TrojanSpy.Banker.1935

Aliases:	Trojan-Spy.Win32.Banker.cnb (Kaspersky)
Date added:	2007-10-14

Details

Size: 40kb (many variants known).

C:\WINDOWS\System32\mac.dll
C:\WINDOWS\System32\helper.xml

TrojanHunter completely eliminates this threat.

Removal

Remove the following in the registry, and delete mac.dll and helper.xml

• HKEY_CLASSES_ROOT\CLSID\{33161E98-0A6C-4d3c-BD62-3A7D56137F52}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33161E98-0A6C-4d3c-BD62-3A7D56137F52}

The presence of helper.xml can indicate an infection of this Banker trojan or a variant.