Comments on: Trojan-BNK.Win32.Keylogger.gen

By: Kyle

Kyle — Sun, 15 Jan 2012 14:39:51 +0000

Just a lil heads up,
trojan killer can fail since it blocks programmes, and when you go into safe mode it requires internet and activation to actually remove the malware. so it’s not much of help when you most need it. But through playing in safemode, without network connection, there is something you can do that works effectively. first close the pop-ups of the remaining trash, they will only pop up like once. then launch events by ctrl-alt-del, start new task > browse > in the side window of search or in help type configuration panel – system – … – system restore. then you can finally activate it. pick a week or so behind and it will switch before this trash popped up. thats if the trojan blocked all applications including system restore from the normal mode.

By: AH

AH — Sun, 15 Jan 2012 12:59:18 +0000

Thank you Mike! We are running Vista and everything working fine now! Saved us a lot of time and money getting fixed. Thank you so much…

By: Frank

Frank — Thu, 05 Jan 2012 19:48:35 +0000

@admin
I purchased Kaspersky to keep three computers clean.
Not only does it fail miserably, three scans and more wasted time have convinced me never to renew with them again.
They do not even mention or allow a search for this virus on their website.
There goes your credibility Kaspersky, you get an “F” for customer service.

By: RLM

RLM — Wed, 04 Jan 2012 01:45:36 +0000

But how do you go to the next entry without hitting the enter key? (see codes at top) @Gianpietro Signorini

By: admin

admin — Tue, 03 Jan 2012 21:57:00 +0000

Franchise
There are 2 separate issues in your case.
1. Browser hijacking, read our walkthrough here : http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
2. Exe execution issues – you will need to fix .exe file execution in your registry, either with regedit, through control panel restoring default associations or importing correct registry

By: Franchise

Franchise — Tue, 03 Jan 2012 17:55:37 +0000

Restoring my laptop to a prior date worked. Now I am thinking I need to run / install anti-virus protection to basically scrub everything just to be safe. However, I am not able to run downloads from Microsoft security Essentials or Avast (the two anti-virus programs I was considering). I am suspcious that my problems downlading Microsoft essentials or Avast is because of a more general problem (a new problem) associated with exe files that did not exist before this virus. Two questions 1.) is there a free anti-virus program anyone would recommend that would be good after encountering this virus? 2.) is my suspicion of exe file problems common in the aftermath of this virus or am I just being paranoid?

By: Jeffrey

Jeffrey — Sun, 01 Jan 2012 23:27:57 +0000

Thanks for all the help Mike. I almost paid $200 to have the virus removed by someone and would have taken longer. Thanks! You are a lifesaver!

By: Yee Ling

Yee Ling — Sun, 01 Jan 2012 02:28:47 +0000

Okay, I just found out that keying-in the serial numbers didn’t really remove the virus. To remove the virus totally, you need to follow these 3 steps:

1) Download malwarebytes
2) Go to safe mode (Keep pressing the F8 button before windows starts up)
3) When in safe mode, right click on the malwarebytes install file and choose “run as the administrator” and install. You wont be able to update it because of the virus but perform a quick scan anyway. Delete the virus after that and it’s all done.

* I was using AVG free antivirus before all these. Somehow, after keying in the serial numbers, although my internet explorer and google chrome are finally working, my AVG cannot start up at all. The “Win 7 Antivirus 2012″ program is still there, remains as a hidden icon. There are some suspicious programs running at the same time too (eg. 321.exe and AVG tray). After performed a quick scan using Malwarebytes, I’m glad that the virus is totally removed now as I can finally opened the AVG file on my desktop again.

Good luck!

By: Shawn

Shawn — Sat, 31 Dec 2011 06:02:14 +0000

Thanks for your Help

By: Shawn

Shawn — Sat, 31 Dec 2011 06:01:44 +0000

My daughter’s NEW laptop is infected. I tried to install Trend Micro which I have used for years, but cannot get on the internet. I read #54 and tried those steps but cannot get past “System Restore” to enter date. The Win 7 Security 2012 Firewall alert keeps popping up.

By: Jeremy

Jeremy — Thu, 29 Dec 2011 03:26:42 +0000

see post #54 @Brandi

By: Jeremy

Jeremy — Thu, 29 Dec 2011 03:25:36 +0000

control panel > system and maintenance > Back up and restore > repair windows using system restore. Set date of restore back a few days before you first noticed the problem. Easiest fix available! Works on Vista. Don’t know about XP. Get your computer manual and look up system restore if you want a better explanation. I could not get restore to work in safe mode because the “virus” was blocking it, but it worked in normal operating mode. Oh ya…..disconnect from any network you are on.

By: DarkPhoenix

DarkPhoenix — Fri, 23 Dec 2011 00:34:39 +0000

Thank you for this post… It was a great help for Windows 7 with nasty critter!

By: Madashell

Madashell — Mon, 19 Dec 2011 16:56:44 +0000

I got this virus/trojan on Saturday. I think I had it for one or two days longer because my computer started getting these restart message for important updates and error messages on the same days. I have tried everything. This bastard has completely taken over my laptop and any antivirus software that I install has been taken over. Even the norton that has been on my laptop and updated to the newest version has been infected. It has infected the Adobe media player and everything else. I can’t do any thing becausE my entire computer and settings have been changed. I don’t know what to do. None of these fixes work.

By: guy spennato

guy spennato — Mon, 12 Dec 2011 15:58:29 +0000

my computer is infected

By: Mark

Mark — Sat, 10 Dec 2011 18:38:28 +0000

Mike, great post. I’m running Win7 SP1. As soon as I starting seeing the WindowsSecurity Center popups, I removed the machine from the network (to prevent talkbacks and/or furthur spread). The popup request from ‘Windows Security Center” requesting a purchase of a product that our admin group has licensed, caused me suspicion…

I booted into safe mode:

1) Used regedit to figure out the usurped startup command (I choose firefox only because it was an application that I knew had been mucked with) – HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “\Users\root\AppData\local\vfu.exe” -a “firefox.exe”.

2) Renamed the file (in /Users/root/AppData/Local) to xxx.xxx, couldn’t delete at this point.

3) Ran regedit and searched for any/all ocurrences of vfu.exe, changed those back to “%1″ %*.

4) Rebooted into safe mode again.

5) Removed /Users/root/AppData/Local/xxx.xxx.

6) Now doing full scan with SEVERAL tools, before plugging back into ANY network.

By: Ami

Ami — Thu, 08 Dec 2011 17:45:02 +0000

I did system restore to a previous date of three days, and everything seems to be going okay now. What a pain!

By: sid

sid — Sun, 04 Dec 2011 20:11:39 +0000

mike please helpe me get this of my pc trojan e mail me andexplane @Mike

By: Eric

Eric — Sun, 04 Dec 2011 00:27:23 +0000

This worked great for me as well. I’m on Windows 7 so it was a bit differently to get to the system restore (windows wanted to find and fix the problem itself but couldn’t) which I couldn’t repeat here as had to turn off and reboot a few times and have it fail doing a system “recovery” before it came to the option of me being able to do the system restore.

As a side, I got this a couple of years ago and did the whole registery edit approach. That worked but took a lot longer.

By: admin

admin — Fri, 02 Dec 2011 21:57:04 +0000

Lisa : use usb key. Also, disable proxy in your browser.