BitDefender offers free removal tool for malware that steals FTP and e-banking passwords

January 2011

Free new disinfection tool against Backdoor.Lavandos available on for all computer users

BUCHAREST, Romania – January 13, 2011 - BitDefender®, an award-winning provider of innovative internet security solutions, has announced a free removal tool targeting the Backdoor.Lavandos.A, a resourceful malware that steals FTP and e-banking passwords in the most discreet manner.  

Even though its primarily target is the e-banking system used especially by Russian and Ukrainian institutions, Lavandos does not stop at just snatching e-banking passwords, it will also look for and grab all private data from the accounts the operator of the infected computer may use.

“What is particularly interesting about this e-threat is the fact that its driver component will not remain written on the disk longer than necessary,” said Catalin Cosoi, Head of the BitDefender Online Threats Lab. “Instead it will be stored into the Windows® Registry immediately after completing its task. Keeping a low profile is the name of the game Lavandos is playing.”

Shortly after infection, Backdoor.Lavandos.A will generate - for each browser found on the “hijacked” PC - a “setupapi.dll” in the installation root folder for Mozilla® Firefox®, Opera® and Internet Explorer® which will enable an easy manipulation of browser functions in order to import certificates or to accept a self-signed certificate as trusted.

Users infected with the Lavados backdoor risk disclosing sensitive information related to e-banking, as well as having their FTP accounts stolen by cyber-criminals involved in malware distribution schemes.

BitDefender customers have been protected since day zero via generic packer routines already included in the signature database. For those not protected by a BitDefender product, a free removal tool can be downloaded from the Downloads section of


To stay up-to-date on the latest e-threats, sign-up for BitDefender’s RSS feeds here.

All products and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.