A New Banker Trojan infects Boot loader and attempts to remove the Security softwares(especially targets the Brazilian Bank Security plug-in) ,detected by Kaspersky Labs.
A Very tiny file(10kb) starts the infection, Kaspersky name it as "Trojan-Downloader.Win32.VB.aof". This Trojan downloader downloads two trojans xp-msantivirus (1.83 MB) and xp-msclean (7.4 MB) - to the system, renames the legitimate ntldr to ntldr.old and finally installs a new file to be a new malicious boot manager
A Very tiny file(10kb) starts the infection, Kaspersky name it as "Trojan-Downloader.Win32.VB.aof". This Trojan downloader downloads two trojans xp-msantivirus (1.83 MB) and xp-msclean (7.4 MB) - to the system, renames the legitimate ntldr to ntldr.old and finally installs a new file to be a new malicious boot manager
These Trojan files attempts to remove the Security Sofware installed in System such as Microsoft Security Essentials, windows Defender..etc. The main target of this Trojan is Security plug-in used by Brazilian banks called GBPlugin, installed in around 23 million machines.
Once the trojan downloaded and installed in your system, it will force you to restart the system. When the boot process ends, the malicious boot loader erases itself and sets the clean ntldr as active – its mission is accomplished and a Trojan banker flagged as Trojan-Downloader.Win32.Banload.bqmv remains running in the infected machine, ready to steal Internet banking credentials. Of course, all these malicious changes in the system are helped by a lot of other factors like running an OS using an administrative account, etc
