Severity scale:  

Trojan-BNK.Win32.Keylogger.gen. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as Trojan-BNK.Win32.Keylogger.gen | Type: Adware

Trojan-BNK.Win32.Keylogger.gen is a dangerous infection, which takes an important role in the distribution of rogue anti-spyware and ransomware infections. Besides, sometimes it may be reported on fake alerts that belong to XP Internet Security 2010, Internet Security 2013, Win 7 Protection 2013 and similar threats. By reporting about different kinds of viruses, they typically try to scare their victims and then create a need of their removal services. These services may cost from $10 to $100 and in reality be worthless.

HOW CAN I GET INFECTED WITH Trojan-BNK.Win32.Keylogger.gen?

Trojan-BNK.Win32.Keylogger.gen attacks computers via security vulnerabilities found, so you should always have anti-virus and anti-spyware installed on your computer if you want to avoid this threat. Once computer gets infected, virus downloads malicious files that belong to more serious viruses that are used to swindle the money from users. You can get infected with rogue anti-spyware or ransomware with a help of Trojan-BNK.Win32.Keylogger.gen.

Another way, how you can run into Trojan-BNK.Win32.Keylogger.gen, involves fake notifications that also belong to rogues. They typically state that private data (passwords, credit card details, etc.) might be stolen because of this trojan. However, this warning is a total lie and Trojan-BNK.Win32.Keylogger.gen is reported only to scare you into thinking that you are dangerously infected.

HOW TO REMOVE Trojan-BNK.Win32.Keylogger.gen?

If you are infected with Trojan-BNK.Win32.Keylogger.gen or receive the pop-up ad that reports about it, concentrate on checking your PC with updated anti-spyware. If you can't launch it, follow these steps:

1. Reboot your computer to Safe Mode with Networking. Just reboot your PC and, as soon as it starts booting up, start pressing F8 repeatedly.
2. Loggin as the same user as you were in normal Windows mode
3. Now click on IE or other browser and select 'Run As' or 'Run As administrator', enter your Administrator account password (if needed).
4. Enter this link to your address bar: and download a program on your desktop. Launch it to get rid of malicious processes.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Trojan-BNK.Win32.Keylogger.gen you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Trojan-BNK.Win32.Keylogger.gen. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.
Press mentions on Reimage
Trojan-BNK.Win32.Keylogger.gen snapshot
Trojan-BNK.Win32.Keylogger.gen snapshot

Trojan-BNK.Win32.Keylogger.gen manual removal:

Delete registry values:
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand ?�?(Default)?�? = ?�?av.exe?�? /START ?�?%1? %*

HKEY_CURRENT_USERSoftwareClassessecfileshellopencommand ?�?(Default)?�? = ?�?av.exe?�? /START ?�?%1? %*

HKEY_CLASSES_ROOT.exeshellopencommand ?�?(Default)?�? = ?�?av.exe?�? /START ?�?%1? %*

HKEY_CLASSES_ROOTsecfileshellopencommand ?�?(Default)?�? = ?�?av.exe?�? /START ?�?%1? %*

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand ?�?(Default)?�? = ?�?av.exe?�? /START ?�?firefox.exe?�?

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand ?�?(Default)?�? = ?�?av.exe?�? /START ?�?firefox.exe?�? -safe-mode

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand ?�?(Default)?�? = ?�?av.exe?�? /START ?�?iexplore.exe?�?

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center ?�?AntiVirusOverride?�? = ?�?1?

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center ?�?FirewallOverride?�? = ?�?1?

Delete files:


Delete directories:
%Documents and Settings%[UserName]Application Data

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

  • Ronell

    Thank you sooo much. I was really panicking with this Trojan on my business PC. I downloaded Malware in safe mode and scanned and removed the virus. Really really appreciate your help.

  • Lags

    Hello im helping out a customer who has trojan-BMK.win32.keylogger.gen
    is blocking the connection how do I get rid of it?

  • Paula

    I would like to thank MIKE, (above) your safe mode trick worked… you saved me a bunch of money….. nice to know that there are people out there willing to help without gaining anything… thanks again!

  • Laura

    Mine was hwi.exe. I deleted all the registry keys and restarted…worked for me. Thanks a million.

  • Linda P.

    okay so I have this stupid virus that everyones talking about and unable to do anything on home computer. the pop-ups dont seem to allow me to do anything. Okay so, if I reboot computer in safe mode with networking, how do I do that? My computer goes to usual windows screen. then I should download an automatic removal tool and full full system scan. So where do I begin.

  • Jessica

    This thing wont even allow me to restore to an earlier point. It blocks me! 🙁 SO frustrating. Help!

  • Mary

    I have tried everything everyone has recommended and the virus is still there and now I keep getting message “trying to locate ip address” I cannot get online and I apparently have no connection. I have tried to do system restore, everything. I thought I deleted all the above bad register keys but nothing and now I cannot even get into register. Help please! I am ready to buy a new lap top.

  • Risk1

    I cannot begin to thank you enough MIKE!!! Computer is clean now! You saved me soooo much money. Thank you, thank you!

  • SAM

    MIKE your a genius, it was so simple. I had someone work on it for 4 hours with all kinds of useless software. I went on and fixed the problem in 5 minutes.

  • giia1979

    Mike, can not thank you enough for this fix. Hope you have a great year!

  • Makoto

    So I just got this trojan keylogger tonight 1.7.12, both my Firefox and chrome browser just shut down on its own, and that annoying popup that everybody talked about above is here, the 2012 version. Was pretty frustrated at first cuz system restore would not open up through the all programs-accessories-system tools menu,, also tried Mikes method above but to no avail. Finally I just restarted and ran windows normally, then I went into Control panels > Backup and restore > recover system settings or your computer > open system restore, then this would lead you to the system restore points, I then restored to a week ago and now everything works fine. Btw, I am running windows 7.

  • David

    This has been driving me mad and I tried so many suggestions! I eventually found a sure which advised you CAN access the internet if you right click Google Chrome and run as administrator (not sure if it workday for IE). So I got online and after a bit of trouble with pop ups managed to download Malwarebytes. Of course it would not let me install so had to go to the Downloads folder and right click on what Id just downloaded, then run as administrator and eventually got Malwarebytes installed and scanned and files deleted! So sorted! When I restarted computer in normal mode I ran Malwarebytes again and it found 2 more threats so worth running again. Good luck to everyone and thanks for those who posted suggestions 🙂

  • Eileen

    I got this virus last night at the stoke of midnight. Way to start off the New Year, right? I couldnt access the internet, my anti-virus, or Spybot. Booted into safe mode, ran my anti-virus and Spybot Search removed malware. Still got the popups and unable to access the internet. Followed Mikes advice and rebooted in safe mode. Ran System Restore and backed up two days .. PRESTO!! My computer is up and running again!! Thank you, thank you, thank you!!!! Mike, you saved me from having to go out in a snowstorm to get my laptop serviced!! Happy New Year everyone!!!!!!

  • Jad

    If you have Win7, using System Restore is by far the easiest solution to this annoying virus. Just got the virus this afternoon after surfing on – Got on my Mac, found this great forum and finally decided to try the System Restore to a point 2 days ago.

    First run, got an error – wouldnt restore; Id just installed a new monitor from Christmas, so it didnt recognize the hardware change.

    Started System Restore again, but unplugged the monitor immediately. Let restore finish, came back in 10 minutes and plugged it back in, restore worked. Had to set up monitor again, but no more virus.

  • deepsea diver 67

    Mike, easy when you know how. Thanks, it worked a treat.

