Trojan-BNK.Win32.Keylogger.gen

.Kencs · 25 Jun 2011 at 22:38

My dad has the Trojan-BNK.Win32.Keylogger.gen virus and I cannot seem to remove the damn thing.

I have booted in to Safe Mode, ran MalwareBtyes, it found 11 objects, removed these and rebooted and STILL got the damn thing.

I am just installing Spyware Doctor to see if that helps.

I have also found online it says to remove these:

Delete registry values:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?

but these aint listed...

Can anyone help?

Macky · 25 Jun 2011 at 22:56

Backup and format?

Randomface74 · 25 Jun 2011 at 22:59

Stop installing random software - reinstall windows.

.Kencs · 25 Jun 2011 at 23:01

billysielu said:
Stop installing random software - reinstall windows.

EXACTLY what I told him, and he said he aint installed or clicked on anything. Think Il have to get him to do it though

opethdisciple · 26 Jun 2011 at 00:23

Yea, best thing to do, is a backup and then reinstall of windows.

You could download AVG free and scan with that however just to see if it will be able to remove it completly..

Duke · 26 Jun 2011 at 09:10

Install NOD32 and see if there is a boot sector virus (seen quite a few of these in the last year).

demonix · 26 Jun 2011 at 15:32

opethdisciple said:
You could download AVG free and scan with that however just to see if it will be able to remove it completly..

Yeah like that will remove anything.

Just disable system restore and scan again (it's most likely it's using that to restore itself) and don't bother turning it back on (since a large amount of malware uses it to prevent and complete removal).

Stu_Allcott · 26 Jun 2011 at 15:43

superantispyware, its free, sounds abit dodgey but its awsome

PapaLazaru · 26 Jun 2011 at 15:53

rkill then scan.

Deleted member 77746 · 26 Jun 2011 at 16:12

Macky said:
Backup and format?

billysielu said:
Stop installing random software - reinstall windows.

opethdisciple said:
Yea, best thing to do, is a backup and then reinstall of windows.

You could download AVG free and scan with that however just to see if it will be able to remove it completly..