Security experts have found a Trojan worm that steals user-banking details.

The worm plants itself in PCs via pop-up ads when a user closes the window.

The programme, named PWSteal.refest, then waits for the user to enter banking details, records them and sends them to the worm author.

Anti-virus firm Symantec has advised to do take the following steps:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Close all Internet Explorer windows.
4. Run a full system scan and delete all the files detected as PWSteal.Refest.
5. Optional: delete the value that was added to the registry.