Bancos.VE is a password stealing trojan specifically designed for stealing Bank Information from users of Brazilian Banks.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More scanning & removal options
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Upon execution, Bancos.VE displays the following fake error message:
It will then drop a copy of itself into the System Directory as Tasklist32.exe:
Note: %systemdir% by default is C:\Windows\System32.
It also creates the following registry value for its auto-start mechanism:
TaskList = "%systemdir%\tasklist32.exe"
This malware monitors users' visited URLs. When specific URLs are viewed by a user, it will log all keyboard strokes.
Below are the URLs monitored by this trojan:
Bancos.VE sends the gathered information to a Brazilian e-mail address.
F-Secure Anti-Virus detects this malware with the following updates: