pws.bancos.a trojan

Discussion in 'Security and Anti-Spyware Community' started by Guest, Feb 10, 2006.

  1. Guest

    Guest Guest

    A number of PCs at our site are having the MS antispyware software reporting
    this. So far as I can tell, it's an obscure trojan that emulates an on-line
    Brazilian bank logon page, but ASW rates it a "severe" threat level. And, it
    appears that when you remove it, it disables Symantec Antivirus.
    Anyone have any information on this? I can supply a screen shot of the ASW
    detection screen if that would be helpful.
     
    Guest, Feb 10, 2006
    #1
    1. Advertisements

  2. Guest

    Guest Guest

    FINALLY -Numbers match, and it is no longer detected.

    Now to bring back Norton.....



    "Ryan Ward" wrote:

    > Hey guys...
    >
    > So does this thing steal passwords, or not?
    >
    > I've tried updating to 5807 a few times now, and the numbers never match
    > (160/158). Not sure what to do with it.
    >
    >
    >
    > "Bill Sanderson" wrote:
    >
    > > David--please go to Help, about, in Microsoft Antispyware and hit the
    > > diagnostics button.
    > >
    > > Look for a line ending in a pair of numbers separated by a slash.
    > >
    > > Are those numbers equal?
    > >
    > > If not, 5807 is not fully installed. Please check for any caching servers
    > > on your network, and re-try the update via file, check for updates.
    > >
    > > If those numbers are equal, and the FP is still evident, the Symantec
    > > versioning for what you have in place--both antivirus product and
    > > definitions, would probably be helpful.
    > >
    > > --
    > >
    > > "David Galvin" <> wrote in message
    > > news:...
    > > > I'm still receiving the false positive with 5807. I'm using Symantec
    > > > Antivirus Corporate Edition v8.x
    > > >
    > > > "Bill Sanderson" wrote:
    > > >
    > > >> This is a false positive with definitions 5805--fixed with definitons
    > > >> 5807,
    > > >> available now.
    > > >>
    > > >> --
    > > >>
    > > >> "JH" <> wrote in message
    > > >> news:...
    > > >> > Looks like this may become an epidemic. Same problem here and I can't
    > > >> > find
    > > >> > anything else on this pws.bancos.a virus. We did system restore to an
    > > >> > earlier
    > > >> > date and the pws.bancos.a is still there. We do system scans weekly
    > > >> > with
    > > >> > the
    > > >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    > > >> > Norton
    > > >> > doesn't find the pws.bancos.a and also we did scans with AVG and Avast
    > > >> > and
    > > >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware and
    > > >> > it
    > > >> > found it but when we remove pws.bancos.a it disables Norton and it
    > > >> > won't
    > > >> > enable. Once this happens we tried to reinstall Norton to attempt to
    > > >> > fix
    > > >> > the
    > > >> > problem but Norton won't uninstall nor will it install. Help please!
    > > >> >
    > > >> > "Tom Breit" wrote:
    > > >> >
    > > >> >> A number of PCs at our site are having the MS antispyware software
    > > >> >> reporting
    > > >> >> this. So far as I can tell, it's an obscure trojan that emulates an
    > > >> >> on-line
    > > >> >> Brazilian bank logon page, but ASW rates it a "severe" threat level.
    > > >> >> And,
    > > >> >> it
    > > >> >> appears that when you remove it, it disables Symantec Antivirus.
    > > >> >> Anyone have any information on this? I can supply a screen shot of the
    > > >> >> ASW
    > > >> >> detection screen if that would be helpful.
    > > >>
    > > >>
    > > >>

    > >
    > >
    > >
     
    Guest, Feb 10, 2006
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Bill

    I have updated, numbers match "Definitions Increment Version: 160/160". I
    tried reboot, re-install still getting FP. My Symantec is Program CE
    9.0.3.1000, Scan eng 51.3.0.11 and def of 2/9/2006 rev 7. Is there any other
    infromation you need?

    "Bill Sanderson" wrote:

    > David--please go to Help, about, in Microsoft Antispyware and hit the
    > diagnostics button.
    >
    > Look for a line ending in a pair of numbers separated by a slash.
    >
    > Are those numbers equal?
    >
    > If not, 5807 is not fully installed. Please check for any caching servers
    > on your network, and re-try the update via file, check for updates.
    >
    > If those numbers are equal, and the FP is still evident, the Symantec
    > versioning for what you have in place--both antivirus product and
    > definitions, would probably be helpful.
    >
    > --
    >
    > "David Galvin" <> wrote in message
    > news:...
    > > I'm still receiving the false positive with 5807. I'm using Symantec
    > > Antivirus Corporate Edition v8.x
    > >
    > > "Bill Sanderson" wrote:
    > >
    > >> This is a false positive with definitions 5805--fixed with definitons
    > >> 5807,
    > >> available now.
    > >>
    > >> --
    > >>
    > >> "JH" <> wrote in message
    > >> news:...
    > >> > Looks like this may become an epidemic. Same problem here and I can't
    > >> > find
    > >> > anything else on this pws.bancos.a virus. We did system restore to an
    > >> > earlier
    > >> > date and the pws.bancos.a is still there. We do system scans weekly
    > >> > with
    > >> > the
    > >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    > >> > Norton
    > >> > doesn't find the pws.bancos.a and also we did scans with AVG and Avast
    > >> > and
    > >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware and
    > >> > it
    > >> > found it but when we remove pws.bancos.a it disables Norton and it
    > >> > won't
    > >> > enable. Once this happens we tried to reinstall Norton to attempt to
    > >> > fix
    > >> > the
    > >> > problem but Norton won't uninstall nor will it install. Help please!
    > >> >
    > >> > "Tom Breit" wrote:
    > >> >
    > >> >> A number of PCs at our site are having the MS antispyware software
    > >> >> reporting
    > >> >> this. So far as I can tell, it's an obscure trojan that emulates an
    > >> >> on-line
    > >> >> Brazilian bank logon page, but ASW rates it a "severe" threat level.
    > >> >> And,
    > >> >> it
    > >> >> appears that when you remove it, it disables Symantec Antivirus.
    > >> >> Anyone have any information on this? I can supply a screen shot of the
    > >> >> ASW
    > >> >> detection screen if that would be helpful.
    > >>
    > >>
    > >>

    >
    >
    >
     
    Guest, Feb 11, 2006
    #3
  4. Tom - I'm sorry to report that this was a false positive in the 5805
    definitions. It is corrected in definitions 5807, available as of about 3
    pm today.

    Uninstall and reinstall or do a repair install of Symantec Antivirus to fix
    that.

    Some users report that they can't do that via add/remove programs--trying
    the setup program from the Symantec CD may help.

    --

    "Tom Breit" <Tom > wrote in message
    news:D...
    >A number of PCs at our site are having the MS antispyware software
    >reporting
    > this. So far as I can tell, it's an obscure trojan that emulates an
    > on-line
    > Brazilian bank logon page, but ASW rates it a "severe" threat level. And,
    > it
    > appears that when you remove it, it disables Symantec Antivirus.
    > Anyone have any information on this? I can supply a screen shot of the ASW
    > detection screen if that would be helpful.
     
    Bill Sanderson, Feb 11, 2006
    #4
  5. Thanks Zack--I try to stick with the group when things get hot!
    --

    "zack" <> wrote in message
    news:...
    > After repeated update failures, it occurred to me to close all
    > applications
    > (Office specifically), before trying again. After that, first try, the
    > numbers matched:
    > Definitions Increment Version: 160/160
    >
    > You've been very busy, just wanted to say thanks and I appreciate your
    > diligence!
    >
    > "Bill Sanderson" wrote:
    >
    >> Go to Help, about.
    >>
    >> Hit the diagnostics button.
    >>
    >> Look for a line ending in a pair of numbers separated by a /
    >>
    >> i.e. 162/162, for example.
    >>
    >> If these two numbers are not equal, the update has not completed
    >> successfully.
    >>
    >> You can fix this either by continuing to try file, check for updates, or
    >> by
    >> manually plugging the individual files from the download locations that
    >> have
    >> occasionally been posted in these groups--I don't have those saved to
    >> post,
    >> I'm afraid.
    >> --
    >>
    >> "zack" <> wrote in message
    >> news:...
    >> > Download latest definitions, ran scan, and the same threat was
    >> > detected.
    >> > Here's "The About" info:
    >> > Microsoft AntiSpyware Version: 1.0.701
    >> > This version expires on: 7/31/2006
    >> > Spyware Definition Version: 5807 (2/10/2006 3:05:09 PM)
    >> >
    >> >
    >> >
    >> > "Bill Sanderson" wrote:
    >> >
    >> >> This is a false positive with definitions 5805--fixed with definitons
    >> >> 5807,
    >> >> available now.
    >> >>
    >> >> --
    >> >>
    >> >> "JH" <> wrote in message
    >> >> news:...
    >> >> > Looks like this may become an epidemic. Same problem here and I
    >> >> > can't
    >> >> > find
    >> >> > anything else on this pws.bancos.a virus. We did system restore to
    >> >> > an
    >> >> > earlier
    >> >> > date and the pws.bancos.a is still there. We do system scans weekly
    >> >> > with
    >> >> > the
    >> >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    >> >> > Norton
    >> >> > doesn't find the pws.bancos.a and also we did scans with AVG and
    >> >> > Avast
    >> >> > and
    >> >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware
    >> >> > and
    >> >> > it
    >> >> > found it but when we remove pws.bancos.a it disables Norton and it
    >> >> > won't
    >> >> > enable. Once this happens we tried to reinstall Norton to attempt to
    >> >> > fix
    >> >> > the
    >> >> > problem but Norton won't uninstall nor will it install. Help please!
    >> >> >
    >> >> > "Tom Breit" wrote:
    >> >> >
    >> >> >> A number of PCs at our site are having the MS antispyware software
    >> >> >> reporting
    >> >> >> this. So far as I can tell, it's an obscure trojan that emulates an
    >> >> >> on-line
    >> >> >> Brazilian bank logon page, but ASW rates it a "severe" threat
    >> >> >> level.
    >> >> >> And,
    >> >> >> it
    >> >> >> appears that when you remove it, it disables Symantec Antivirus.
    >> >> >> Anyone have any information on this? I can supply a screen shot of
    >> >> >> the
    >> >> >> ASW
    >> >> >> detection screen if that would be helpful.
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Bill Sanderson, Feb 11, 2006
    #5
  6. If it is a false positive, it doesn't steal anything except the time of all
    of us dealing with it.

    So far, all the reports here today have been the false positive--check out
    other messages for more information.

    --

    "Ryan Ward" <Ryan > wrote in message
    news:...
    > Hey guys...
    >
    > So does this thing steal passwords, or not?
    >
    > I've tried updating to 5807 a few times now, and the numbers never match
    > (160/158). Not sure what to do with it.
    >
    >
    >
    > "Bill Sanderson" wrote:
    >
    >> David--please go to Help, about, in Microsoft Antispyware and hit the
    >> diagnostics button.
    >>
    >> Look for a line ending in a pair of numbers separated by a slash.
    >>
    >> Are those numbers equal?
    >>
    >> If not, 5807 is not fully installed. Please check for any caching
    >> servers
    >> on your network, and re-try the update via file, check for updates.
    >>
    >> If those numbers are equal, and the FP is still evident, the Symantec
    >> versioning for what you have in place--both antivirus product and
    >> definitions, would probably be helpful.
    >>
    >> --
    >>
    >> "David Galvin" <> wrote in message
    >> news:...
    >> > I'm still receiving the false positive with 5807. I'm using Symantec
    >> > Antivirus Corporate Edition v8.x
    >> >
    >> > "Bill Sanderson" wrote:
    >> >
    >> >> This is a false positive with definitions 5805--fixed with definitons
    >> >> 5807,
    >> >> available now.
    >> >>
    >> >> --
    >> >>
    >> >> "JH" <> wrote in message
    >> >> news:...
    >> >> > Looks like this may become an epidemic. Same problem here and I
    >> >> > can't
    >> >> > find
    >> >> > anything else on this pws.bancos.a virus. We did system restore to
    >> >> > an
    >> >> > earlier
    >> >> > date and the pws.bancos.a is still there. We do system scans weekly
    >> >> > with
    >> >> > the
    >> >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    >> >> > Norton
    >> >> > doesn't find the pws.bancos.a and also we did scans with AVG and
    >> >> > Avast
    >> >> > and
    >> >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware
    >> >> > and
    >> >> > it
    >> >> > found it but when we remove pws.bancos.a it disables Norton and it
    >> >> > won't
    >> >> > enable. Once this happens we tried to reinstall Norton to attempt to
    >> >> > fix
    >> >> > the
    >> >> > problem but Norton won't uninstall nor will it install. Help please!
    >> >> >
    >> >> > "Tom Breit" wrote:
    >> >> >
    >> >> >> A number of PCs at our site are having the MS antispyware software
    >> >> >> reporting
    >> >> >> this. So far as I can tell, it's an obscure trojan that emulates an
    >> >> >> on-line
    >> >> >> Brazilian bank logon page, but ASW rates it a "severe" threat
    >> >> >> level.
    >> >> >> And,
    >> >> >> it
    >> >> >> appears that when you remove it, it disables Symantec Antivirus.
    >> >> >> Anyone have any information on this? I can supply a screen shot of
    >> >> >> the
    >> >> >> ASW
    >> >> >> detection screen if that would be helpful.
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Bill Sanderson, Feb 11, 2006
    #6
  7. Terrific--let me know what method worked to bring Norton back?

