Over 1 million tech questions and answers.

Windows 64bit - Virus.Win32.FileInfector.gen / Trojan.KeyLogger.origin

Q: Windows 64bit - Virus.Win32.FileInfector.gen / Trojan.KeyLogger.origin

My thread was closed and I was told to follow the new instructions which I had read already. I am using Windows Vista 64bit and DDS is not compatible with this OS. I did a GMER scan only being able to select the three default options and results turned up with zero results and no log.

Here is the original message for review unless there is another set of instructions for 64bit users.

I have been testing a small application called Alpha Blender which enables me to set windows transparency case to case. I originally did a single file scan on Bit Defender and Kaspersky and both came up with clean results. However, I just used TotalVirus file scanner and it came up with the results below:

http://www.virustotal.com/analisis/6...994-1243064377

Do these results mean that I do in fact have a keylogger on my system tracking my strokes? I am using BlackViper tweaks minimum config so I know it may have helped. Just need insight on weather or not my passwords may be compromised.

I have attached an HT log for review. If any more information is needed I can help.

RELEVANCY SCORE 200
Preferred Solution: Windows 64bit - Virus.Win32.FileInfector.gen / Trojan.KeyLogger.origin

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Windows 64bit - Virus.Win32.FileInfector.gen / Trojan.KeyLogger.origin

Hi,

Quote:




Do these results mean that I do in fact have a keylogger on my system




No, not necessarily.

Programs, often do not produce the desired results on 64 bit systems.

Lets do a couple of scans to make sure you are clean.


Please do the following:


As a Vista user I will require that all the programs I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programs may fail to operate correctly


Download OTS**to your DesktopClose ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Check the box that says 64 bit
Under Additional Scans check the following:File - Lop Check
File - Purity Scan
Evnt - EvtViewer (last 10)

Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.


NEXT

Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Read other 4 answers
RELEVANCY SCORE 84.4

I have been testing a small application called Alpha Blender which enables me to set windows transparency case to case. I originally did a single file scan on Bit Defender and Kaspersky and both came up with clean results. However, I just used TotalVirus file scanner and it came up with the results below:

http://www.virustotal.com/analisis/6...994-1243064377

Do these results mean that I do in fact have a keylogger on my system tracking my strokes? I am using BlackViper tweaks minimum config so I know it may have helped. Just need insight on weather or not my passwords may be compromised.

I have attached a HT log for review. If any more information is needed I can help.

A:Virus.Win32.FileInfector.gen (suspicious) - Packed/ExeStealth

Hello

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 78.4

Hi,It seems that I have trojan activity on my home pc.I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs, Malwarebytes, CCleaner, Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it, so I'm hoping you may have the time to help?What I have noticed is that I only get these warnings when I am logged into my user profile, not as administrator or as another user on the pc. I also get no warnings when running in safe mode.I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C:\Users\Guy\AppsData\Local\Temp\tt991.tmp.vbs. The numbers/letters after the tt (in this case 991) change each time I log in. It also states Malware Name: VBS:Malware-gen, Malware Type: Virus/Worm, VBS verison 080805-0,08/05/08 which I try and delete from the warning box.I then am greeted with a windows script host message box that will say the above file (tt991.tmp.vbs) failed (Access Denied).I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans. These have been:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan... Read more

A:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Ado... Read more

Read other 5 answers
RELEVANCY SCORE 73.6

I am running vista. I tried to run the dds as instructed but vista does not seem to support it. I have a HJT log. Please someone help.


Logfile of HijackThis v1.99.1
Scan saved at 12:27:02 PM, on 9/3/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\lisa causey\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
... Read more

Read other answers
RELEVANCY SCORE 71.2

Thunder, I ALSO have a virus that pops up and says Windows Security Alert and trojan-spy.win32.keylogger.aa or trojan-spy.win32.bankfraud.aa and a few others. The only thing it lets you click on is enable protection. That screen then takes you to a site that offers some virus removal software. I'm not sure if I should be doing the same instructions that where given to hawks32 on August 24th 2008 under the same title but I have cleared my caches and temp files and generated my logs :Thank you in advance for any help!-HIJACKTHIS:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:02:49 PM, on 9/2/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS ... Read more

A:Windows Security Alert And Trojan-spy.win32.keylogger.aa

Hello and welcome to BC...Please download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

Read other 13 answers
RELEVANCY SCORE 71.2

I have a virus that pops up and says Windows Security Alert and trojan-spy.win32.keylogger.aa or trojan-spy.win32.bankfraud.aa and a few others. The only thing it lets you click on is enable protection. That screen then takes you to a site that offers some virus removal software. Please help!Here is my hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:30:48 PM, on 8/24/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Lexmark 1300 Series\lxdcamon.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\knwbwdar.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDO... Read more

A:Windows Security Alert And Trojan-spy.win32.keylogger.aa

Hello Hawks32 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

Read other 7 answers
RELEVANCY SCORE 71.2

I have the same problem that hawks32 had on August 25th but mine started showing up yesterday on a fake Windows Alert for Trojan-Spy.Win32.Keylogger.aa. I know it is fake by the block and unblock were grayed out ... Now how do I get rid of this??? ...

I have systematically been trying to fix this box since the 25th that started with the joke.blushod. I have downloaded and researched everything to get rid of the first one including malware. It did get rid of it at first then showed back up yesterday with a lot more.

I ended up buying Kaspersky Internet 2009 ... got rid of some of the problem. Then Spyware Detector got rid of some more. The windows XP automatic update is failing due to requesting MicroSoft Professional location for FrontPage even though this is Windows XP Home Edition.

I then ran sdfix (which finally grabbed the identified .exe for joke.blushod and deleted. I then ran combofix. But after combofix ran norton did not come back even after a reboot though Kaspersky's is back up. I don't know how to interpret the combofix log and since the fake windows alert is still happening and the windows updater won't work I am assuming that I cleaned up more ... but still not all.
I would appreciate any help I can get to fix this issue as one of the windows updates was to fix a security breach.

Please help as I know this box is infected with more and I have three other computers on this home network and want to protect them !!!!

A:Windows Security Alert - Trojan-spy.win32.keylogger.aa

Block and unblock were grayed out on what? Kaspersky virus warning?I have systematically been trying to fix this box since the 25th that started with the joke.blushod. I have downloaded and researched everything to get rid of the first one including malware. It did get rid of it at first then showed back up yesterday with a lot more.Would like a little more data here. What programs did you download and run to try and get rid of the joke BSOD?I then ran combofix. But after combofix ran norton did not come back even after a reboot though Kaspersky's is back up. I don't know how to interpret the combofix log and since the fake windows alert is still happening and the windows updater won't work I am assuming that I cleaned up more ... but still not all.Running combofix without experience with it is VERY dangerous to your system. There is a warning at the top of your post in big bright blue letters:When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.AND FINALLY, to get rid of the win32.keylogger.aa, try this:1. Download Malwarebytes? Anti-Malware (mbam-setup.exe) and save it on your Desktop.2. After downloading, double-click on mbam-setup.exe to install the application.3. Follow the prompts and install.4. Before the installation completes, che... Read more

Read other 4 answers
RELEVANCY SCORE 71.2

I have a Windows Security Alert box pop up every time I use the internet and randomly while I'm on the web. It always says something about a Trojan-spy.win32.keylogger.aa or Trojan-spy.win32.bankfraud.aa, the only option it gives is to "enable protection." But that only takes you to a website to download a fake anti-spy program. Anyone know how to get this off?

A:Windows Security Alert - Trojan-spy.win32.keylogger.aa

Hi hawks32,Two things: First, the infection Trojan-spy.win32.keylogger.aa is a key logger. It looks for certain keystrokes and the emails them to its originator. It is designed to look for financial information. If you do on-line banking, or other financial transactions on this computer, please contact those institutions immediately and check to see if your accounts have been compromised. Here is the write up I found via Google : Trojan-Spy.Win32.KeyLogger.aaSecond, I noticed you have an open HJT log. you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally... Read more

Read other 1 answers
RELEVANCY SCORE 67.6

Im sorry if this is in the wrong section, but the HJT log section is inactive.

I have been having security issues on my computer and had a few of my accounts compromised. Im trying to work with what i've got and not have to RESTORE my PC completely, seeing as i don't have a vista disc.

I have cleaned all Temp folders, uninstalled java, quicktime, itunes ETC..
ran SpybotSD found only a few browser cookies. Could these contain Keyloggers?

If anyone can take a look at my logs and let me know if you see anything suspicious, it would be much appreciated.

Thanks in advance for the assistance. Again sorry if this is in the wrong section.


Quote:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:45 AM, on 12/31/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
C:\Program Files (x86)\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\NETGEAR\WN111\WPS_WN111.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Star... Read more

A:Possible TROJAN/Keylogger 64bit Vista

bump

Read other 1 answers
RELEVANCY SCORE 66.8

After start the laptop, (hidden) host.exe is consuming a lot of resources until crash. I can see and kill it with procesexplorer from Sysinternals.
I can't activate Windows Firewall, Malwarebytes show an error at coomputer start up and more...

When I start GMER it shows an error, it is attached.

