Terry C wrote:

>Hi all,
>
>Can any one advise if the following AVG result is a high risk item please
>for friend.
>
>Showing as: Trojan Horse PSW.Banker3.jpx
>
>The pc has not been online since the previous AVG scan a couple of days ago.
>Any advice would be really appreciated.
>
>Terry :O)

You didn't say whether or not AVG removed/quarentined the trojan? If
neither, then you will need to remove it manually.

Here's what McAfee says about it:

Characteristics -

When executed, this Trojan drops a copy of itself in the %System%
folder as "torm.dll".

The dropped dll file installs itself as a Browser Helper Object (BHO)
and creates the following registry entry:

HKEY_CLASSES_ROOT\CLSID\{60FD4F58-4748-48f6-B661-5FCE71B0D907} The
Trojan then steals the user's login credentials, when the following
banking related websites are accessed:

akbank.com (Turkish Bank) yapikredi.com.tr (Turkish Bank)
bankofamerica.comThis captured information, is then transmitted back
to the following website using "HTTP POST" method:

fcrrent.info (Attackers site)
http://vil.nai.com/vil/content/v_142103.htm

If you go to the link I provided, you will also find that this trojan
is NOT self replicating and was either placed on the system by another
trojan or loaded by a user through a social engineering trick. Either
way, there appears to be a serious lack of security on your "friends"
pc.

You should run a thorough scan using the latest AVG updates. You
should also run "Complete" scans with Spybot Search & Destroy,
Adaware, and I also recommend SuperAntiSpyware. Once you are
reasonable certain the PC is clean, your friend should change all
his/her online passwords as a precaution.