  • Rob Rome

    All the methods described above will not remove the fake virus from the registry. The virus will write to a different location. Malware bytes or any other anti-virus program will not remove root kits. Deleting the keys from the registry will temporarliy remedy the problem but will not get rid of it. The fastest sure fire way to remove this virus and any other defects in your registry is to download Combofix from from another computer, save it to a flashdrive. Turn on the infected computer, hit f8 to boot in safe mode with networking. When the desktop shows up, find the flashdrive you inserted into your USB port. Double click Combofix and let it do its thing. A window should pop-up wanting to download a file from Microsoft, click yes to allow it and sit back and relax while the harmful files are removed and repaired. The process should take 10 minutes but with more severe infections it could take longer. After Combofix takes out all the rootkits, and your computer reboots, then scan with an antivirus of your choice.

  • MIkey

    I supposedly have multiple viruses on my pc, disconnected the net, restarted and ran my avast, caught 2 viruses and deleted them, then wouldnt work anymore so I ran malwarebytes and got rid of 3 more, now I cant use malware bytes, but I can get online, not sure whats next, probably gonna go buy the new norton internet security so that I can load a fresh program from an untainted source to try and ferret this little weasel out.

  • jayne

    Thanks for posting the info on this site. I ran across this for the first time today and had to end task on cio, and all the related files were cio.exe. Had to do a search through the regedit and remove all references to cio.exe and remove it from my user files. Thanks for pointing me in the right direction!

  • nikki

    didnt know what this was on my computer, im on my hubbies right now and happy i found this site. i am going to work on it later. i do not want to have to restore my whole computer, but if that what it takes i will. im going to try all the help everyone posted. thank you soo much for the time to figure this out for everyone.

  • Sean

    I got the 2012 version somehow, tried loading in safe mode and it still poped up (found this site on my phone). Had to do a restore to an earlier date in the boot log F10. hope this helps others

  • Ellen

    I simply restored my laptop back to Dec. 1st, and so far so good! Nothing is popping up. I am in the process of running a complete scan of my system though. Sure aggravates me when people have nothing more to do than mess other peoples stuff up out of meanness and spite! They need to get a life!!!

  • Linda White

    Per this website:
    Make sure that you can see hidden and operating system protected files in Windows. Go into C:Documents and Settings[UserName]Local SettingsApplication Data folder. Make sure you change user name! In the box that opens scroll down until you find the exe file. Mine was the qcg file and it has Russian words, so go figure, thats where it comes from. Change the name to virus.exe, save it, then restart your pc. After a restart, copy all the text in bold below and paste to Notepad.

    Windows Registry Editor Version 5.00

    “Content Type”=”application/x-msdownload”

    Save file as fix.reg to your Desktop. NOTE: (Save as type: All files) . Double-click on fix.reg file to run it. Click “Yes” for Registry Editor prompt window. Then click OK. Run a full system scan with your favorite antivirus program. (2 on mine did not find anything). I went back in and deleted the renamed file and it seems to be gone. Best of luck.

    6. Open Internet Explorer. Download xp_exe_fix.reg and save it to your Desktop. Double-click on xp_exe_fix.reg to run it. Click “Yes” for Registry Editor prompt window. Click OK.

  • Annie

    I am in the process of using Mikes suggestions. I booted in safe mode & the damn pop-ups started the minute I tried to open Super-anit-spyware. I Xd them out & managed to get anti-spyware going. Left & came back & more pop-ups but I can see anti-spyware running behind them! Hopefully, this will work & will do a systems restore afterwards if it will allow me! Ill be back to let you know if I succeeded. Thanks Mike & all who have left suggestions!

    Finally….anti-spyware found NOTHING. AND I could NOT run anything else or a Systems Restore! So I tried booting in safe mode again & one of the options was “Repair Computer”, so, I clicked on it! There was a list of things to do & one was Systems Restore! I had to go back to Nov.29. Now I am able to run my security! Super anti spyware found one threat & removed it. Malwarebytes found one & removed!

    Here it is the day after & everything seems fine! So if you cant do a systems restore…..try safe mode & then look at the list & click on “Computer Repair & then on systems repair….it WORKED!!!

  • Dave

    OK. I had the 2012 version and heres how I got rid of it. First, I changed my date to 2012 (Jan). That allowed me to access my system restore area. I then restored back to a pre-virus date and tat seemed to do the trick. Im now updating my anti-virus program and hope to update my malware soon. Hope that helps.

  • Nicole

    I am having the same issue with my laptop…I have Window 7 and the 2012 version of this bs has screwed everything! I cant restore, I cant even find the files listed above in the registry key. I have stopped every process that looked supicious and stil nothing! MIKE HELP!!!!! 🙁

  • deb

    so i tried everything that mike said and still…the 2012 version is continuing to pop up on my system. system restore wont allow me to go back further than the moment i was hacked. super spyware seemed to clean out everything but the trojan, i even tried stopzilla via my flashdrive and all i get is another pop up. i am currently in safe mode trying to run everything again and the little bugger is still there. i cannot even access the registry at this point. any suggestions? i am at my wits end

  • andrea

    I am in the process of using Mikes suggestions. I booted in safe mode & the damn pop-ups started the minute I tried to open Super-anit-spyware. I Xd them out & managed to get anti-spyware going. Left & came back & more pop-ups but I can see anti-spyware running behind them! Hopefully, this will work & will do a systems restore afterwards if it will allow me! Ill be back to let you know if I succeeded. Thanks Mike & all who have left suggestions!

  • efog4

    I knew it! I had soem suspitons because it wouldnt let me use the internet explorer, but if you click purchase it uses IE, so the idiots arnt that smart.

  • lou gillespie

    The same issue showed up on my pc. It says so many things are infected and gives 3 places that the file was suppose to be located. I am using XP pro. I restarted my pc in the safe mode and went to accessories, system tools, system restore and went back almost a month. after that process was completed ( my current pc protection i am using is Microsoft Security Essentials) I open that program, selected update and then a performed a full scan. The issue did not resurface and my pc is running ok. This is what worked for me, maybe it can work some one else as well. Good Luck!!

  • rodi

    Great, but you need to scan your computer with anti-spyware software what so ever, because there might be other malware installed on your computer.

  • rodi

    Reboot your computer in safe mode with networking. Download an automatic removal tool and run a full system scan.

  • guest

    hi my stupid computer is infected with this virus it wont let me go on the internet the only way i got on the internet is by deleting google chrome my favorite browser and it took me to an online survey page so i left and caame here. this freakin virus wont even let me access itunes or windows media player. i try to download this and then it says that i need to get vista 2012 security or i can continue unsupported so i click continue unsupported but then it still wont let me do anything what do i do?

  • cy

    This is frustration. I ran. Super spyware several times moore mal and spy appear vaulted removed then did system system restore worked

  • Christian C

    Hey just restore your computer back three or four days, I just did that and my virus is gone.quickest, easiest solution

  • Nice

    Ryan, good word! Changing the date/time a week forward seems to work.

  • Naxoskid

    I just successfully used Mikes method on a Win XP OS to remove the 2012 XP Anti-Spyware Virus (Trojan-BNK.win32.keylogger.den). While Restore hung up during the System Restore process on my first attempt – I did a hard boot and managed to eliminate the Trojan by selecting a restore date that was only a day old – instead of reusing my first restore date – of a week earlier.

    Thanks Mike – for the excellent restore process tip and for allowing me to deal with the Trojan virus elimination – quickly and effectively. Much appreciated.

  • Naxoskid

    I just successfully used Mikes method on a Win XP OS to remove the 2012 XP Anti-Spyware Virus (Trojan-BNK.win32.keylogger.den). While Restore hung up during the System Restore process on my first attempt – I did a hard boot and managed to eliminate the Trojan by selecting a restore date that was only a day old – instead of reusing my first restore date – of a week earlier.

    Thanks Mike – for the excellent restore process tip and for allowing me to deal with the Trojan virus elimination – quickly and effectively. Much appreciated.

  • Bunk

    I caught this nastiness May 2011. It loaded up onto my dashboard, included a popup warning in the taskbar. Dopy me, I clicked on the taskbar warning to shut it down, and you know what happened next.
    A tech friend identified it as rootkit virus. I downloaded this
    and it was remedied in a few minutes. Then I ran Malewarebytes anti-virus, vaporized 6 related downloader trojans. Hope that helps someone.

  • emily

    ryan i did the same thing and it totally work thanks alot

  • Ryan

    Oh, some info I found also was that the virus was written by advertising partners of Microsoft security. Since then they have been banned. Sounds like a deal that went south and this was written out of spite.

  • Ryan

    Just found out that if you roll your computers date and time 1 week in advance (forward) it will terminate the pop-ups and blocks. The “virus” only has a life expectancy for that time. It worked for me, let me know if it works for anyone else too.

  • Downtown Steve

    Mike, your post #9 worked wonders! Dude, you deserve a gold medal, the samaritan of the year award, and a big fat bonus check at the end of the year. Your post saved me plenty of time and money. I am no technology wiz kid, but your instructions were easy to follow and spot on. A million thanks!

  • Downtown Steve

    Deanna, I had the 2011 version too and followed the instructions Mike gave 2011-06-15 18:06:48 It worked like a charm, the dude is a god. Thanks again Mike!

  • Deanna

    How do I remove the 2012 version?

  • BJ

    Thank you SO MUCH Mike – IT WORKED. BTW, I just got this today. UGH>

  • george

    trying mikes method now to system restore in safe mode.thanks for was driving me crazy…and it worked.thanks.

  • michael

    i cant open registry thing how do i delete

  • alec B

    yay i got the freaking 2012 version
    cant do system restore
    cant do add remove programs

  • Jimbob

    Thank you so much Mike – followed your recommendations and it seemed to work. you are a life safer!

  • steve

    I deleted the above reg keys and found the file:

    C:Documents and Settings[user name]Local SettingsApplication Data BJE.EXE

    which I deleted after killing the process of the same name.

    The messages were from “XP security centre 2012”

  • Tobie

    Mike, I got this stupid virus!!! I went into safe mode to do the system restore and Im STILL getting the pop ups!!!! Any suggestions ?

  • Mike

    Update: – I got this thing again – Unbelievable! – Didnt take hours to figure out this time though. I ran super anti-spyware in safe mode and removed the problems it found but after it rebooted I was still having pop-ups as before. Tried to get to System Restore (Start>All Programs>Accessories>System Tools>System Restore) but the pop ups wouldnt let me in – the thing was blocking me from System Restore. #!*@%#! – OK so heres the way in. (I have XP but assume its the same for later versions) Turn the system off – turn it back on and hit F8 key just as its booting up. Choose regular Safe Mode (not Safe Mode w/ Internet because the keylogger will block everything if you are online). When it starts to boot up in Safe Mode a box pops up and says “Windows is running in safe mode… blah blah… If you prefer to use System Restore to restore your computer to a previous state click NO. This Is What You Want!! – Click NO button and System Restore will pop up and you can choose a previous date to boot from – the system will then do its thing and reboot from a previous checkpoint a day or whatever earlier. Abracadabra – Keylogger piece of #@%! GONE. Again – hope this helps someone – I couldnt remember how I got there before so rewrote this while it was fresh in mind. Peace All

    • Gina

      It worked!!!! Mike I think I love you ha ha!

    • Gina

      trying your solutions now and praying it works.

  • Mike

    All i did was click on one of the top links for something I had searched for on Google and BAM – it immediately shut down both browsers I had up and all hell started breaking loose – constant fake warning messages. Dont be fooled by any of them – just get rid of this thing. Its no fun thats for sure – it toys with you in various ways – hijacks your browsers – wont let you on the internet – messes with your spyware removal program etc. I spent a few hours researching and trying different things. Heres what finally worked for me – I booted up in safe Windows mode (F8 immediately at start up). I then ran Super Anti-spyware in safe mode and got rid of what it found. Malware Bytes or others are probably fine too but you have to already have 1 installed on your system – other wise good luck. Once it was removed, i was still getting some residual pop up warnings and stuff so I then I tried what I had read somewhere else and got into Backup and Restore (cant remember how I got there – sorry) and backed my computer up to 2 days before it happened. This completely got rid of the problem. I rebooted and ran Malware Bytes in regular mode and it didnt find anything so it was gone. This BNK Keylogger thing certainly proved to me that its important to have antispyware already installed before something like this happens. Both that I mentioned are free and work well. I couldnt imagine trying to install something by flash drive or whatever when the system was acting up this bad. Good Luck

  • Terry

    I did a system restore and it seems to have gone away.

