chostsv.exe - Useless

chostsv.exe

Manual removal instructions:

chostsv.exe
PWSteal.Banpaes.C.
Is a Trojan horse that attempts to steal online banking information.

Also known as PWSteal.Banpaes, PWSteal.Banpaes.B

When PWSteal.Banpaes.C is executed, it performs the following actions:
Creates the following files:
%System%\Chostsv.exe
%System%\Mouse32.dll
%System%\Keybrd32.dll
%System%\Kuser.dll
%System%\Serv.dll
C:\Temp\Install.exe (This may not be created if the Temp folder does not exist in this location).

Adds the value:
"chostsv"="%System%\chostsv.exe"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Logs keystrokes if the keystrokes are entered in windows that have any of the following strings in the window's title bar:
Caixa Economica Federal
Internet Banking CAIXA
BESC - Banco do Estando de Santa Catarina
Banco do Estado de Santa Catarina
Gerenciador Financeiro
Teclado Virtual
HSBC
Credicard
MasterCard
and some other.

Then, this Trojan sends the keystrokes to a predefined email address.

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value:
"chostsv"="%System%\chostsv.exe"

Or use RegRun to automatically remove this registry item.

Remove chostsv.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.