Remove Trojan-BNK.Win32.Keylogger.gen
. Description and removal instructions

 
Title: Trojan-BNK.Win32.Keylogger.gen

Also known as: Trojan-BNK.Win32.Keylogger.gen
Type: Adware
Severity scale:Trojan-BNK.Win32.Keylogger.gen severity is 31  (31 / 100)
 
Trojan-BNK.Win32.Keylogger.gen is a dangerous infection that spreads through XP Internet Security 2010 rogue anti-spyware program. It is not a real virus and it appears only if the system is infected with XP Internet Security 2010.

Once computer is infected with this fake application and you try to browse some Internet website, XP Internet Security 2010 keeps displaying fake notifications claiming that your system is infected with Trojan-BNK.Win32.Keylogger.gen. The warning states that your private data (passwords, credit card details, etc.) might be stolen. However, this warning is a total lie. Trojan-BNK.Win32.Keylogger.gen was only designed to scare people into thinking it’s a dangerous infection. Such parasite doesn’t even exist on your computer and it is displayed just because you are infected with XP Internet Security 2010. This is the only application that must be removed.

Once you get notifications that you are infected with Trojan-BNK.Win32.Keylogger.gen, concentrate on removing XP Internet Security 2010 application.



Related files: WRblt8464P, av.exe

Trojan-BNK.Win32.Keylogger.gen properties:
• Connects itself to the internet
• Stays resident in background

Trojan-BNK.Win32.Keylogger.gen snapshot:
Trojan-BNK.Win32.Keylogger.gen removal

Automatic Trojan-BNK.Win32.Keylogger.gen removal:

remover for Trojan-BNK.Win32.Keylogger.gen

Trojan-BNK.Win32.Keylogger.gen manual removal:

Delete registry values:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?

Delete files:
av.exe WRblt8464P
Delete directories:
%Documents and Settings%\[UserName]\Application Data\

Other programs to remove Trojan-BNK.Win32.Keylogger.gen:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 03/02/10
Information updated: 27/04/10

Additional resources related to Trojan-BNK.Win32.Keylogger.gen:

Attention: If you know or you have a website or page about Trojan-BNK.Win32.Keylogger.gen
removal, feel free to add a link to this list:
add url




more resources

Post Comment:

Attention: Use this form only if you have additional information about Trojan-BNK.Win32.Keylogger.gen parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:


1. by . 2010-04-27 21:04:45
What should I do if the trojan prevents me from accessing the internet?

2. by . 2010-04-04 19:04:54
I just ran across that same issue, james... I thought, you want me to delete all my info??

Let me know if you figure out how to do this

3. by James. 2010-02-03 02:02:00
if you were to delete %Documents and Settings%[UserName]Application Data then a lot of programs would no longer function. It is an essential folder, much like Program Files


Latest spyware news:
Similar parasites: