{"id":1363,"date":"2010-02-25T22:47:50","date_gmt":"2010-02-26T05:47:50","guid":{"rendered":"http:\/\/ariel-x.com\/blog\/?p=1363"},"modified":"2010-02-25T22:47:50","modified_gmt":"2010-02-26T05:47:50","slug":"trojan-bnk-win32-keylogger-gen","status":"publish","type":"post","link":"https:\/\/ariel-x.com\/blog\/trojan-bnk-win32-keylogger-gen\/","title":{"rendered":"Trojan-BNK.win32.keylogger.gen"},"content":{"rendered":"<p>I got a stupid Malware on my computer. I have been pretty busy and didn&#8217;t want to deal with the issue so I thought I would take my laptop down to Staples to have them fix it. They wanted $130 just to look at it and do a virus removal&#8230;eff that I said. I&#8217;ll do this shit myself.<\/p>\n<p>this particular Trojans adds a malware on your computer that pops up urgent security messages telling you your computer is infected and you need to download Vista antivirus 2010 to fix the problem and then asks you to enter you Credit Card information to pay. I&#8217;m no dummy so I knew this was a BS.<br \/>\nI didn&#8217;t pay Staples to fix my computer, rather I sat at my desk for 3 hours and did research which I will share with y&#8217;all now.<br \/>\nThe best website with instructions for manual registry removal is:<\/p>\n<p><a href=\"http:\/\/www.2-spyware.com\/remove-trojanbnk-win32-keylogger-gen.html\" target=\"_blank\">http:\/\/www.2-spyware.com\/remove-trojanbnk-win32-keylogger-gen.html<\/a><\/p>\n<p>these are the bastards you need to remove from the registry<\/p>\n<p><span style=\"font-size: 9.5pt; font-weight: bold;\">Delete registry  values:<\/span><br \/>\nHKEY_CURRENT_USER\\<a id=\"KonaLink8\" style=\"position: static; text-decoration: underline !important;\" onclick=\"adlinkMouseClick(event,this,8);\" onmouseover=\"adlinkMouseOver(event,this,8);\" onmouseout=\"adlinkMouseOut(event,this,8);\" href=\"http:\/\/www.2-spyware.com\/remove-trojanbnk-win32-keylogger-gen.html#\" target=\"_top\"><span style=\"position: static; color: blue !important; font-size: 12px; font-weight: 400;\"><span style=\"position: relative; font-family: Arial, Helvetica, sans-serif; color: blue !important; font-size: 12px; font-weight: 400;\">Software<\/span><\/span><\/a>\\Classes\\.exe\\shell\\open\\command  \u201c(Default)\u201d = \u201cav.exe\u201d \/START \u201c%1?  %*<br \/>\nHKEY_CURRENT_USER\\Software\\Classes\\secfile\\shell\\open\\command \u201c(Default)\u201d  = \u201cav.exe\u201d \/START \u201c%1? %*<br \/>\nHKEY_CLASSES_ROOT\\.exe\\shell\\open\\command  \u201c(Default)\u201d = \u201cav.exe\u201d \/START \u201c%1?  %*<br \/>\nHKEY_CLASSES_ROOT\\secfile\\shell\\open\\command \u201c(Default)\u201d = \u201cav.exe\u201d \/START  \u201c%1?  %*<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\FIREFOX.EXE\\shell\\open\\command  \u201c(Default)\u201d = \u201cav.exe\u201d \/START  \u201cfirefox.exe\u201d<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\FIREFOX.EXE\\shell\\safemode\\command  \u201c(Default)\u201d = \u201cav.exe\u201d \/START \u201cfirefox.exe\u201d  -safe-mode<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\IEXPLORE.EXE\\shell\\open\\command  \u201c(Default)\u201d = \u201cav.exe\u201d \/START  \u201ciexplore.exe\u201d<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\<a id=\"KonaLink9\" style=\"position: static; text-decoration: underline !important;\" onclick=\"adlinkMouseClick(event,this,9);\" onmouseover=\"adlinkMouseOver(event,this,9);\" onmouseout=\"adlinkMouseOut(event,this,9);\" href=\"http:\/\/www.2-spyware.com\/remove-trojanbnk-win32-keylogger-gen.html#\" target=\"_top\"><span style=\"position: static; color: blue !important; font-size: 12px; font-weight: 400;\"><span style=\"border-bottom: blue 1px solid; position: relative; background-color: transparent; font-family: Arial, Helvetica, sans-serif; color: blue !important; font-size: 12px; font-weight: 400;\">Security <\/span><span style=\"border-bottom: blue 1px solid; position: relative; background-color: transparent; font-family: Arial, Helvetica, sans-serif; color: blue !important; font-size: 12px; font-weight: 400;\">Center<\/span><\/span><\/a> \u201cAntiVirusOverride\u201d =  \u201c1?