  • dmill

    I have this, but its says win 7 not xp internet as Im on windows 7. When this comes up Ive clicked the x to then get to the internet page to download this but it wont let me get on to any web pages so I cannot download to get rid of this , argh help!!!

  • Mike

    i would like to know who wrote this virus so i can go find them and kick the shit out of them. the people that do this think it is funny i will show them how funny it is

  • Wagner

    Yeah, I have this problem on my main home desktop computer. However I do not quite understand what exactly I have to do to delete this dooshbag of a virus, what is it called that I have to delete. And its not a 2010 thing like yours says, it says 2011!

  • Ray

    I just had my run in with the keylogger parasite. After a lot of heartburn and fruitless efforts trying to run all my resources, I slept on it and this a.m. I went into control panel backup and restore and backed my computer to 3 days ago. Problem solved. I have downloaded a couple of other programs to help in the future.

  • Jake

    Thanks so much for this.
    Instead of av.exe, it manifested as unm.exe on machine (XP)
    I did not delete the Application Data directory.
    I rebooted in Safe Mode, zapped the registry keys listed above, but
    not all were present, and additional ones have been added.
    In regedit I looked for all keys and values containing unm.exe and deleted them.
    That worked for me. Thanks again.

  • Kimberley

    I dont know if its related but I have tried to download the link above and the download is successful but when I open the downloaded file to run the program it says application not found. This is happening with all my downloads and I cant run my antivirus, something is blocking it. Any ideas?

  • Richard

    The processfile that makes the pop-ups appear is called giy.exe. I downloaded killbox to keep it under control while I researched for more info, great little tool download on I also did a search for giy.exe and found it in the prefetch folder under windows, so that is where the giy keeps comming in. Not yet been able to track it further back and I seem unable to run Malware, not getting it to set up.

  • cw

    The above reg keys worked with the exception of frt.exe in place of av.exe
    Found file: C:Documents and SettingsRALAZARLocal SettingsApplication DataFRT.EXE which I deleted after killing the process of the same name.

    I didnt delete the folder listed above.

    The MalwareBytes download didnt work when run as a Administrator.

  • mark

    Hey billy what did you edit in the ydb.exe file?

  • Billy

    Mine was ydb.exe, had to do the reg edits before I could run the Malbytes

  • thril

    Malwarebytes will get rid of this problem

    • kyle

      okay, finally got this little sh*t

      i had to kill pdn.exe Process in task manager before i was able to access Malbytes…hope this helps someone!

    • kyle

      not if you cant connect to the internet or try to load from a memory card!

      damn thing wont even let us open the regedit command…any ideas??

  • Guest

    Hi, now Trojan-BNK.Win32.Keylogger.gen use name yiy.exe. Same location.
    Thank you for information

  • Guest

    What it what I find in the registry is different. I don't seem to find anything with av.exe” /START “%1? %*
    However AI do have qcg.exe” -a “%1″%*
    Can I delete that?

  • Guest

    I have this “thing” on my netbook and I don't know how to remove it since it won't let me use Yahoo…help PLEASE

  • Guest

    STOPzilla does NOT get rid of this!!

  • Guest

    What should I do if the trojan prevents me from accessing the internet?

    • gabby

      well if you have discs to backup or restore your files it may help because at the moment im restoring mine

  • Guest

    I just ran across that same issue, james… I thought, you want me to delete all my info??

    Let me know if you figure out how to do this

  • James

    if you were to delete %Documents and Settings%[UserName]Application Data then a lot of programs would no longer function. It is an essential folder, much like Program Files