Sunday, June 19, 2011

Removal of Trojan-BNK.Win32.Keylogger.gen Issue

Trojan-BNK.Win32.Keylogger.gen is a common dump bunny for a family of fake security solutions that keeps evolving and is already known to have its forth generation released. Regardless of its generation, the family is divided into three groups according to the Windows version targeted. Members of the groups bear appropriate names, for instance, Vista Antispyware 2012 would be the name of the adware dropped into Vista system, XP Security 2012 is one of the multitude of denominations available for the adware installer selection in case of targeting XP operating system.
Vista Security 2012 is notorious for producing a popup titled Vista Antivirus 2012 Firewall Alert that refers to the above infection name. The popup also contain name of the program, in which, instead of the year of 2012 mentioned in the header, year of 2011 is mentioned, which sounds like an oversight of the swindlers that promote the counterfeit.
Anyway, to get rid of Trojan-BNK.Win32.Keylogger.gen related popup, one and same misleading informer is to be deleted, no matter how they address it. Click here to start free scan in order to remove Trojan-BNK.Win32.Keylogger.gen popup by means of deleting related adware and ensure detection and extermination of real viruses, which are actually harming your PC right now.

Trojan-BNK.Win32.Keylogger.gen popup (Firewall alert) snapshots:




Automatical remover:



Manual removal info:
Delete infected files:

C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe
C:\Users\[UserName]\AppData\Local\[SET OF RANDOM CHARACTERS]
C:\Users\[UserName]\AppData\Local\[SET OF RANDOM CHARACTERS]
C:\Users\[UserName]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS]

Delete infected registry entries:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'

3 comments:

Sally Ann Wells said...

How do we know to trust you? I downloaded AVG Free Spyware, but I can't figure out how to make it scan and clean????

Sally Ann Wells said...

I downloaded AVG Free Spyware, but can't seem to figure out how to make it sweep and remove? Any hints?

The miserable malware won't let me open my email! So I don't know how I'll see your answer?
Trojan-BNK.Win32.Keylogger.gen

Anonymous said...

I downloaded the uninstaller to a flash drive on a clean computer and took the drive to the infected computer. It said I'm running a newer version of Spyware Doctor. True, but when I run my version of SD on the infected computer, it detects no viruses, malware, etc. Help!