Keep in mind, as noted here, Win32.TrojanSpy.Bancos is only an alias for the "hacking tool" you installed. There was a thread at CNET some years back, where a password tool was discussed. I used the utility (at the time) to check some passwords on my own system. A good deal of scanners detected it. For example, A
Sorry for the length!
About a month ago I downloaded a RAR password cracker which Trendmicro Sysclean detected as malware. I was able to remove it and related registry files. According to the Trendmicro threat encyclopedia, HackingTools_RARPasswordCracker is also known as Win32.TrojanSpy.Bancos (Link here- http://threatinfo.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=HACKINGTOOLS_RARPASSWORDCRACKER). I googled Win32.TrojanSpy.Bancos and one of the results (http://www.spywareguide.com/spydet_1963_trojan_banker_q.html) states that it if I had this on my computer, the people responsible now have my e-mail and bank log in information, since my bank and e-mail provider's web addresses are both listed. Is HackingTools_RARPasswordCracker always Win32.TrojanSpy.Bancos, or is HackingTools_RARPasswordCracker always branded as such even if it doesn't have Win32.TrojanSpy.Bancos? Also, I have Windows XP and not Windows NT, so would my information failed to have reached the author's server as it says on the second site?
Prior to using Sysclean I also used Trendmico Housecall which detected rpc.exe (which is what prompted me to run Sysclean). Is rpc.exe the same as HackingTools_RARPasswordCracker / Win32.TrojanSpy.Bancos, or completely different malware?