Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Banload.BBX


Discovered:
Aliases:


August 04, 2006
Banload.BBX

Malware
Trojan-Downloader
W32

Summary

Banload.BBX connects to the internet and downloads other members of the Banker and Banload family. It arrives on the system using the filename, HUMORTADELA.exe. The downloaded files are already detected as Trojan-Spy.Win32.Bancos.uy and Trojan-Downloader.Win32.Banload.bby.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

Banload.BBX downloads other members of the Banker and Banload family from the internet.It arrives on the system with the filename HUMORTADELA.exe.Upon execution, it connects to the following sites:

  • http://www.guitarparts.com/zero/[REMOVED].exe
  • http://www.guitarparts.com/zero/[REMOVED].exe

And saves these files to the following hard-coded paths in the user's system:

  • c:\windows\system32\svhootss.exe
  • c:\windows\system32\Msn.exe

The said files are already detected as Trojan-Spy.Win32.Bancos.uy and Trojan-Downloader.Win32.Banload.bby respectively.As a stealth mechanism, it displays the following fake error message to fool the users into believeing that the malware did not run on their system.



Detection



Detection Type: PC
Database: 2006-08-04_02





Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.