Bancos has long been a serious problem in Brazil, referenced there as "Bankos". In fact, the problem is so serious, developers at the popular ASAP member forum, Linha Defensiva, developed BankerFix, specifically addressing the removal of the trojan and providing expert assistance in cleanup.
"Bancos exhibits a wide variety of behaviors- however essentially all variants attempt to steal banking or financial passwords using one (or several) common techniques. Some examples of these techniques include redirecting users to fake pages, monitoring keystrokes, interfering with browsers, searching for cached passwords, etc.
After it has started, Bancos typically will search the system for cached passwords and then remain memory resident waiting for a browser window with a title that it's been instructed to look for. If a victim visits a page with a page title that the trojan is looking for, it will typically either capture data or present the user with a false version of the page enabling it to capture the victims credentials.
Once found, credentials are transmitted back to the distributor (often via email or ftp). We've seen quite a few samples using mail servers belonging to large web-mail providers being used to send the stolen credentials, often to yet another web-based e-mail account."
After removing Bankos or any other password-stealing trojan, be sure to change all your passwords. In fact, although I have said it before, it bears repeating -- never access your bank or credit card site or make online purchases with an infected computer. Use a family member or friend's computer to change your passwords.
- ASAP (Alliance of Security Analysis Professionals)
- BankerFix - Removedor Genérico de Bankers
- Linha Defensiva Banker Fix Forum
- MMPC Encyclopedia Top 5: More Bancos