ThreatExpert's Statistics for Infostealer.Bancos [Symantec]:

Infostealer.Bancos [Symantec] is also known as:

Threat Alias	Number of Incidents
Mal/Generic-A [Sophos]	812
Rootkit.Win32.Banker.c [Ikarus]	598
Win-Trojan/Banker.7936 [AhnLab]	506
Trojan-Banker.Win32.Banker.amzs [Kaspersky Lab]	493
Trojan-Banker.Win32.Banker [Ikarus]	472
Rootkit.Win32.Banker.c [Kaspersky Lab]	460
PWS-Banker [McAfee]	456
Trojan-PSW.Bancos [PC Tools]	372
TrojanSpy:Win32/Bancos.OK [Microsoft]	368
Win-Trojan/Banker.8448 [AhnLab]	323
Trojan-Banker.Win32.Banker.anjq [Kaspersky Lab]	304
PWS-Banker!bsp [McAfee]	289
Trojan.Banker.Delf [Ikarus]	289
Trojan-Spy.Bankject [PC Tools]	274
Trojan-Spy.Win32.Banker.cnb [Kaspersky Lab]	273
TSPY_BANKER.BFU [Trend Micro]	224
PWS-Banker.gen.i [McAfee]	172
Trojan:Win32/Killav.KO [Microsoft]	170
Mal_Banker [Trend Micro]	163
Rootkit.Win32.Banker.e [Ikarus]	156
Rootkit.Win32.Banker.e [Kaspersky Lab]	144
Troj/Banker-EEJ [Sophos]	144
PWS-Banker!baw [McAfee]	138
VirTool:Win32/Obfuscator.C [Microsoft]	129
Generic.dx [McAfee]	114
PWS-Banker!cos [McAfee]	112
TrojanSpy:Win32/Bancos.QL [Microsoft]	112
Win-Trojan/Banker.8832 [AhnLab]	112
PWS-Banker!bkt [McAfee]	108
Win-Trojan/Rootkit.7168.O [AhnLab]	108
Generic.PWS.Games.3 [Ikarus]	96
Mal/Banspy-F [Sophos]	91
Trojan-Spy.Banker [Ikarus]	65
Trojan-Spy.Bancos!sd5 [PC Tools]	58
Trojan-Spy.Banker!sd5 [PC Tools]	58
Trojan-Spy.Bancos!sd6 [PC Tools]	55
Trojan-Downloader.Win32.Banload [Ikarus]	51
Win-Trojan/Xema.variant [AhnLab]	51
TrojanSpy:Win32/Zbot.gen!C [Microsoft]	50
Trojan.Banker.LER [Ikarus]	48
Mal/Zbot-H [Sophos]	46
Possible_Mlwr-7 [Trend Micro]	45
Trojan-Banker.Win32.Banbra [Ikarus]	42
Trojan-Spy.Zbot!sd6 [PC Tools]	40
New Malware.eb [McAfee]	38
Trojan-Spy.Win32.Bancos.zm [Ikarus]	38
TrojanSpy:Win32/Mafod!rts [Microsoft]	38
Mal/Emogen-H [Sophos]	37
