GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

infected with Trojan - bnk.win32.keylogger.gen

View previous topic View next topic Go down

infected with Trojan - bnk.win32.keylogger.gen

Post by janlyn-79 on Sun Apr 17, 2011 10:11 pm

Hi. Approximately 5 days ago, my computer became infected with Trojan - bnk.win32.keylogger.gen. Since then, I have tried unsuccessfully to completely remove it from my computer. That is, I was able to stop the constant pop-ups telling me my machine was infected and I needed to download XP Security 2011, however, I have been unable to stop the virus from having Mozilla and Internet Explorer re-direct me to websites other than the ones I am trying to navigate to. Having said that, I will outline below the steps I have already taken to attempt to completely get rid of this virus.

(1) I initially downloaded and ran Rkill.exe.
(2) Then I downloaded Malwarebytes and SuperAntispyware and renamed each, as was suggested. I ran Malwarebytes first by performing a full system scan. It found problems and I had Malwarebytes get rid of the problems it found. I then ran SuperAntispyware, had it run a full system scan as well, and it, too, found problems, which I had SuperAntispyware get rid of. Performing these tasks seemed to get rid of the constant pop-ups telling me my machine was infected and that I needed to download XP Security 2011.
(3) I did see suggested on other posts (whereby users had also been infected with this annoying virus) that certain Trojan-BNK.Win32.Keylogger.gen registry entries and files should be removed, so I tried that, too. I did find and remove the Trojan-BNK.Win32.Keylogger.gen files that were suggested for removal, but I did not find any of the Trojan-BNK.Win32.Keylogger.gen registry entries.
(4) I have since read and re-read many of the posts I have found on the internet regarding this problem, but they basically state to follow the same (or similar) tasks for removal as mentioned above that I already performed. The only other thing I could think of to do was to re-run Rkill.exe, Malwarebytes, and SuperAntispyware, which I did. This time, Malwarebytes did not find anything, but SuperAntispyware did, so I had those files, once again, removed.

Being unsure of what else to do or try at this point, I realized that I was in need of someone with more in-depth knowledge than myself to, hopefully, once and all help solve this problem (and my fingers are crossed that someone will be able to provide some assistance before I rip the last hair on my head out). With that, I have attached the OTL results to this post. [NOTE: I did not attach the (OTL) Extras results, because although it stated that I could, it would only allow me to attach one file and not two. Hence, if you need that file (and/or any other information), please let me know]. (FYI: As stated in the user guidelines on this website, I have updated Java, Adobe Reader, and also performed a Windows Update.)

Thank you kindly in advance for any help you can offer me. I very much look forward to receiving a response.
JP

janlyn-79
Beginner
Beginner

Status :
Online
Offline

Posts : 1
Joined : 2011-04-17
OS : Windows XP Home Edition (Version 2002)

View user profile

Back to top Go down

Re: infected with Trojan - bnk.win32.keylogger.gen

Post by Belahzur on Mon Apr 18, 2011 10:39 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum