pws.bancos.a trojan

Discussion in 'Security and Anti-Spyware Community' started by Guest, Feb 10, 2006.

  1. Guest

    Guest Guest

    A number of PCs at our site are having the MS antispyware software reporting
    this. So far as I can tell, it's an obscure trojan that emulates an on-line
    Brazilian bank logon page, but ASW rates it a "severe" threat level. And, it
    appears that when you remove it, it disables Symantec Antivirus.
    Anyone have any information on this? I can supply a screen shot of the ASW
    detection screen if that would be helpful.
     
    Guest, Feb 10, 2006
    #1
    1. Advertisements

  2. Guest

    Guest Guest

    FINALLY -Numbers match, and it is no longer detected.

    Now to bring back Norton.....



    "Ryan Ward" wrote:

    > Hey guys...
    >
    > So does this thing steal passwords, or not?
    >
    > I've tried updating to 5807 a few times now, and the numbers never match
    > (160/158). Not sure what to do with it.
    >
    >
    >
    > "Bill Sanderson" wrote:
    >
    > > David--please go to Help, about, in Microsoft Antispyware and hit the
    > > diagnostics button.
    > >
    > > Look for a line ending in a pair of numbers separated by a slash.
    > >
    > > Are those numbers equal?
    > >
    > > If not, 5807 is not fully installed. Please check for any caching servers
    > > on your network, and re-try the update via file, check for updates.
    > >
    > > If those numbers are equal, and the FP is still evident, the Symantec
    > > versioning for what you have in place--both antivirus product and
    > > definitions, would probably be helpful.
    > >
    > > --
    > >
    > > "David Galvin" <> wrote in message
    > > news:...
    > > > I'm still receiving the false positive with 5807. I'm using Symantec
    > > > Antivirus Corporate Edition v8.x
    > > >
    > > > "Bill Sanderson" wrote:
    > > >
    > > >> This is a false positive with definitions 5805--fixed with definitons
    > > >> 5807,
    > > >> available now.
    > > >>
    > > >> --
    > > >>
    > > >> "JH" <> wrote in message
    > > >> news:...
    > > >> > Looks like this may become an epidemic. Same problem here and I can't
    > > >> > find
    > > >> > anything else on this pws.bancos.a virus. We did system restore to an
    > > >> > earlier
    > > >> > date and the pws.bancos.a is still there. We do system scans weekly
    > > >> > with
    > > >> > the
    > > >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    > > >> > Norton
    > > >> > doesn't find the pws.bancos.a and also we did scans with AVG and Avast
    > > >> > and
    > > >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware and
    > > >> > it
    > > >> > found it but when we remove pws.bancos.a it disables Norton and it
    > > >> > won't
    > > >> > enable. Once this happens we tried to reinstall Norton to attempt to
    > > >> > fix
    > > >> > the
    > > >> > problem but Norton won't uninstall nor will it install. Help please!
    > > >> >
    > > >> > "Tom Breit" wrote:
    > > >> >
    > > >> >> A number of PCs at our site are having the MS antispyware software
    > > >> >> reporting
    > > >> >> this. So far as I can tell, it's an obscure trojan that emulates an
    > > >> >> on-line
    > > >> >> Brazilian bank logon page, but ASW rates it a "severe" threat level.
    > > >> >> And,
    > > >> >> it
    > > >> >> appears that when you remove it, it disables Symantec Antivirus.
    > > >> >> Anyone have any information on this? I can supply a screen shot of the
    > > >> >> ASW
    > > >> >> detection screen if that would be helpful.
    > > >>
    > > >>
    > > >>

    > >
    > >
    > >
     
    Guest, Feb 10, 2006
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Bill

    I have updated, numbers match "Definitions Increment Version: 160/160". I
    tried reboot, re-install still getting FP. My Symantec is Program CE
    9.0.3.1000, Scan eng 51.3.0.11 and def of 2/9/2006 rev 7. Is there any other
    infromation you need?

    "Bill Sanderson" wrote:

    > David--please go to Help, about, in Microsoft Antispyware and hit the
    > diagnostics button.
    >
    > Look for a line ending in a pair of numbers separated by a slash.
    >
    > Are those numbers equal?
    >
    > If not, 5807 is not fully installed. Please check for any caching servers
    > on your network, and re-try the update via file, check for updates.
    >
    > If those numbers are equal, and the FP is still evident, the Symantec
    > versioning for what you have in place--both antivirus product and
    > definitions, would probably be helpful.
    >
    > --
    >
    > "David Galvin" <> wrote in message
    > news:...
    > > I'm still receiving the false positive with 5807. I'm using Symantec
    > > Antivirus Corporate Edition v8.x
    > >
    > > "Bill Sanderson" wrote:
    > >
    > >> This is a false positive with definitions 5805--fixed with definitons
    > >> 5807,
    > >> available now.
    > >>
    > >> --
    > >>
    > >> "JH" <> wrote in message
    > >> news:...
    > >> > Looks like this may become an epidemic. Same problem here and I can't
    > >> > find
    > >> > anything else on this pws.bancos.a virus. We did system restore to an
    > >> > earlier
    > >> > date and the pws.bancos.a is still there. We do system scans weekly
    > >> > with
    > >> > the
    > >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    > >> > Norton
    > >> > doesn't find the pws.bancos.a and also we did scans with AVG and Avast
    > >> > and
    > >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware and
    > >> > it
    > >> > found it but when we remove pws.bancos.a it disables Norton and it
    > >> > won't
    > >> > enable. Once this happens we tried to reinstall Norton to attempt to
    > >> > fix
    > >> > the
    > >> > problem but Norton won't uninstall nor will it install. Help please!
    > >> >
    > >> > "Tom Breit" wrote:
    > >> >
    > >> >> A number of PCs at our site are having the MS antispyware software
    > >> >> reporting
    > >> >> this. So far as I can tell, it's an obscure trojan that emulates an
    > >> >> on-line
    > >> >> Brazilian bank logon page, but ASW rates it a "severe" threat level.
    > >> >> And,
    > >> >> it
    > >> >> appears that when you remove it, it disables Symantec Antivirus.
    > >> >> Anyone have any information on this? I can supply a screen shot of the
    > >> >> ASW
    > >> >> detection screen if that would be helpful.
    > >>
    > >>
    > >>

    >
    >
    >
     
    Guest, Feb 11, 2006
    #3
  4. Tom - I'm sorry to report that this was a false positive in the 5805
    definitions. It is corrected in definitions 5807, available as of about 3
    pm today.

    Uninstall and reinstall or do a repair install of Symantec Antivirus to fix
    that.

    Some users report that they can't do that via add/remove programs--trying
    the setup program from the Symantec CD may help.

    --

    "Tom Breit" <Tom > wrote in message
    news:D...
    >A number of PCs at our site are having the MS antispyware software
    >reporting
    > this. So far as I can tell, it's an obscure trojan that emulates an
    > on-line
    > Brazilian bank logon page, but ASW rates it a "severe" threat level. And,
    > it
    > appears that when you remove it, it disables Symantec Antivirus.
    > Anyone have any information on this? I can supply a screen shot of the ASW
    > detection screen if that would be helpful.
     
    Bill Sanderson, Feb 11, 2006
    #4
  5. Thanks Zack--I try to stick with the group when things get hot!
    --

    "zack" <> wrote in message
    news:...
    > After repeated update failures, it occurred to me to close all
    > applications
    > (Office specifically), before trying again. After that, first try, the
    > numbers matched:
    > Definitions Increment Version: 160/160
    >
    > You've been very busy, just wanted to say thanks and I appreciate your
    > diligence!
    >
    > "Bill Sanderson" wrote:
    >
    >> Go to Help, about.
    >>
    >> Hit the diagnostics button.
    >>
    >> Look for a line ending in a pair of numbers separated by a /
    >>
    >> i.e. 162/162, for example.
    >>
    >> If these two numbers are not equal, the update has not completed
    >> successfully.
    >>
    >> You can fix this either by continuing to try file, check for updates, or
    >> by
    >> manually plugging the individual files from the download locations that
    >> have
    >> occasionally been posted in these groups--I don't have those saved to
    >> post,
    >> I'm afraid.
    >> --
    >>
    >> "zack" <> wrote in message
    >> news:...
    >> > Download latest definitions, ran scan, and the same threat was
    >> > detected.
    >> > Here's "The About" info:
    >> > Microsoft AntiSpyware Version: 1.0.701
    >> > This version expires on: 7/31/2006
    >> > Spyware Definition Version: 5807 (2/10/2006 3:05:09 PM)
    >> >
    >> >
    >> >
    >> > "Bill Sanderson" wrote:
    >> >
    >> >> This is a false positive with definitions 5805--fixed with definitons
    >> >> 5807,
    >> >> available now.
    >> >>
    >> >> --
    >> >>
    >> >> "JH" <> wrote in message
    >> >> news:...
    >> >> > Looks like this may become an epidemic. Same problem here and I
    >> >> > can't
    >> >> > find
    >> >> > anything else on this pws.bancos.a virus. We did system restore to
    >> >> > an
    >> >> > earlier
    >> >> > date and the pws.bancos.a is still there. We do system scans weekly
    >> >> > with
    >> >> > the
    >> >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    >> >> > Norton
    >> >> > doesn't find the pws.bancos.a and also we did scans with AVG and
    >> >> > Avast
    >> >> > and
    >> >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware
    >> >> > and
    >> >> > it
    >> >> > found it but when we remove pws.bancos.a it disables Norton and it
    >> >> > won't
    >> >> > enable. Once this happens we tried to reinstall Norton to attempt to
    >> >> > fix
    >> >> > the
    >> >> > problem but Norton won't uninstall nor will it install. Help please!
    >> >> >
    >> >> > "Tom Breit" wrote:
    >> >> >
    >> >> >> A number of PCs at our site are having the MS antispyware software
    >> >> >> reporting
    >> >> >> this. So far as I can tell, it's an obscure trojan that emulates an
    >> >> >> on-line
    >> >> >> Brazilian bank logon page, but ASW rates it a "severe" threat
    >> >> >> level.
    >> >> >> And,
    >> >> >> it
    >> >> >> appears that when you remove it, it disables Symantec Antivirus.
    >> >> >> Anyone have any information on this? I can supply a screen shot of
    >> >> >> the
    >> >> >> ASW
    >> >> >> detection screen if that would be helpful.
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Bill Sanderson, Feb 11, 2006
    #5
  6. If it is a false positive, it doesn't steal anything except the time of all
    of us dealing with it.

    So far, all the reports here today have been the false positive--check out
    other messages for more information.

    --

    "Ryan Ward" <Ryan > wrote in message
    news:...
    > Hey guys...
    >
    > So does this thing steal passwords, or not?
    >
    > I've tried updating to 5807 a few times now, and the numbers never match
    > (160/158). Not sure what to do with it.
    >
    >
    >
    > "Bill Sanderson" wrote:
    >
    >> David--please go to Help, about, in Microsoft Antispyware and hit the
    >> diagnostics button.
    >>
    >> Look for a line ending in a pair of numbers separated by a slash.
    >>
    >> Are those numbers equal?
    >>
    >> If not, 5807 is not fully installed. Please check for any caching
    >> servers
    >> on your network, and re-try the update via file, check for updates.
    >>
    >> If those numbers are equal, and the FP is still evident, the Symantec
    >> versioning for what you have in place--both antivirus product and
    >> definitions, would probably be helpful.
    >>
    >> --
    >>
    >> "David Galvin" <> wrote in message
    >> news:...
    >> > I'm still receiving the false positive with 5807. I'm using Symantec
    >> > Antivirus Corporate Edition v8.x
    >> >
    >> > "Bill Sanderson" wrote:
    >> >
    >> >> This is a false positive with definitions 5805--fixed with definitons
    >> >> 5807,
    >> >> available now.
    >> >>
    >> >> --
    >> >>
    >> >> "JH" <> wrote in message
    >> >> news:...
    >> >> > Looks like this may become an epidemic. Same problem here and I
    >> >> > can't
    >> >> > find
    >> >> > anything else on this pws.bancos.a virus. We did system restore to
    >> >> > an
    >> >> > earlier
    >> >> > date and the pws.bancos.a is still there. We do system scans weekly
    >> >> > with
    >> >> > the
    >> >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    >> >> > Norton
    >> >> > doesn't find the pws.bancos.a and also we did scans with AVG and
    >> >> > Avast
    >> >> > and
    >> >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware
    >> >> > and
    >> >> > it
    >> >> > found it but when we remove pws.bancos.a it disables Norton and it
    >> >> > won't
    >> >> > enable. Once this happens we tried to reinstall Norton to attempt to
    >> >> > fix
    >> >> > the
    >> >> > problem but Norton won't uninstall nor will it install. Help please!
    >> >> >
    >> >> > "Tom Breit" wrote:
    >> >> >
    >> >> >> A number of PCs at our site are having the MS antispyware software
    >> >> >> reporting
    >> >> >> this. So far as I can tell, it's an obscure trojan that emulates an
    >> >> >> on-line
    >> >> >> Brazilian bank logon page, but ASW rates it a "severe" threat
    >> >> >> level.
    >> >> >> And,
    >> >> >> it
    >> >> >> appears that when you remove it, it disables Symantec Antivirus.
    >> >> >> Anyone have any information on this? I can supply a screen shot of
    >> >> >> the
    >> >> >> ASW
    >> >> >> detection screen if that would be helpful.
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Bill Sanderson, Feb 11, 2006
    #6
  7. Terrific--let me know what method worked to bring Norton back?

    --

    "Ryan Ward" <> wrote in message
    news:D...
    > FINALLY -Numbers match, and it is no longer detected.
    >
    > Now to bring back Norton.....
    >
    >
    >
    > "Ryan Ward" wrote:
    >
    >> Hey guys...
    >>
    >> So does this thing steal passwords, or not?
    >>
    >> I've tried updating to 5807 a few times now, and the numbers never match
    >> (160/158). Not sure what to do with it.
    >>
    >>
    >>
    >> "Bill Sanderson" wrote:
    >>
    >> > David--please go to Help, about, in Microsoft Antispyware and hit the
    >> > diagnostics button.
    >> >
    >> > Look for a line ending in a pair of numbers separated by a slash.
    >> >
    >> > Are those numbers equal?
    >> >
    >> > If not, 5807 is not fully installed. Please check for any caching
    >> > servers
    >> > on your network, and re-try the update via file, check for updates.
    >> >
    >> > If those numbers are equal, and the FP is still evident, the Symantec
    >> > versioning for what you have in place--both antivirus product and
    >> > definitions, would probably be helpful.
    >> >
    >> > --
    >> >
    >> > "David Galvin" <> wrote in message
    >> > news:...
    >> > > I'm still receiving the false positive with 5807. I'm using Symantec
    >> > > Antivirus Corporate Edition v8.x
    >> > >
    >> > > "Bill Sanderson" wrote:
    >> > >
    >> > >> This is a false positive with definitions 5805--fixed with
    >> > >> definitons
    >> > >> 5807,
    >> > >> available now.
    >> > >>
    >> > >> --
    >> > >>
    >> > >> "JH" <> wrote in message
    >> > >> news:...
    >> > >> > Looks like this may become an epidemic. Same problem here and I
    >> > >> > can't
    >> > >> > find
    >> > >> > anything else on this pws.bancos.a virus. We did system restore to
    >> > >> > an
    >> > >> > earlier
    >> > >> > date and the pws.bancos.a is still there. We do system scans
    >> > >> > weekly
    >> > >> > with
    >> > >> > the
    >> > >> > latest definitions with Microsoft Spyware and Norton Corporate
    >> > >> > 7.6.
    >> > >> > Norton
    >> > >> > doesn't find the pws.bancos.a and also we did scans with AVG and
    >> > >> > Avast
    >> > >> > and
    >> > >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware
    >> > >> > and
    >> > >> > it
    >> > >> > found it but when we remove pws.bancos.a it disables Norton and it
    >> > >> > won't
    >> > >> > enable. Once this happens we tried to reinstall Norton to attempt
    >> > >> > to
    >> > >> > fix
    >> > >> > the
    >> > >> > problem but Norton won't uninstall nor will it install. Help
    >> > >> > please!
    >> > >> >
    >> > >> > "Tom Breit" wrote:
    >> > >> >
    >> > >> >> A number of PCs at our site are having the MS antispyware
    >> > >> >> software
    >> > >> >> reporting
    >> > >> >> this. So far as I can tell, it's an obscure trojan that emulates
    >> > >> >> an
    >> > >> >> on-line
    >> > >> >> Brazilian bank logon page, but ASW rates it a "severe" threat
    >> > >> >> level.
    >> > >> >> And,
    >> > >> >> it
    >> > >> >> appears that when you remove it, it disables Symantec Antivirus.
    >> > >> >> Anyone have any information on this? I can supply a screen shot
    >> > >> >> of the
    >> > >> >> ASW
    >> > >> >> detection screen if that would be helpful.
    >> > >>
    >> > >>
    >> > >>
    >> >
    >> >
    >> >
     
    Bill Sanderson, Feb 11, 2006
    #7
  8. That's ugly!

    I've one more question:
    Can you tell me whether all 4 lines below match what you see when you hit
    the diagnostics button? One possibility is that the 160/160 is not a
    perfect diagnostic--this set of numbers is from a user who found the FP to
    go away.
    ------
    Definitions Increment Version: 160/160
    Definitions ThreatAuditThreatData: 1355029
    Definitions ThreatAuditScanData: 3098970
    Definitions DeterminationData: 806390
    --

    "Tom Grigsby" <Tom > wrote in message
    news:...
    > Bill
    >
    > I have updated, numbers match "Definitions Increment Version: 160/160". I
    > tried reboot, re-install still getting FP. My Symantec is Program CE
    > 9.0.3.1000, Scan eng 51.3.0.11 and def of 2/9/2006 rev 7. Is there any
    > other
    > infromation you need?
    >
    > "Bill Sanderson" wrote:
    >
    >> David--please go to Help, about, in Microsoft Antispyware and hit the
    >> diagnostics button.
    >>
    >> Look for a line ending in a pair of numbers separated by a slash.
    >>
    >> Are those numbers equal?
    >>
    >> If not, 5807 is not fully installed. Please check for any caching
    >> servers
    >> on your network, and re-try the update via file, check for updates.
    >>
    >> If those numbers are equal, and the FP is still evident, the Symantec
    >> versioning for what you have in place--both antivirus product and
    >> definitions, would probably be helpful.
    >>
    >> --
    >>
    >> "David Galvin" <> wrote in message
    >> news:...
    >> > I'm still receiving the false positive with 5807. I'm using Symantec
    >> > Antivirus Corporate Edition v8.x
    >> >
    >> > "Bill Sanderson" wrote:
    >> >
    >> >> This is a false positive with definitions 5805--fixed with definitons
    >> >> 5807,
    >> >> available now.
    >> >>
    >> >> --
    >> >>
    >> >> "JH" <> wrote in message
    >> >> news:...
    >> >> > Looks like this may become an epidemic. Same problem here and I
    >> >> > can't
    >> >> > find
    >> >> > anything else on this pws.bancos.a virus. We did system restore to
    >> >> > an
    >> >> > earlier
    >> >> > date and the pws.bancos.a is still there. We do system scans weekly
    >> >> > with
    >> >> > the
    >> >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    >> >> > Norton
    >> >> > doesn't find the pws.bancos.a and also we did scans with AVG and
    >> >> > Avast
    >> >> > and
    >> >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware
    >> >> > and
    >> >> > it
    >> >> > found it but when we remove pws.bancos.a it disables Norton and it
    >> >> > won't
    >> >> > enable. Once this happens we tried to reinstall Norton to attempt to
    >> >> > fix
    >> >> > the
    >> >> > problem but Norton won't uninstall nor will it install. Help please!
    >> >> >
    >> >> > "Tom Breit" wrote:
    >> >> >
    >> >> >> A number of PCs at our site are having the MS antispyware software
    >> >> >> reporting
    >> >> >> this. So far as I can tell, it's an obscure trojan that emulates an
    >> >> >> on-line
    >> >> >> Brazilian bank logon page, but ASW rates it a "severe" threat
    >> >> >> level.
    >> >> >> And,
    >> >> >> it
    >> >> >> appears that when you remove it, it disables Symantec Antivirus.
    >> >> >> Anyone have any information on this? I can supply a screen shot of
    >> >> >> the
    >> >> >> ASW
    >> >> >> detection screen if that would be helpful.
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Bill Sanderson, Feb 11, 2006
    #8
  9. Tom - if you send me email, at


    I may be able to offer more help.