    --

    "Ryan Ward" <> wrote in message
    news:D...
    > FINALLY -Numbers match, and it is no longer detected.
    >
    > Now to bring back Norton.....
    >
    >
    >
    > "Ryan Ward" wrote:
    >
    >> Hey guys...
    >>
    >> So does this thing steal passwords, or not?
    >>
    >> I've tried updating to 5807 a few times now, and the numbers never match
    >> (160/158). Not sure what to do with it.
    >>
    >>
    >>
    >> "Bill Sanderson" wrote:
    >>
    >> > David--please go to Help, about, in Microsoft Antispyware and hit the
    >> > diagnostics button.
    >> >
    >> > Look for a line ending in a pair of numbers separated by a slash.
    >> >
    >> > Are those numbers equal?
    >> >
    >> > If not, 5807 is not fully installed. Please check for any caching
    >> > servers
    >> > on your network, and re-try the update via file, check for updates.
    >> >
    >> > If those numbers are equal, and the FP is still evident, the Symantec
    >> > versioning for what you have in place--both antivirus product and
    >> > definitions, would probably be helpful.
    >> >
    >> > --
    >> >
    >> > "David Galvin" <> wrote in message
    >> > news:...
    >> > > I'm still receiving the false positive with 5807. I'm using Symantec
    >> > > Antivirus Corporate Edition v8.x
    >> > >
    >> > > "Bill Sanderson" wrote:
    >> > >
    >> > >> This is a false positive with definitions 5805--fixed with
    >> > >> definitons
    >> > >> 5807,
    >> > >> available now.
    >> > >>
    >> > >> --
    >> > >>
    >> > >> "JH" <> wrote in message
    >> > >> news:...
    >> > >> > Looks like this may become an epidemic. Same problem here and I
    >> > >> > can't
    >> > >> > find
    >> > >> > anything else on this pws.bancos.a virus. We did system restore to
    >> > >> > an
    >> > >> > earlier
    >> > >> > date and the pws.bancos.a is still there. We do system scans
    >> > >> > weekly
    >> > >> > with
    >> > >> > the
    >> > >> > latest definitions with Microsoft Spyware and Norton Corporate
    >> > >> > 7.6.
    >> > >> > Norton
    >> > >> > doesn't find the pws.bancos.a and also we did scans with AVG and
    >> > >> > Avast
    >> > >> > and
    >> > >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware
    >> > >> > and
    >> > >> > it
    >> > >> > found it but when we remove pws.bancos.a it disables Norton and it
    >> > >> > won't
    >> > >> > enable. Once this happens we tried to reinstall Norton to attempt
    >> > >> > to
    >> > >> > fix
    >> > >> > the
    >> > >> > problem but Norton won't uninstall nor will it install. Help
    >> > >> > please!
    >> > >> >
    >> > >> > "Tom Breit" wrote:
    >> > >> >
    >> > >> >> A number of PCs at our site are having the MS antispyware
    >> > >> >> software
    >> > >> >> reporting
    >> > >> >> this. So far as I can tell, it's an obscure trojan that emulates
    >> > >> >> an
    >> > >> >> on-line
    >> > >> >> Brazilian bank logon page, but ASW rates it a "severe" threat
    >> > >> >> level.
    >> > >> >> And,
    >> > >> >> it
    >> > >> >> appears that when you remove it, it disables Symantec Antivirus.
    >> > >> >> Anyone have any information on this? I can supply a screen shot
    >> > >> >> of the
    >> > >> >> ASW
    >> > >> >> detection screen if that would be helpful.
    >> > >>
    >> > >>
    >> > >>
    >> >
    >> >
    >> >
     
    Bill Sanderson, Feb 11, 2006
    #7
  8. That's ugly!

