ThreatExpert's Statistics for TrojanSpy:Win32/Banker [Microsoft]:

TrojanSpy:Win32/Banker [Microsoft] is also known as:

Threat Alias	Number of Incidents
Infostealer.Bancos [Symantec]	32
Mal_Banker [Trend Micro]	19
PWS-Banker [McAfee]	19
PWS-Banker.gen.i [McAfee]	15
Infostealer.Banpaes [Symantec]	12
Mal/Banspy-F [Sophos]	12
Trojan-Spy.Win32.Banbra [Ikarus]	12
Mal/Generic-A [Sophos]	11
Infostealer.Bancos!gen [Symantec]	9
Trojan.Banker [PC Tools]	9
Mal/Banker-E [Sophos]	8
Trojan Horse [Symantec]	7
Trojan.Crypt [Ikarus]	7
Trojan-Spy.Banker!sd5 [PC Tools]	7
Constructor.Win32.Downldr [Ikarus]	6
Downloader [Symantec]	6
Trojan-Banker.Win32.Banbra [Ikarus]	6
Win-Trojan/Xema.variant [AhnLab]	6
Infostealer [Symantec]	5
Trojan-Banker.Win32.Banker [Ikarus]	5
Trojan-Downloader.Win32.Banload [Ikarus]	5
Bloodhound.Bancos.1 [Symantec]	4
Generic.Banker.Delf [Ikarus]	4
Mal/Emogen-N, Mal/Behav-180 [Sophos]	4
New Win32 [McAfee]	4
Troj/Banker-BNX [Sophos]	4
Troj/Banker-BQI [Sophos]	4
Trojan-Banker.Win32.Agent.z [Kaspersky Lab]	4
Trojan-Banker.Win32.Banker.ahzs [Kaspersky Lab]	4
Trojan-Banker.Win32.Banker.biy [Kaspersky Lab]	4
Trojan-Banker.Win32.Banker.fme [Kaspersky Lab]	4
Trojan-Banker.Win32.Banker.ycd [Kaspersky Lab]	4
Win-Trojan/Bancos.815104 [AhnLab]	4
Win-Trojan/Banker.201728.B [AhnLab]	4
Win-Trojan/Banker.634368.E [AhnLab]	4
Mal/Behav-130 [Sophos]	3
Mal/Behav-180 [Sophos]	3
New Malware.bl [McAfee]	3
PWS-Banker!do [McAfee]	3
PWS-Banker.dldr [McAfee]	3
PWS-Banker.gen.b [McAfee]	3
PWS-Banker.gen.ba [McAfee]	3
Trojan-Banker.Win32.Bancos [Ikarus]	3
Trojan-Banker.Win32.Bancos.eeq [Kaspersky Lab]	3
Trojan-Banker.Win32.Banker.etk [Kaspersky Lab]	3
Trojan-Downloader.Win32.VB.ojy [Kaspersky Lab]	3
Trojan-Spy.Win32.Banker.anv [Ikarus]	3
Win-Trojan/Bancos.225280.D [AhnLab]	3
Win-Trojan/Bancos.446464.AM [AhnLab]	3
BehavesLikeWin32.SMTP-Mailer [Ikarus]	2
Generic.dc [McAfee]	2
Mal/Banspy-F, Mal/Banspy-I [Sophos]	2
Mal/Behav-053 [Sophos]	2
PWS-Banker.gen.bb [McAfee]	2
Trojan-Banker.Win32.Banbra.boe [Kaspersky Lab]	2
Trojan-Banker.Win32.Bancos.ehw [Kaspersky Lab]	2
Trojan-Banker.Win32.Banker.atx [Kaspersky Lab]	2
Trojan-Banker.Win32.Banker.bbb [Kaspersky Lab]	2
Trojan-Banker.Win32.Banker.enw [Kaspersky Lab]	2
Trojan-Banker.Win32.Banker.vfc [Kaspersky Lab]	2
Trojan-Dropper.Agent [Ikarus]	2
Trojan-Dropper.Delf [Ikarus]	2
Trojan-PWS.Win32.OnLineGames [Ikarus]	2
Trojan-Spy.Banker!ct [PC Tools]	2
Trojan-Spy.Win32.Banbra.ui [Kaspersky Lab]	2
Trojan-Spy.Win32.Banker.cpz [Ikarus]	2
Trojan-Spy.Win32.Banker.dgh [Ikarus]	2
Backdoor.Haxdoor [Symantec]	1
Backdoor.Reload.BR [PC Tools]	1
Backdoor.Trojan [Symantec]	1
Backdoor.Win32.G_Door [Ikarus]	1
Backdoor.Win32.Rbot [Ikarus]	1
Backdoor.Win32.Reload.bv [Kaspersky Lab]	1
Backdoor.Win32.SdBot.frw [Kaspersky Lab]	1
Generic PWS [McAfee]	1
Generic PWS.b [McAfee]	1
Generic PWS.y [McAfee]	1
Generic PWS.y!w [McAfee]	1
Generic.ca [McAfee]	1
Generic.cb [McAfee]	1
Generic.di [McAfee]	1
Generic.ek [McAfee]	1
Generic.PWS.Games.3 [Ikarus]	1
Infostealer.Bancos.gen [Symantec]	1
Infostealer.Banker.D [Symantec]	1
Infostealer.Lemir.Gen [Symantec]	1
Infostealer.Orcu [Symantec]	1
Mal/Banc-B [Sophos]	1
Mal/Banker-B, Mal/Banspy-F, Mal/Behav-248, Mal/Banspy-I, Mal/Banspy-G, Troj/Bnkmr-Fam [Sophos]	1
Mal/Banspy-F, Mal/Bank-A, Mal/Behav-043 [Sophos]	1
Mal/Banspy-F, Mal/Behav-053 [Sophos]	1
Mal/Banspy-F, Mal/Behav-248, Mal/Banspy-G, Troj/Bnkmr-Fam [Sophos]	1
Mal/Banspy-F, Mal/Behav-248, Mal/Banspy-I, Mal/Banspy-G, Troj/Bnkmr-Fam [Sophos]	1
Mal/Banspy-F, Mal/Behav-248, Mal/EncPk-BW, Mal/Banspy-I, Mal/Banspy-G, Mal/Reload-A, Troj/Bnkmr-Fam [Sophos]	1
Mal/Banspy-F, Mal/EncPk-BA [Sophos]	1
Mal/Behav-053, Troj/Bnksa-Fam [Sophos]	1
Mal/Behav-058 [Sophos]	1
Mal/Behav-112 [Sophos]	1
Mal/Behav-152 [Sophos]	1
Mal/Behav-248, Troj/Bnkmr-Fam [Sophos]	1

