We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanProxy:Win32/Banker.O
Aliases: TR/Proxy.Banker.O (Avira) Trojan.PWS.Banker1.1298 (Dr.Web) BAT/Spy.Banker.W trojan (ESET) Trojan-Banker.BAT.Banker.v (Kaspersky) PWS-Banker!hcw (McAfee)
Summary
TrojanProxy:Win32/Banker.O is a trojan that downloads a malicious JScript file. The downloaded file, detected as TrojanProxy:JS/Banker.N, redirects your browser traffic through an attacker-controlled proxy server.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Additional remediation instructions for TrojanProxy:Win32/Banker.O
This threat may make lasting changes to a computer's configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article/s:
