Home / malware TrojanSpy:Win32/Bhoban.E
First posted on 22 January 2013.
Source: MicrosoftAliases :
TrojanSpy:Win32/Bhoban.E is also known as Mal/Bancos-BY (Sophos), PWS-Banker!hf3 (McAfee), TR/Zusy.AY (Avira), Trojan.NtRootKit.14980 (Dr.Web), Trojan.Spy.Banker!4D6B (Rising AV), Win32/Spy.Banker.YPC trojan (ESET), Win-Trojan/Bhoban.7424 (AhnLab).
Explanation :
TrojanSpy:Win32/Bhoban.E is a trojan used to set up malicious BHOs (browser helper objects) on your computer.
TrojanSpy:Win32/Bhoban.E may be dropped and run by other malware.
When run, it installs the target BHO in Internet Explorer by adding an entry under the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects."
It also modifies your computer to always enable BHOs, even if they have previously been disabled or turned off. It does this by hooking the RegOpenKeyExW Windows API to persistently register BHO components.
Analysis by Gilou Tenebro
Last update 22 January 2013
