Trojan Banker

Trojan Banker designates the type of trojan horse specialized in theft of accesses to the bank site.
To achieve this, the trojan uses several techniques.

What is Trojan Banker?

A Trojan Banker can work in different ways to achieve its ends.
For example, by injecting code into bank websites, or by intercepting passwords or information through the use of Keyloggers.
Some of these trojans embed “form grabber” functionalities, ie they are able to save forms including login forms.
The ability to steal passwords can also induce detections such as TrojanSpy: Win32 / Stealer, Trojan.PWS, Win32: PWSX-gen or Win64: PWSX-gen.
Thus, we can group the Trojan Banker in threats of type spyware.

In addition, the Trojan Banker joins the infected PC in a botnet.
This is an infected PC network controlled by an operator.
The latter can also rent or sell infected PCs to perform malicious operations such as:

  • Perform DDoS attacks to cripple websites or services such as online games
  • Send spam mails like phishing or other malware to deceive internet users
  • Perform port scans, scan or service port to find vulnerable systems
  • Use infected PC as Socks, Proxy to camouflage illegal internet operations
Threat typeTrojan / Trojan horse
Threat subtypeTrojan.Banker
Assumed functionalitySteal bank details / bank website credentials
DetectionsHOUR: Trojan-Banker.MSIL.ClipBanker (Kasperski)
Win32: PWSX-gen [Trj] (Avast !, AVG)
Trojan: Win32 / AgentTesla (Microsoft)
Trojan.Win64.Crypt / Trojan.Win32.Crypt
Trojan.ClipBanker (Malwarebytes)
RDN / PWS-Banker
InfoStealer (Norton)

Malware that downloads and installs a Trojan.Banker is called Trojan: Win32 / Banload.
Malware familyTrojan: Win32 / Ymacco, Trickbot,  VarenykyGozNym, HawkEye, IcedID
Ursnif, Trojan.Qbot, Trojan Dridex ou Emotet
Symptoms of the diseaseNo specific symptoms, the malware tries to be discreet
But it will steal data, identifiers including passwords
Damage to the systemNone in particular
Can download and install other malware
Trojan Banker sheet

These computer threats are very dangerous and cause significant financial damage every year.
If your antivirus detects this type of malware, you should take the threat seriously.
For this, a full virus scan is required.

How to remove a Trojan Banker from your PC

Preventing harm from Banker Trojans is a top priority in financial industries as they move to new remote access and digital models. Experts express specific concerns about online brokerage tools, as users can do many types of transactions through these portals.

While waiting to remove a Trojan Banker from your PC, you can follow the directions and procedure of this free tutorial.

Remove Trojan Banker with MBAM

  • Download then install Malwarebytes Anti-Malware
  • Let yourself be guided to carry out the first configurations
  • Then Launch a quick scan by clicking on the button Analyze
  • At the end of the scan, delete all the threats detected
  • Finally restart your PC if MBAM asks for it
Remove viruses with Malwarebytes Anti-Malware

Malwarebytes Anti-Malware in video:

Remove Trojan Banker with RogueKiller

  • Download then install RogueKiller
  • Start a PC virus scan by clicking on the button Analyze
Remove viruses with RogueKiller / Remove malware with RogueKiller
  • Let the scan run, it will take some time
  • Finally remove all detected threats
Remove viruses with RogueKiller / Remove malware with RogueKiller

Remove Trojan Banker with NOD32

  • Download then run esetonelinescanner.exe
  • Then let yourself be guided to perform the analysis online then enable PUA detection (Potentially unwanted application)
Perform a NOD32 online scan to remove viruses
  • Then the analysis of NOD32 is carried out, again, it will take a long time, be patient
  • Finally place all the detected elements in quarantine

NOD32 scan in video:

Need personalized help?

Nothing works ?
Need personalized help?
Go to the forum by creating your own topic, we will help you!
=> Malekal Forum - Virus Removal Help


How to protect your PC from viruses

You can delete the programs used, if you wish you can keep Malwarebytes Anti-Malware to perform regular scans.
Remove AdwCleaner and ZHPCleaner, there is no point in keeping them for regular analyzes.

It is strongly advised to change all your passwords (Facebook, online games, emails etc).

Here are some tips to keep your computer safe and prevent malware.
To secure your computer, especially update all your software (Adobe Flash, Java etc): Secure your computer and protect your PC from viruses.