<br \/>\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center \u201cFirewallOverride\u201d  = \u201c1?<\/p>\n<p>and just incase you happen to fuck up and delete the wrong thing and you can&#8217;t open your registry (hheeh uhhhh yeah i did this) here&#8217;s a helpful tool Assuming your <a style=\"background-image: none; border-bottom: darkgreen 0.07em solid; padding-bottom: 1px !important; background-color: transparent !important; padding-left: 0px; padding-right: 0px; color: darkgreen !important; font-size: 100% !important; font-weight: normal !important; text-decoration: underline !important; padding-top: 0px;\" href=\"http:\/\/forums.techguy.org\/windows-vista\/868434-regedit-not-found.html#\" target=\"_blank\">operating system<\/a> is  Vista, try this fix: <a href=\"http:\/\/www.winhelponline.com\/fileasso\/exefix_vista.zip\" target=\"_blank\">exefix<\/a><\/p>\n<p>Save the .zip  file to your <a style=\"background-image: none; border-bottom: darkgreen 0.07em solid; padding-bottom: 1px !important; background-color: transparent !important; padding-left: 0px; padding-right: 0px; color: darkgreen !important; font-size: 100% !important; font-weight: normal !important; text-decoration: underline !important; padding-top: 0px;\" href=\"http:\/\/forums.techguy.org\/windows-vista\/868434-regedit-not-found.html#\" target=\"_blank\">desktop<\/a>. Unzip the fix  and extract the .reg file to the Desktop. Right-click the .reg file and choose  <em><strong>Merge<\/strong><\/em>. Note that you need to be an  administrator to apply this fix.<\/p>\n<p>so yeah that&#8217;s it&#8230;hope you don&#8217;t get it but if you do hope this helps.<\/p>\n<p>oh and I have many stories to tell so stay posted!!!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I got a stupid Malware on my computer. I have been pretty busy and didn&#8217;t want to deal with the issue so I thought I would take my laptop down to Staples to have them fix it. They wanted $130 just to look at it and do a virus removal&#8230;eff that I said. I&#8217;ll do [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[603,604,605],"class_list":["post-1363","post","type-post","status-publish","format-standard","hentry","category-just-a-regular-day","tag-exe-edit","tag-fix-regedit","tag-remove-trojan"],"_links":{"self":[{"href":"https:\/\/ariel-x.com\/blog\/wp-json\/wp\/v2\/posts\/1363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ariel-x.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ariel-x.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ariel-x.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ariel-x.com\/blog\/wp-json\/wp\/v2\/comments?post=1363"}],"version-history":[{"count":1,"href":"https:\/\/ariel-x.com\/blog\/wp-json\/wp\/v2\/posts\/1363\/revisions"}],"predecessor-version":[{"id":1364,"href":"https:\/\/ariel-x.com\/blog\/wp-json\/wp\/v2\/posts\/1363\/revisions\/1364"}],"wp:attachment":[{"href":"https:\/\/ariel-x.com\/blog\/wp-json\/wp\/v2\/media?parent=1363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ariel-x.com\/blog\/wp-json\/wp\/v2\/categories?post=1363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ariel-x.com\/blog\/wp-json\/wp\/v2\/tags?post=1363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}