the URLs monitored by this trojan:
Bancos.VE sends the gathered information to a Brazilian e-mail address.
F-Secure Anti-Virus detects this malware with the following updates:
Detection Type: PC