    --

    "Bill Sanderson" <> wrote in message
    news:%23%23YN%...
    > That's ugly!
    >
    > I've one more question:
    > Can you tell me whether all 4 lines below match what you see when you hit
    > the diagnostics button? One possibility is that the 160/160 is not a
    > perfect diagnostic--this set of numbers is from a user who found the FP to
    > go away.
    > ------
    > Definitions Increment Version: 160/160
    > Definitions ThreatAuditThreatData: 1355029
    > Definitions ThreatAuditScanData: 3098970
    > Definitions DeterminationData: 806390
    > --
    >
    > "Tom Grigsby" <Tom > wrote in message
    > news:...
    >> Bill
    >>
    >> I have updated, numbers match "Definitions Increment Version: 160/160".
    >> I
    >> tried reboot, re-install still getting FP. My Symantec is Program CE
    >> 9.0.3.1000, Scan eng 51.3.0.11 and def of 2/9/2006 rev 7. Is there any
    >> other
    >> infromation you need?
    >>
    >> "Bill Sanderson" wrote:
    >>
    >>> David--please go to Help, about, in Microsoft Antispyware and hit the
    >>> diagnostics button.
    >>>
    >>> Look for a line ending in a pair of numbers separated by a slash.
    >>>
    >>> Are those numbers equal?
    >>>
    >>> If not, 5807 is not fully installed. Please check for any caching
    >>> servers
    >>> on your network, and re-try the update via file, check for updates.
    >>>
    >>> If those numbers are equal, and the FP is still evident, the Symantec
    >>> versioning for what you have in place--both antivirus product and
    >>> definitions, would probably be helpful.
    >>>
    >>> --
    >>>
    >>> "David Galvin" <> wrote in message
    >>> news:...
    >>> > I'm still receiving the false positive with 5807. I'm using Symantec
    >>> > Antivirus Corporate Edition v8.x
    >>> >
    >>> > "Bill Sanderson" wrote:
    >>> >
    >>> >> This is a false positive with definitions 5805--fixed with definitons
    >>> >> 5807,
    >>> >> available now.
    >>> >>
    >>> >> --
    >>> >>
    >>> >> "JH" <> wrote in message
    >>> >> news:...
    >>> >> > Looks like this may become an epidemic. Same problem here and I
    >>> >> > can't
    >>> >> > find
    >>> >> > anything else on this pws.bancos.a virus. We did system restore to
    >>> >> > an
    >>> >> > earlier
    >>> >> > date and the pws.bancos.a is still there. We do system scans weekly
    >>> >> > with
    >>> >> > the
    >>> >> > latest definitions with Microsoft Spyware and Norton Corporate 7.6.
    >>> >> > Norton
    >>> >> > doesn't find the pws.bancos.a and also we did scans with AVG and
    >>> >> > Avast
    >>> >> > and
    >>> >> > still nothing on the pws.bancos.a. Scanned with Microsoft Spyware
    >>> >> > and
    >>> >> > it
    >>> >> > found it but when we remove pws.bancos.a it disables Norton and it
    >>> >> > won't
    >>> >> > enable. Once this happens we tried to reinstall Norton to attempt
    >>> >> > to
    >>> >> > fix
    >>> >> > the
    >>> >> > problem but Norton won't uninstall nor will it install. Help
    >>> >> > please!
    >>> >> >
    >>> >> > "Tom Breit" wrote:
    >>> >> >
    >>> >> >> A number of PCs at our site are having the MS antispyware software
    >>> >> >> reporting
    >>> >> >> this. So far as I can tell, it's an obscure trojan that emulates
    >>> >> >> an
    >>> >> >> on-line
    >>> >> >> Brazilian bank logon page, but ASW rates it a "severe" threat
    >>> >> >> level.
    >>> >> >> And,
    >>> >> >> it
    >>> >> >> appears that when you remove it, it disables Symantec Antivirus.
    >>> >> >> Anyone have any information on this? I can supply a screen shot of
    >>> >> >> the
    >>> >> >> ASW
    >>> >> >> detection screen if that would be helpful.
    >>> >>
    >>> >>
    >>> >>
    >>>
    >>>
    >>>

    >
    >
     
    Bill Sanderson, Feb 11, 2006
    #9
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. PVC

    MS AS and NAV05 hit by trojan

    PVC, Feb 17, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    2
    Views:
    551
    Bill Sanderson
    Feb 17, 2005
  2. Michelle Perry

    trojan.windowsservice.a

    Michelle Perry, Feb 21, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    1
    Views:
    583
  3. Troy

    trojan.windowsservice.A / trojan.startup.d

    Troy, Mar 2, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    2
    Views:
    1,051
    Steve Wechsler [MVP]
    Mar 3, 2005
  4. Paul

    Trojan Downloader TargetSavers (Trojan)?

    Paul, Jun 18, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    1
    Views:
    387
    Engel
    Jun 18, 2005
  5. Guest

    PWS-Pinch Password Stealer ? help

    Guest, Oct 21, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    3
    Views:
    1,111
    Guest
    Oct 23, 2005
  6. Guest

    Trojan.Downloader.Small.popcorn64 Trojan, PWS Pinch Stealer

    Guest, Nov 3, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    4
    Views:
    1,606
    Guest
    Nov 4, 2005
  7. Guest

    RE: pws.bancos.a trojan

    Guest, Feb 10, 2006, in forum: Security and Anti-Spyware Community
    Replies:
    12
    Views:
    670
    Guest
    Feb 10, 2006
  8. Guest

    Def 5807 - still shows pws.bancos.a!

    Guest, Feb 10, 2006, in forum: Security and Anti-Spyware Community
    Replies:
    3
    Views:
    465
    Bill Sanderson
    Feb 11, 2006
Loading...