    I've one more question:
    Can you tell me whether all 4 lines below match what you see when you hit
    the diagnostics button? One possibility is that the 160/160 is not a
    perfect diagnostic--this set of numbers is from a user who found the FP to
    go away.
    ------
    Definitions Increment Version: 160/160
    Definitions ThreatAuditThreatData: 1355029
    Definitions ThreatAuditScanData: 3098970
    Definitions DeterminationData: 806390
    --

    "Tom Grigsby" <Tom > wrote in message
    news:...
    > Bill
    >
    > I have updated, numbers match "Definitions Increment Version: 160/160". I
    > tried reboot, re-install still getting FP. My Symantec is Program CE
    > 9.0.3.1000, Scan eng 51.3.0.11 and def of 2/9/2006 rev 7. Is there any
    > other
    > infromation you need?
    >
    > "Bill Sanderson" wrote:
    >
    >> David--please go to Help, about, in Microsoft Antispyware and hit the
    >> diagnostics button.
    >>
    >> Look for a line ending in a pair of numbers separated by a slash.
    >>
    >> Are those numbers equal?
    >>
    >> If not, 5807 is not fully installed. Please check for any caching
    >> servers
    >> on your network, and re-try the update via file, check for updates.
    >>
    >> If those numbers are equal, and the FP is still evident, the Symantec
    >> versioning for what you have in place--both antivirus product and
    >> definitions, would probably be helpful.
    >>
    >> --
    >>
    >> "David Galvin" <> wrote in message
    >> news:...
    >> > I'm still receiving the false positive with 5807. I'm using Symantec
    >> > Antivirus Corporate Edition v8.x
    >> >
    >> > "Bill Sanderson" wrote:
    >> >
    >> >> This is a false positive with definitions 5805--fixed with definitons
    >> >> 5807,
    >> >> available now.
    >> >>
    >> >> --
    >> >>
    >> >> "JH" <> wrote in message
    >> >> news:...
    >> >> > Looks like this may become an epidemic. Same problem here and I
    >> >> > can't
    >> >> > find
    >> >> > anything else on this pws.bancos.a virus. We did system restore to
    >> >> > an
    >> >> > earlier
    >> >> > date and the pws.bancos.a is still there. We do system scans weekly
    >> >> > with
    >> >> > the
    >> >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    >> >> > Norton
    >> >> > doesn't find the pws.bancos.a and also we did scans with AVG and
    >> >> > Avast
    >> >> > and
    >> >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware
    >> >> > and
    >> >> > it
    >> >> > found it but when we remove pws.bancos.a it disables Norton and it
    >> >> > won't
    >> >> > enable. Once this happens we tried to reinstall Norton to attempt to
    >> >> > fix
    >> >> > the
    >> >> > problem but Norton won't uninstall nor will it install. Help please!
    >> >> >
    >> >> > "Tom Breit" wrote:
    >> >> >
    >> >> >> A number of PCs at our site are having the MS antispyware software
    >> >> >> reporting
    >> >> >> this. So far as I can tell, it's an obscure trojan that emulates an
    >> >> >> on-line
    >> >> >> Brazilian bank logon page, but ASW rates it a "severe" threat
    >> >> >> level.
    >> >> >> And,
    >> >> >> it
    >> >> >> appears that when you remove it, it disables Symantec Antivirus.
    >> >> >> Anyone have any information on this? I can supply a screen shot of
    >> >> >> the
    >> >> >> ASW
    >> >> >> detection screen if that would be helpful.
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Bill Sanderson, Feb 11, 2006
    #8
  9. Tom - if you send me email, at


    I may be able to offer more help.