TrojanSpy:Win32/Banker [Microsoft] has the following possible countries of origin:

Origin		Number of Incidents
	Brazil	98
	China	3
	United Kingdom	3
	Czech Republic	2
	Poland	1
	Russian Federation	1

TrojanSpy:Win32/Banker [Microsoft] is known to be created as:

%CommonPrograms%\startup\antivirus.exe

%CommonPrograms%\startup\avsgccs.scr

%CommonPrograms%\startup\lsass.exe

%CommonPrograms%\startup\svchost.scr

%CommonPrograms%\startup\system32.exe

%System%\codecdivxx.exe

%System%\dllcache\java.dll

%System%\drivers\system.exe

%System%\explorie.exe

%System%\hosted.exe

%System%\kernel32.exe

%System%\msngr.exe

%System%\mstrans.dll

%System%\servlces.exe

%System%\svchost.scr

%System%\system32.exe

%System%\systen.exe

%System%\torm.dll

%Temp%\tools\iexplorea.exe

%Temp%\tools\iexploreb.exe

%Temp%\tools\iexplorec.exe

%Temp%\tools\iexplored.exe

%Temp%\tools\iexploree.exe

%Temp%\tools\iexploref.exe

%Temp%\tools\iexploreg.exe

%Temp%\tools\iexploreh.exe

%UserProfile%\s60.1.exe

%Windir%\config\svchost.exe

%Windir%\media\avmsupd.exe

%Windir%\mess.exe

%Windir%\svchosts.exe

%Windir%\system\basilisco.exe

%Windir%\system\svchost.exe

%Windir%\winnt.exe

Notes:

%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.