Bancos.VE is a password stealing trojan specifically designed for stealing Bank Information from users of Brazilian Banks.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Upon execution, Bancos.VE displays the following fake error message:
It will then drop a copy of itself into the System Directory as Tasklist32.exe:
Note: %systemdir% by default is C:\Windows\System32.
It also creates the following registry value for its auto-start mechanism:
TaskList = "%systemdir%\tasklist32.exe"
This malware monitors users' visited URLs. When specific URLs are viewed by a user, it will log all keyboard strokes.
Below are the URLs monitored by this trojan:
Bancos.VE sends the gathered information to a Brazilian e-mail address.
F-Secure Anti-Virus detects this malware with the following updates:
Detection Type: PC