Bancos.VE is a password stealing trojan specifically designed for stealing Bank Information from users of Brazilian Banks.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Upon execution, Bancos.VE displays the following fake error message:
It will then drop a copy of itself into the System Directory as Tasklist32.exe:
Note: %systemdir% by default is C:\Windows\System32.
It also creates the following registry value for its auto-start mechanism:
TaskList = "%systemdir%\tasklist32.exe"
This malware monitors users' visited URLs. When specific URLs are viewed by a user, it will log all keyboard strokes.
Below are the URLs monitored by this trojan:
Bancos.VE sends the gathered information to a Brazilian email address.