Remove Trojan-BNK.Win32.Keylogger.gen
. Removal instructions

if you were to delete %Documents and Settings%[UserName]Application Data then a lot of programs would no longer function. It is an essential folder, much like Program Files

I just ran across that same issue, james... I thought, you want me to delete all my info??

Let me know if you figure out how to do this

What should I do if the trojan prevents me from accessing the internet?

well if you have discs to backup or restore your files it may help because at the moment im restoring mine

Spyware Doctor does NOT get rid of this!!

I have this "thing" on my netbook and I don't know how to remove it since it won't let me use Yahoo...help PLEASE

Hi, now Trojan-BNK.Win32.Keylogger.gen use name yiy.exe. Same location.
Thank you for information

What it what I find in the registry is different. I don't seem to find anything with av.exe” /START “%1? %*
However AI do have qcg.exe" -a "%1"%*
Can I delete that?

Malwarebytes will get rid of this problem

not if you cant connect to the internet or try to load from a memory card!

damn thing wont even let us open the regedit command...any ideas??

okay, finally got this little sh*t

i had to kill pdn.exe Process in task manager before i was able to access Malbytes...hope this helps someone!

Mine was ydb.exe, had to do the reg edits before I could run the Malbytes

Hey billy what did you edit in the ydb.exe file?

The above reg keys worked with the exception of frt.exe in place of av.exe
Found file: C:Documents and SettingsRALAZARLocal SettingsApplication DataFRT.EXE which I deleted after killing the process of the same name.

I didnt delete the folder listed above.

The MalwareBytes download didnt work when run as a Administrator.

The processfile that makes the pop-ups appear is called giy.exe. I downloaded killbox to keep it under control while I researched for more info, great little tool download on killbox.net. I also did a search for giy.exe and found it in the prefetch folder under windows, so that is where the giy keeps comming in. Not yet been able to track it further back and I seem unable to run Malware, not getting it to set up.

I dont know if its related but I have tried to download the link above and the download is successful but when I open the downloaded file to run the program it says application not found. This is happening with all my downloads and I cant run my antivirus, something is blocking it. Any ideas?

Thanks so much for this.
Instead of av.exe, it manifested as unm.exe on machine (XP)
I did not delete the Application Data directory.
I rebooted in Safe Mode, zapped the registry keys listed above, but
not all were present, and additional ones have been added.
In regedit I looked for all keys and values containing unm.exe and deleted them.
That worked for me. Thanks again.

I just had my run in with the keylogger parasite. After a lot of heartburn and fruitless efforts trying to run all my resources, I slept on it and this a.m. I went into control panel backup and restore and backed my computer to 3 days ago. Problem solved. I have downloaded a couple of other programs to help in the future.

Yeah, I have this problem on my main home desktop computer. However I do not quite understand what exactly I have to do to delete this dooshbag of a virus, what is it called that I have to delete. And its not a 2010 thing like yours says, it says 2011!

i would like to know who wrote this virus so i can go find them and kick the shit out of them. the people that do this think it is funny i will show them how funny it is

I have this, but its says win 7 not xp internet as Im on windows 7. When this comes up Ive clicked the x to then get to the internet page to download this but it wont let me get on to any web pages so I cannot download to get rid of this , argh help!!!

I did a system restore and it seems to have gone away.

All i did was click on one of the top links for something I had searched for on Google and BAM - it immediately shut down both browsers I had up and all hell started breaking loose - constant fake warning messages. Dont be fooled by any of them - just get rid of this thing. Its no fun thats for sure - it toys with you in various ways - hijacks your browsers - wont let you on the internet - messes with your spyware removal program etc. I spent a few hours researching and trying different things. Heres what finally worked for me - I booted up in safe Windows mode (F8 immediately at start up). I then ran Super Anti-spyware in safe mode and got rid of what it found. Malware Bytes or others are probably fine too but you have to already have 1 installed on your system - other wise good luck. Once it was removed, i was still getting some residual pop up warnings and stuff so I then I tried what I had read somewhere else and got into Backup and Restore (cant remember how I got there - sorry) and backed my computer up to 2 days before it happened. This completely got rid of the problem. I rebooted and ran Malware Bytes in regular mode and it didnt find anything so it was gone. This BNK Keylogger thing certainly proved to me that its important to have antispyware already installed before something like this happens. Both that I mentioned are free and work well. I couldnt imagine trying to install something by flash drive or whatever when the system was acting up this bad. Good Luck

