Skip to main content
Published Oct 06, 2009 | Updated Sep 15, 2017

TrojanSpy:Win32/Bebloh.A

Detected by Microsoft Defender Antivirus

Aliases: URLZone (other) Trojan-Spy.Win32.Bebloh!IK (other) Win-Trojan/Runner.82176 (AhnLab) Packed.Monder (AVG) Trojan.Agent.ANBR (BitDefender) Win32/Sipay.IU (CA) Trojan.Win32.Runner.fq (Kaspersky) Generic PWS.y!cy (McAfee) W32/Zbot.gen20 (Norman) Trj/Runner.J (Panda) Mal/BredoPk-B (Sophos) Trojan.Runner.EQ (VirusBuster)

Summary

TrojanSpy:Win32/Bebloh.A is a trojan that monitors and captures logon credentials to certain online banking and financial institutions. The trojan also changes Windows settings, forces use of Internet Explorer as a Web browser and may be used by an attacker to withdraw funds from online banking accounts.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.
 
TrojanSpy:Win32/Bebloh.A attempts to steal sensitive and confidential information from affecters users in order to perpetrate fraud. If you believe that your personal financial information may have been compromised, please refer to the following advisory for additional advice:
Follow us