Here the logs of DDS and GMER:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by sebastian at 16:41:18 on 2012-03-19
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.54.1033.18.2925.1107 [GMT -3:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.ex... Read more

A:trojan-Dropper.win32.injector.ciwr | trojan.win32.agent2.faav | Virus.Win32.ZAccess.q

Hello sebamobile, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.

Read other 14 answers
RELEVANCY SCORE 64.4

Saturday, the kids were playing a game on Facebook on my laptop and got the Windows 2012 Security Virus (Trojan-BNK.WIN32.keylogger.gen). This virus would also block from using any web browser
I have an IBM Thinkpad, not sure what model but its old enough it came with restore disks that I no longer have.
I went into safe mode and ran Malwarebytes and it found 33 some and I removed them. Rebooted and it seems to be gone but I still can not access the internet. The virus happened thru FireFox web browser and that browser seems to be completely corrupted. I have tried to uninstall it but when I click remove the window blinks and that is all.
Internet Explorer tells me it cannot access the internet but windows updates and my antivirus and Malware is accessing the internet just fine so it seems web browsers are effected. I put Avast on there and ran it and it found nothing.
Any ideas?

A:Trojan-BNK.WIN32.keylogger.gen

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware,... Read more

Read other 8 answers
RELEVANCY SCORE 64.4

I got to bleepincomputer.com/forums/topic302533.html through internet search leading to community.mcafee.com/thread/35859.
My computer was infected with the Trojan and no browser would run. Opera, IE, google chrome all were rendered useless. At first I was doubtful that solution for removal posted by a guy "boopme" on 14th March 2010 would not solve and might be just fake or outdated. With no options, I followed it. Downloaded the two files rkill and MBAM on a separate laptop. copied it on the infected machine, ran it, and bingo, it was cured!!! Man, I am so grateful to these guys. Don't know how to thank them enough.

A:trojan-bnk.win32.keylogger.gen

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/408651 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

Read other 2 answers
RELEVANCY SCORE 64.4

I too have been infected with this and maybe more. I ran Malwarebytes on the infected computer and after a resart I could not open any program without being prompted to find a program to open it with, I'm thinking I must have deleted some important .exe files so I rolled back my computer status to earlier in the day before I used Malwarebytes and did another scan. Can someone please help, I'm not a tech saavy guy but I can follow instructions if someone can help?

A:Trojan-BNK.Win32.Keylogger and more

Hello,I split you to your own topic.After rolling back can you open programs if so do this.What is your operating system?Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Did MBAM find anything? post that log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 8 answers
RELEVANCY SCORE 64.4

I had someone use my computer and they went onto a game site yahoo pogo games... now I have this virus. a window pops up saying I need to purchase some win7 program to remove the virus. The person using my computer was my girlfriend and we have since broke up so she won't be on my machine anymore. Also what is your recommended virus protection software that I can purchase. Can you please help me to get rid of all of this for the final time.

Sorry forot to attach my results

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by barbara at 7:41:53 on 2012-01-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2112 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceN... Read more

A:trojan BNK win32 keylogger.gen - Please help

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Ad-Watch and AVG. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------

As far as a purchased AV, you can't go wrong with ESET's NOD32 or Smart Security:

Best Free Antivirus: ESET! Try free antivirus programs for 30 days.

I use it, and love it.

------------------------------------------------------

Please download ComboFix and Save it to your ... Read more

Read other 17 answers
RELEVANCY SCORE 64.4

I've been following the threads for topic #30253 to remove this from my computer and I saw that the removal log was requested. Here is my log, can you help me get rid of this difficult virus?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8393

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/18/2011 2:10:34 PM
mbam-log-2011-12-18 (14-10-34).txt

Scan type: Quick scan
Objects scanned: 191589
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 146
Registry Values Infected: 11
Registry Data Items Infected: 0
Folders Infected: 17
Files Infected: 73

Memory Processes Infected:
c:\program files (x86)\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 4552 -> Unloaded process successfully.

Memory Modules Infected:
c:\program files (x86)\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\livingplay\lplaytl.dll (PUP.LivingPlay) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows&... Read more

A:Trojan-BNK.Win32.Keylogger

Hello Christo23I split you to your own topic here,You needed to reboot if you did not.Please run these nextPlease download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to u... Read more

Read other 3 answers
RELEVANCY SCORE 64.4

Hi,
My kids laptop is infected with a virus. When i turn it on a screen pops up and says "Win 7 Internet Security 2012 has blocked a program from accessing the internet.

The program is Trojan-BNK.win32. keylogger .gen. If I keep the computer on, additional pop ups will continue telling me that the computer is infected, etc. It is urging me to click on a yes box to fix the problem.