Update: - I got this thing again - Unbelievable! - Didnt take hours to figure out this time though. I ran super anti-spyware in safe mode and removed the problems it found but after it rebooted I was still having pop-ups as before. Tried to get to System Restore (Start>All Programs>Accessories>System Tools>System Restore) but the pop ups wouldnt let me in - the thing was blocking me from System Restore. #!*@%#! - OK so heres the way in. (I have XP but assume its the same for later versions) Turn the system off - turn it back on and hit F8 key just as its booting up. Choose regular Safe Mode (not Safe Mode w/ Internet because the keylogger will block everything if you are online). When it starts to boot up in Safe Mode a box pops up and says "Windows is running in safe mode... blah blah... If you prefer to use System Restore to restore your computer to a previous state click NO. This Is What You Want!! - Click NO button and System Restore will pop up and you can choose a previous date to boot from - the system will then do its thing and reboot from a previous checkpoint a day or whatever earlier. Abracadabra - Keylogger piece of #@%! GONE. Again - hope this helps someone - I couldnt remember how I got there before so rewrote this while it was fresh in mind. Peace All

trying your solutions now and praying it works.

It worked!!!! Mike I think I love you ha ha!

Mike, I got this stupid virus!!! I went into safe mode to do the system restore and Im STILL getting the pop ups!!!! Any suggestions ?

I deleted the above reg keys and found the file:

C:Documents and Settings[user name]Local SettingsApplication Data BJE.EXE

which I deleted after killing the process of the same name.

The messages were from "XP security centre 2012"

Thank you so much Mike - followed your recommendations and it seemed to work. you are a life safer!

yay i got the freaking 2012 version
cant do system restore
cant do add remove programs

i cant open registry thing how do i delete

trying mikes method now to system restore in safe mode.thanks for advice.it was driving me crazy...and it worked.thanks.

Thank you SO MUCH Mike - IT WORKED. BTW, I just got this today. UGH>

How do I remove the 2012 version?

Mike, your post #9 worked wonders! Dude, you deserve a gold medal, the samaritan of the year award, and a big fat bonus check at the end of the year. Your post saved me plenty of time and money. I am no technology wiz kid, but your instructions were easy to follow and spot on. A million thanks!

Deanna, I had the 2011 version too and followed the instructions Mike gave 2011-06-15 18:06:48 It worked like a charm, the dude is a god. Thanks again Mike!

Just found out that if you roll your computers date and time 1 week in advance (forward) it will terminate the pop-ups and blocks. The "virus" only has a life expectancy for that time. It worked for me, let me know if it works for anyone else too.

Oh, some info I found also was that the virus was written by advertising partners of Microsoft security. Since then they have been banned. Sounds like a deal that went south and this was written out of spite.

ryan i did the same thing and it totally work thanks alot

I caught this nastiness May 2011. It loaded up onto my dashboard, included a popup warning in the taskbar. Dopy me, I clicked on the taskbar warning to shut it down, and you know what happened next.
A tech friend identified it as rootkit virus. I downloaded this
http://support.kaspersky.com/viruses/solutions?qid=208280684
and it was remedied in a few minutes. Then I ran Malewarebytes anti-virus, vaporized 6 related downloader trojans. Hope that helps someone.

I just successfully used Mikes method on a Win XP OS to remove the 2012 XP Anti-Spyware Virus (Trojan-BNK.win32.keylogger.den). While Restore hung up during the System Restore process on my first attempt - I did a hard boot and managed to eliminate the Trojan by selecting a restore date that was only a day old - instead of reusing my first restore date - of a week earlier.

Thanks Mike - for the excellent restore process tip and for allowing me to deal with the Trojan virus elimination - quickly and effectively. Much appreciated.

I just successfully used Mikes method on a Win XP OS to remove the 2012 XP Anti-Spyware Virus (Trojan-BNK.win32.keylogger.den). While Restore hung up during the System Restore process on my first attempt - I did a hard boot and managed to eliminate the Trojan by selecting a restore date that was only a day old - instead of reusing my first restore date - of a week earlier.

Thanks Mike - for the excellent restore process tip and for allowing me to deal with the Trojan virus elimination - quickly and effectively. Much appreciated.

Ryan, good word! Changing the date/time a week forward seems to work.

Hey just restore your computer back three or four days, I just did that and my virus is gone.quickest, easiest solution

This is frustration. I ran. Super spyware several times moore mal and spy appear vaulted removed then did system system restore worked

hi my stupid computer is infected with this virus it wont let me go on the internet the only way i got on the internet is by deleting google chrome my favorite browser and it took me to an online survey page so i left and caame here. this freakin virus wont even let me access itunes or windows media player. i try to download this and then it says that i need to get vista 2012 security or i can continue unsupported so i click continue unsupported but then it still wont let me do anything what do i do?

