Win32 /Banker is a family of data stealing trojans that captures banking credentials such as account numbers and passwords from computer users and then relays the captured information to the attacker.
Is your computer up to date with all security updates and optional updates for programs such as Java or Adobe?
There are some excellent tools in this document
Moved this to Malware Discussion > Home User Assiistance.
TROJAN:SPY:WIN32/BANKER is the name one A/V vendor, Microsoft MSE gives it. Other vendors will give it different names. How do you mean IE identified it? IE has no virus detection capability.
Look in the last link in my signature below and run Malwarebytes Free, RootkitRemover for starters.
Welcome to the McAfee Communities. May I kindly ask you how you determined you have been infected by (Trojan:SPY:Win32/Banker). Have you ran a "Full Scan" with the latest updates? As for the (About:Blank) is concerned, it is usually associated with the "Notorious CoolWebSearch"Browser Hijacker.
It has many variants,and other names as well. I am running MTP-2014 also, and I soley use Internet Explorer11. Would you please run a "Full Scan", and quite possibly afterwards, Download/Install Malwarebytes Anti-Malware (Free). You can find this resourceful application below my Signature, in the second Link.
Please (do not) accept a (Free Trial) or activate, as this will initiate the "Real Time Scan Module" and clash with McAfee. The free Version will suffice....Please post back your results. For as I stated, I use IE11 all of the time, and have not experienced such?
I might add also, to determine you have the most recent (Engine version). Simply open your McAfee Interface, Click on (About) and under your Anti-Virus and Anti-Spyware, it should be 1883.0/Engine Creation Date/ 5/8/2014.
Btw...Has your (Homepage) changed?
All the best,
Oooops !!! Sorry k3tg, Ex_Brit....I would lose in a "GunFight"
I thought it was only happening to me, I experienced that last night while attempting to assist lightdragon.
Yet is working okay today?
Jive wont allow changes once the post has been answered, unless you are one of us, which hopefully will happen one of these days.
Thanks for clarifying that Peter Drove me "Batty " last night.
Now I,ll know in case of future occurances.
It drove us batty in the early days too because even we didn't have the authority to start with, then adjustments were made. Even now there are some areas of the forums where we Mods have no authority, places like Japan Corpoorate for instance.
@All except the original poster (mncosta) :
As the question asked by mncosta has still not been resolved, could you please curtail the off-topic discussion of Jive's shortcomings in this thread?
The detection name given in the original post ("TROJAN:SPY:WIN32/BANKER") is not by itself a description of an actual piece of malware. Microsoft has a classification of "TrojanSpy:Win32/Banker", but that name refers to a whole family of malware designed to steal banking credentials, mostly from users and banks in Brazil (although I seem to recall that more recently the malware has been targeting banks in other countries - this from one of the security bloggers, although I can't find the post).
If this banking malware was detected by a Microsoft anti-malware program then the generic name as given in the post should have a suffix to identify the particular variant, of which there are many. No suffix probably means the variant is unknown.
McAfee has several names for the different variants (for instance, Generic PWS.b); the most recent variant I found, submitted to VirusTotal a month ago (see this report) was given an Artemis detection.
The statement that "IE has no virus detection capability" is not correct. The browser itself does not perform any anti-malware checking BUT in IE11 Smartscreen Filter has been enhanced so that website addresses and downloaded files are sent to Microsoft for checking against blacklists. This is explained in the Internet Explorer Privacy Statement at
SmartScreen Filter is designed to help warn you about unsafe websites that are impersonating trusted websites (phishing) or contain threats to your PC. If you opt in to SmartScreen Filter, it first checks the address of the webpage you're visiting against a list of high-traffic webpage addresses stored on your PC that are believed by Microsoft to be legitimate
.... if you download or run a program from the Internet, SmartScreen will check the program against a list of commonly downloaded and known unsafe programs to help protect you from running unsafe programs
Since McAfee does detect most variants of this malware the question remains whether the malware blocked by Smartscreen Filter is a new variant for which there is as yet no malware signature. Presumably the malware has been modified in such a way that it matches no existing malware signature, and is not recognisable as malware by whatever heuristic checks are run on downloaded software.
Alternatively, perhaps Microsoft blocked the download before McAfee had a chance to check it.
Message was edited by: Hayton on 09/05/14 02:51:27 IST