Win32/ClipBanker [Threat Name] go to Threat

Win32/ClipBanker.D [Threat Variant Name]

Category trojan
Size 45568 B
Detection created Sep 22, 2014
Detection database version 10447
Short description

Win32/ClipBanker.D is a trojan that can interfere with the operation of certain applications.

Installation

When executed, the trojan copies itself into the following location:

  • C:\­Windows\­wconfig.exe

In order to be executed on system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "Userinit" = "C:\­Wndows\­System32\­userinit.exe, wconfig.exe"

After the installation is complete, the trojan deletes the original executable file.

Other information

The trojan may alter the contents of the clipboard.


The following services are affected:

  • WebMoney

It may perform the following actions:

  • make operating system unbootable

Please enable Javascript to ensure correct displaying of this content and refresh this page.