Troj/Agent-JPX [Sophos]	37
Trojan:Win32/Tiebho.A [Microsoft]	37
Generic.dx!s [McAfee]	36
Trojan.BHO.Dropper [Ikarus]	36
TrojanSpy.Banker.AVQY [PC Tools]	36
Trojan-Spy.Win32.Zbot.hvi [Kaspersky Lab]	36
Mal/Banker-E [Sophos]	35
Gen.Trojan [Ikarus]	33
TrojanSpy:Win32/Banker [Microsoft]	32
Mal/Behav-130 [Sophos]	30
Packed/Upack [PC Tools]	28
Trojan-Banker.Win32.Banker.cxx [Kaspersky Lab]	28
PWS-Banker.bat [McAfee]	27
Mal/VBBanc-A [Sophos]	26
Trojan-Spy.Win32.Banker.bbh [Ikarus]	26
PWS-Banker.gen.dh.dldr [McAfee]	24
Trojan.Banker.SWF [Ikarus]	24
Trojan-Downloader.Win32.Delf.shs [Kaspersky Lab]	24
Trojan-Spy.Win32.Banker.cxx [Ikarus]	24
Trojan-Dropper.Delf [Ikarus]	23
Generic PWS.y [McAfee]	22
Trojan-Dropper.Win32.VB.agtt [Kaspersky Lab]	22
Generic.dx!cpp [McAfee]	20
PWS-Banker!bsj [McAfee]	20
PWS-Banker.gen.bq [McAfee]	20
Trojan-Banker.Win32.Banbra.qcx [Kaspersky Lab]	20
Trojan-Banker.Win32.Bancos [Ikarus]	20
Trojan-Downloader.Win32.Agent.cmok [Kaspersky Lab]	20
Trojan-Spy.Win32.Banker.cuk [Kaspersky Lab]	20
TrojanSpy:Win32/Bancos.NV [Microsoft]	20
TrojanSpy:Win32/Banker.JX [Microsoft]	20
Win-Trojan/Downloader.103424.P [AhnLab]	20
Trojan.Banker [PC Tools]	19
Generic.Banker.Delf [Ikarus]	18
PWS-Banker.dldr [McAfee]	18
Trojan-Downloader.Delf!sd6 [PC Tools]	18
TrojanSpy.Banker.Gen.2 [PC Tools]	18
Mal/Behav-285 [Sophos]	17
Mal/DelpBanc-A [Sophos]	17
New Malware.n [McAfee]	17
Trojan.Crypt [Ikarus]	17
Trojan.Crypt.Delf.F [Ikarus]	17
Backdoor.Win32.Delf.opq [Kaspersky Lab]	16
PWS-Banker.gen.cg [McAfee]	16
Trojan.Win32.BHO.d [Ikarus]	16
Trojan-Downloader.Win32.FraudLoad.vdjm [Kaspersky Lab]	16
Win-Trojan/Banbra.581632.G [AhnLab]	16
Packed.Win32.Black.a [Kaspersky Lab]	15
TrojanSpy:Win32/Bancos.gen!B [Microsoft]	15
PWS-Banker!l [McAfee]	14
Trojan-Dropper.Agent [Ikarus]	14
TrojanSpy:Win32/Bancos.gen!C [Microsoft]	14