Reboot your computer in safe mode with networking. Download an automatic removal tool and run a full system scan.

Great, but you need to scan your computer with anti-spyware software what so ever, because there might be other malware installed on your computer.

The same issue showed up on my pc. It says so many things are infected and gives 3 places that the file was suppose to be located. I am using XP pro. I restarted my pc in the safe mode and went to accessories, system tools, system restore and went back almost a month. after that process was completed ( my current pc protection i am using is Microsoft Security Essentials) I open that program, selected update and then a performed a full scan. The issue did not resurface and my pc is running ok. This is what worked for me, maybe it can work some one else as well. Good Luck!!

I knew it! I had soem suspitons because it wouldnt let me use the internet explorer, but if you click purchase it uses IE, so the idiots arnt that smart.

I am in the process of using Mikes suggestions. I booted in safe mode & the damn pop-ups started the minute I tried to open Super-anit-spyware. I Xd them out & managed to get anti-spyware going. Left & came back & more pop-ups but I can see anti-spyware running behind them! Hopefully, this will work & will do a systems restore afterwards if it will allow me! Ill be back to let you know if I succeeded. Thanks Mike & all who have left suggestions!

so i tried everything that mike said and still...the 2012 version is continuing to pop up on my system. system restore wont allow me to go back further than the moment i was hacked. super spyware seemed to clean out everything but the trojan, i even tried stopzilla via my flashdrive and all i get is another pop up. i am currently in safe mode trying to run everything again and the little bugger is still there. i cannot even access the registry at this point. any suggestions? i am at my wits end

I am having the same issue with my laptop...I have Window 7 and the 2012 version of this bs has screwed everything! I cant restore, I cant even find the files listed above in the registry key. I have stopped every process that looked supicious and stil nothing! MIKE HELP!!!!! :(

OK. I had the 2012 version and heres how I got rid of it. First, I changed my date to 2012 (Jan). That allowed me to access my system restore area. I then restored back to a pre-virus date and tat seemed to do the trick. Im now updating my anti-virus program and hope to update my malware soon. Hope that helps.

I am in the process of using Mikes suggestions. I booted in safe mode & the damn pop-ups started the minute I tried to open Super-anit-spyware. I Xd them out & managed to get anti-spyware going. Left & came back & more pop-ups but I can see anti-spyware running behind them! Hopefully, this will work & will do a systems restore afterwards if it will allow me! Ill be back to let you know if I succeeded. Thanks Mike & all who have left suggestions!

Finally....anti-spyware found NOTHING. AND I could NOT run anything else or a Systems Restore! So I tried booting in safe mode again & one of the options was "Repair Computer", so, I clicked on it! There was a list of things to do & one was Systems Restore! I had to go back to Nov.29. Now I am able to run my security! Super anti spyware found one threat & removed it. Malwarebytes found one & removed!

Here it is the day after & everything seems fine! So if you cant do a systems restore.....try safe mode & then look at the list & click on "Computer Repair & then on systems repair....it WORKED!!!

Per this website:
http://deletemalware.blogspot.com/2011/06/remove-xp-antispyware-2012-xp-internet.html
Make sure that you can see hidden and operating system protected files in Windows. Go into C:Documents and Settings[UserName]Local SettingsApplication Data folder. Make sure you change user name! In the box that opens scroll down until you find the exe file. Mine was the qcg file and it has Russian words, so go figure, thats where it comes from. Change the name to virus.exe, save it, then restart your pc. After a restart, copy all the text in bold below and paste to Notepad.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT.exe]
@="exefile"
"Content Type"="application/x-msdownload"

Save file as fix.reg to your Desktop. NOTE: (Save as type: All files) . Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK. Run a full system scan with your favorite antivirus program. (2 on mine did not find anything). I went back in and deleted the renamed file and it seems to be gone. Best of luck.

6. Open Internet Explorer. Download xp_exe_fix.reg and save it to your Desktop. Double-click on xp_exe_fix.reg to run it. Click "Yes" for Registry Editor prompt window. Click OK.

I simply restored my laptop back to Dec. 1st, and so far so good! Nothing is popping up. I am in the process of running a complete scan of my system though. Sure aggravates me when people have nothing more to do than mess other peoples stuff up out of meanness and spite! They need to get a life!!!

I got the 2012 version somehow, tried loading in safe mode and it still poped up (found this site on my phone). Had to do a restore to an earlier date in the boot log F10. hope this helps others

didnt know what this was on my computer, im on my hubbies right now and happy i found this site. i am going to work on it later. i do not want to have to restore my whole computer, but if that what it takes i will. im going to try all the help everyone posted. thank you soo much for the time to figure this out for everyone.

Thanks for posting the info on this site. I ran across this for the first time today and had to end task on cio, and all the related files were cio.exe. Had to do a search through the regedit and remove all references to cio.exe and remove it from my user files. Thanks for pointing me in the right direction!

I supposedly have multiple viruses on my pc, disconnected the net, restarted and ran my avast, caught 2 viruses and deleted them, then wouldnt work anymore so I ran malwarebytes and got rid of 3 more, now I cant use malware bytes, but I can get online, not sure whats next, probably gonna go buy the new norton internet security so that I can load a fresh program from an untainted source to try and ferret this little weasel out.

All the methods described above will not remove the fake virus from the registry. The virus will write to a different location. Malware bytes or any other anti-virus program will not remove root kits. Deleting the keys from the registry will temporarliy remedy the problem but will not get rid of it. The fastest sure fire way to remove this virus and any other defects in your registry is to download Combofix from bleepingcomputer.com from another computer, save it to a flashdrive. Turn on the infected computer, hit f8 to boot in safe mode with networking. When the desktop shows up, find the flashdrive you inserted into your USB port. Double click Combofix and let it do its thing. A window should pop-up wanting to download a file from Microsoft, click yes to allow it and sit back and relax while the harmful files are removed and repaired. The process should take 10 minutes but with more severe infections it could take longer. After Combofix takes out all the rootkits, and your computer reboots, then scan with an antivirus of your choice.

Mike, easy when you know how. Thanks, it worked a treat.

If you have Win7, using System Restore is by far the easiest solution to this annoying virus. Just got the virus this afternoon after surfing on Shorpy.com - Got on my Mac, found this great forum and finally decided to try the System Restore to a point 2 days ago.

First run, got an error - wouldnt restore; Id just installed a new monitor from Christmas, so it didnt recognize the hardware change.

Started System Restore again, but unplugged the monitor immediately. Let restore finish, came back in 10 minutes and plugged it back in, restore worked. Had to set up monitor again, but no more virus.

I got this virus last night at the stoke of midnight. Way to start off the New Year, right? I couldnt access the internet, my anti-virus, or Spybot. Booted into safe mode, ran my anti-virus and Spybot Search removed malware. Still got the popups and unable to access the internet. Followed Mikes advice and rebooted in safe mode. Ran System Restore and backed up two days .. PRESTO!! My computer is up and running again!! Thank you, thank you, thank you!!!! Mike, you saved me from having to go out in a snowstorm to get my laptop serviced!! Happy New Year everyone!!!!!!

This has been driving me mad and I tried so many suggestions! I eventually found a sure which advised you CAN access the internet if you right click Google Chrome and run as administrator (not sure if it workday for IE). So I got online and after a bit of trouble with pop ups managed to download Malwarebytes. Of course it would not let me install so had to go to the Downloads folder and right click on what Id just downloaded, then run as administrator and eventually got Malwarebytes installed and scanned and files deleted! So sorted! When I restarted computer in normal mode I ran Malwarebytes again and it found 2 more threats so worth running again. Good luck to everyone and thanks for those who posted suggestions :)

So I just got this trojan keylogger tonight 1.7.12, both my Firefox and chrome browser just shut down on its own, and that annoying popup that everybody talked about above is here, the 2012 version. Was pretty frustrated at first cuz system restore would not open up through the all programs-accessories-system tools menu,, also tried Mikes method above but to no avail. Finally I just restarted and ran windows normally, then I went into Control panels > Backup and restore > recover system settings or your computer > open system restore, then this would lead you to the system restore points, I then restored to a week ago and now everything works fine. Btw, I am running windows 7.

Mike, can not thank you enough for this fix. Hope you have a great year!

Thanks Mike :)

MIKE your a genius, it was so simple. I had someone work on it for 4 hours with all kinds of useless software. I went on and fixed the problem in 5 minutes.

I cannot begin to thank you enough MIKE!!! Computer is clean now! You saved me soooo much money. Thank you, thank you!

I have tried everything everyone has recommended and the virus is still there and now I keep getting message "trying to locate ip address" I cannot get online and I apparently have no connection. I have tried to do system restore, everything. I thought I deleted all the above bad register keys but nothing and now I cannot even get into register. Help please! I am ready to buy a new lap top.

This thing wont even allow me to restore to an earlier point. It blocks me! :( SO frustrating. Help!

okay so I have this stupid virus that everyones talking about and unable to do anything on home computer. the pop-ups dont seem to allow me to do anything. Okay so, if I reboot computer in safe mode with networking, how do I do that? My computer goes to usual windows screen. then I should download an automatic removal tool and full full system scan. So where do I begin.