    --

    "Bill Sanderson" <> wrote in message
    news:%23%23YN%...
    > That's ugly!
    >
    > I've one more question:
    > Can you tell me whether all 4 lines below match what you see when you hit
    > the diagnostics button? One possibility is that the 160/160 is not a
    > perfect diagnostic--this set of numbers is from a user who found the FP to
    > go away.
    > ------
    > Definitions Increment Version: 160/160
    > Definitions ThreatAuditThreatData: 1355029
    > Definitions ThreatAuditScanData: 3098970
    > Definitions DeterminationData: 806390
    > --
    >
    > "Tom Grigsby" <Tom > wrote in message
    > news:...
    >> Bill
    >>
    >> I have updated, numbers match "Definitions Increment Version: 160/160".
    >> I
    >> tried reboot, re-install still getting FP. My Symantec is Program CE
    >> 9.0.3.1000, Scan eng 51.3.0.11 and def of 2/9/2006 rev 7. Is there any
    >> other
    >> infromation you need?
    >>
    >> "Bill Sanderson" wrote:
    >>
    >>> David--please go to Help, about, in Microsoft Antispyware and hit the
    >>> diagnostics button.
    >>>
    >>> Look for a line ending in a pair of numbers separated by a slash.
    >>>
    >>> Are those numbers equal?
    >>>
    >>> If not, 5807 is not fully installed. Please check for any caching
    >>> servers
    >>> on your network, and re-try the update via file, check for updates.
    >>>
    >>> If those numbers are equal, and the FP is still evident, the Symantec
    >>> versioning for what you have in place--both antivirus product and
    >>> definitions, would probably be helpful.
    >>>
    >>> --
    >>>
    >>> "David Galvin" <> wrote in message
    >>> news:...
    >>> > I'm still receiving the false positive with 5807. I'm using Symantec
    >>> > Antivirus Corporate Edition v8.x
    >>> >
    >>> > "Bill Sanderson" wrote:
    >>> >
    >>> >> This is a false positive with definitions 5805--fixed with definitons
    >>> >> 5807,
    >>> >> available now.
    >>> >>
    >>> >> --
    >>> >>
    >>> >> "JH" <> wrote in message
    >>> >> news:...
    >>> >> > Looks like this may become an epidemic. Same problem here and I
    >>> >> > can't
    >>> >> > find
    >>> >> > anything else on this pws.bancos.a virus. We did system restore to
    >>> >> > an
    >>> >> > earlier
    >>> >> > date and the pws.bancos.a is still there. We do system scans weekly
    >>> >> > with
    >>> >> > the
    >>> >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    >>> >> > Norton
    >>> >> > doesn't find the pws.bancos.a and also we did scans with AVG and
    >>> >> > Avast
    >>> >> > and
    >>> >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware
    >>> >> > and
    >>> >> > it
    >>> >> > found it but when we remove pws.bancos.a it disables Norton and it
    >>> >> > won't
    >>> >> > enable. Once this happens we tried to reinstall Norton to attempt
    >>> >> > to
    >>> >> > fix
    >>> >> > the
    >>> >> > problem but Norton won't uninstall nor will it install. Help
    >>> >> > please!
    >>> >> >
    >>> >> > "Tom Breit" wrote:
    >>> >> >
    >>> >> >> A number of PCs at our site are having the MS antispyware software
    >>> >> >> reporting
    >>> >> >> this. So far as I can tell, it's an obscure trojan that emulates
    >>> >> >> an
    >>> >> >> on-line
    >>> >> >> Brazilian bank logon page, but ASW rates it a "severe" threat
    >>> >> >> level.
    >>> >> >> And,
    >>> >> >> it
    >>> >> >> appears that when you remove it, it disables Symantec Antivirus.
    >>> >> >> Anyone have any information on this? I can supply a screen shot of
    >>> >> >> the
    >>> >> >> ASW
    >>> >> >> detection screen if that would be helpful.
    >>> >>
    >>> >>
    >>> >>
    >>>
    >>>
    >>>

    >
    >
     
    Bill Sanderson, Feb 11, 2006
    #9
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Troy

    trojan.windowsservice.A / trojan.startup.d

    Troy, Mar 2, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    2
    Views:
    867
    Steve Wechsler [MVP]
    Mar 3, 2005
  2. Guest

    PWS-Pinch Password Stealer ? help

    Guest, Oct 21, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    3
    Views:
    905
    Guest
    Oct 23, 2005
  3. Guest

    Trojan.Downloader.Small.popcorn64 Trojan, PWS Pinch Stealer

    Guest, Nov 3, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    4
    Views:
    1,355
    Guest
    Nov 4, 2005
  4. Guest

    RE: pws.bancos.a trojan

    Guest, Feb 10, 2006, in forum: Security and Anti-Spyware Community
    Replies:
    12
    Views:
    552
    Guest
    Feb 10, 2006
  5. Guest

    Def 5807 - still shows pws.bancos.a!

    Guest, Feb 10, 2006, in forum: Security and Anti-Spyware Community
    Replies:
    3
    Views:
    371
    Bill Sanderson
    Feb 11, 2006
Loading...

Share This Page