Infostealer.Bancos [Symantec] has the following possible countries of origin:

Origin		Number of Incidents
	Brazil	1,282
	Russian Federation	135
	Israel	29
	China	25
	Germany	25
	Spain	24
	Italy	17
	Republic of Korea	8
	United Kingdom	6
	Canada	4
	Poland	4
	Portugal	4
	Sweden	4
	Netherlands	3
	Belgium	2
	France	2
	Croatia	1
	Egypt	1
	Mexico	1
	Pakistan	1
	Slovakia	1
	Ukraine	1
	Venezuela	1

Infostealer.Bancos [Symantec] is known to be created as:

%AllUsersProfile%\menu iniciar\programas\inicializar\svchost.exe

%AppData%\dxdlls\imapde.dll

%AppData%\gusanit.exe

%AppData%\gusanitos.exe

%AppData%\key.exe

%AppData%\klg1.dll

%AppData%\spoolsv.exe

%CommonPrograms%\startup\acer.exe

%CommonPrograms%\startup\amor.exe

%CommonPrograms%\startup\amsn.exe

%CommonPrograms%\startup\antivirus.exe

%CommonPrograms%\startup\avg.exe

%CommonPrograms%\startup\avp.exe

%CommonPrograms%\startup\avsgccs.scr

%CommonPrograms%\startup\bsyys.exe

%CommonPrograms%\startup\bsyys.scr

%CommonPrograms%\startup\cica.exe

%CommonPrograms%\startup\exalien.exe

%CommonPrograms%\startup\excorp.exe

%CommonPrograms%\startup\flash.exe

%CommonPrograms%\startup\gbplugin.exe

%CommonPrograms%\startup\help.scr

%CommonPrograms%\startup\imglog.exe

%CommonPrograms%\startup\java7.exe

%CommonPrograms%\startup\kss.exe

%CommonPrograms%\startup\livemessenger.scr

%CommonPrograms%\startup\lsass.exe

%CommonPrograms%\startup\msdoc.exe

%CommonPrograms%\startup\msnmsg.scr

%CommonPrograms%\startup\msnmsgr.exe

%CommonPrograms%\startup\msnmsgr.scr

%CommonPrograms%\startup\my_love.exe

%CommonPrograms%\startup\norton32.exe

%CommonPrograms%\startup\servico.exe

%CommonPrograms%\startup\smss.exe

%CommonPrograms%\startup\sound.exe

%CommonPrograms%\startup\startup.exe

%CommonPrograms%\startup\svchost.scr

%CommonPrograms%\startup\svchostss.exe

%CommonPrograms%\startup\sys_aupdate.exe

%CommonPrograms%\startup\syss.exe

%CommonPrograms%\startup\system32.exe

%CommonPrograms%\startup\systray.exe

%CommonPrograms%\startup\wapp.exe

%CommonPrograms%\startup\win.exe

%CommonPrograms%\startup\windows32.exe

%CommonPrograms%\startup\windowsupdate.scr

%CommonPrograms%\startup\winhost.exe

%CommonPrograms%\startup\winnt.exe

%CommonPrograms%\startup\wm2emt.exe

%CommonPrograms%\startup\wmplayer.scr

%CommonPrograms%\startup\wsnctfy.exe

%FontsDir%\ccapp.exe

%FontsDir%\taskmgr.exe

%ProgramFiles%\adobe\reader 9.0\reader\acro-broker.exe

%ProgramFiles%\adobe\reader 9.0\reader\acrord-32.exe

%ProgramFiles%\antispam uol\uolantispam.exe

%ProgramFiles%\bifrost\system.exe

%ProgramFiles%\common files\100038.exe

%ProgramFiles%\common files\system\ado\nerowtrf.exe

%ProgramFiles%\dwimn\live.exe

%ProgramFiles%\dwimn\rds.exe

%ProgramFiles%\gbplugin\gbpdist.dll

%ProgramFiles%\id security suite\id usb lock key\winlockdll.dll

%ProgramFiles%\internet explorer\explore.exe

%ProgramFiles%\internet explorer\iexpleror.exe

%ProgramFiles%\internet explorer\msnloge.exe

%ProgramFiles%\java\jre1.6.0_06\bin\javas.exe

%ProgramFiles%\monrs\rds.exe

%ProgramFiles%\monrs\sendchat.exe

%ProgramFiles%\online services\icacls.exe

%ProgramFiles%\quicktime_.exe

%ProgramFiles%\wp\gtaskup.exe

%Programs%\startup\bsyys.scr

%Programs%\startup\csrss.exe

%Programs%\startup\netdaemon.exe

%Programs%\startup\svchostss.exe

%System%\00cd1a40.exe

%System%\1234393758\wininit.exe

%System%\acer.exe

%System%\aecces.exe

%System%\aj32.dll

%System%\ant7847.exe

%System%\aosmtp.dll

%System%\apsystem32.exe

%System%\audiohq.exe

%System%\avg.exe

%System%\bifrost\server.exe

%System%\bnsock.dll

%System%\brwsptnr.dll

%System%\bsyys.exe

%System%\bsyys.scr

%System%\btask.dll

%System%\btaskv.dll

%System%\btasv.dll

%System%\bulgan.dll

%System%\cf.exe

%System%\cf1a14.exe

%System%\cimm.dll

%System%\cltmon.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).