Some users of our forum reported this entry in Spybot:
Win32.Banker.ekn: Settings (Chave do registro, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GbpSv
Win32.Banker.ekn: Settings (Chave do registro, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\GbpSv
Win32.Banker.ekn: Settings (Chave do registro, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv
I think could be a false positive. Two cases, with HijackThis logs:
http://linhadefensiva.uol.com.br/for...howtopic=59949
http://linhadefensiva.uol.com.br/for...howtopic=59749
GbpSv is the service of GBPlugin, a internet banking plugin very common in Brazil:
http://www.prevx.com/filenames/40203...GBPSV.EXE.html
Please analyse,
Fabio Assolini
www.linhadefensiva.org