The latop is a Toshiba, 64 bit and is running Windows 7 Professional.

Per the intructions, please find the DDS.txt file below and the Attach.txt zip file.

--------------------------------------------------------------------------

.
DDS (Ver_2011-06-23.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by stewart at 19:50:11 on 2011-06-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2765 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k ... Read more

A:Trojan BNK.win32.keylogger.gen

Hi,

Please do the following

Refer to the ComboFix User's Guide
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

Read other 9 answers
RELEVANCY SCORE 64.4

Hello, I'm new to this forum, so I hope I'm posting in the correct area. I started receiving the Vista Antivirus 2012 popups and the computer stating I have the above virus. In researching, I found a post on removing this virus using FixExe and mbam-setup. I downloaded both onto my external hard drive, rand the fixege to register, however when I click run on the mbam-setup...nothing happens. I'm not sure how much more information you need, but I need HELP PLEASE. Any assistance will be greatly appreciated. Thanx in advance.

A:Trojan-BNK.Win32-Keylogger.gen

Hello let's try again with these instructions. We also need to run this.. FixNCR.regPlease follow our Removal Guide here Vista Security 2011 .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 3 answers
RELEVANCY SCORE 64.4

I read the previous topic on this subject, but I'm still stuck on how to proceed. My work laptop is infected and I can't get/go anywhere on it to even download the RKill. I am writing this from my home desktop. I have my laptop here as well. I know there must be a way to interrupt the boot up process to get to IE to then be able to access the internet. I just don't know how to do that. Thanks for help.

A:Trojan-BNK.Win32.Keylogger.gen

Welcome aboard Use the desktop to download necessary files and transfer them to the laptop using USB flash drive.Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. ... Read more

Read other 1 answers
RELEVANCY SCORE 64.4

Hi - New to site so appreciate any help.
run xp with windows 7 and firefox

Ran rkill then malwarebytes then rkill then superantispyware and seem to be fine except for a balloon
that pops up every 10 secs that says "successfully blocked access to a potentially malicious website" with a ip address that changes each time. Also says "type: outgoing"

Any help would be appreciated.

Paradude

A:trojan-bnk.win32.keylogger.gen

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 64.4

Hello infected by Trojan-BNK.Win32-Keylogger.gen
Followed instructions on previous thread and tried RKILL, MBAM,ATF and SAS. Latest MBAM and SAS logs below. I still can't start interent explorer. It tries to associate internet explorer to exe, but never runs is. Also my Macfee anti virus icon does not come ON when I power up my laptop. Please help. Without am IE right now. Appreciate teh help. Merry Christmas

MBAM LOG 1
****************

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122405

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/24/2011 11:31:27 PM
mbam-log-2011-12-24 (23-31-27).txt

Scan type: Quick scan
Objects scanned: 206827
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\Users\AppData\Local\usy.exe (Trojan.FakeAV) -> 2400 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\AppData\Local\usy.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users�... Read more

A:Trojan-BNK.Win32-Keylogger.gen

Was able to get the IE up and running but it is very slow
Used another tool to scan. Showing TRACUR TROJAN. Please help with slow speed of IE

Exterminate It! Antimalware 2.04
Database: 12/22/2011 (500830 signatures) (core load failed)
www.exterminate-it.com

System Information:

Windows: 6.1.7601 Service Pack 1
Internet Explorer: 8.0.7601.17514

Scan Type: Smart Scan

Scan Log:

08:59:08.756 Start Scan
09:00:13.468 Found Zugo Adware HKEY_CURRENT_USER\Software\Zugo
09:00:13.468 Found Zugo Adware HKEY_CURRENT_USER\Software\Zugo\Toolbars
09:00:13.469 Found Zugo Adware HKEY_CURRENT_USER\Software\Zugo\Toolbars\IE
09:00:51.300 Found Tracur Trojan C:\Windows\system32\custmon32.dll
09:01:29.275 Found Agent Backdoor, Trojan C:\Users\ctsuser1\AppData\Local\Temp\RarSFX0\winlogon.exe
09:01:32.844 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}
09:01:32.844 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\ProxyStubClsid
09:01:32.845 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\ProxyStubClsid32
09:01:32.845 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\TypeLib
09:01:32.851 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D... Read more

Read other 6 answers
RELEVANCY SCORE 64.4

I run McAfee Total Protection software. It has been active and regular scans and updates are automatic. Nevertheless Trojan-BNK.Win32.Keylogger.gen has infected my computer. McAfee full scan finds no problem. McAfee tech support refuses to remove the infection without a fee. It seems to me that if they know how to fix the problem, then they are aware of the threat. If they are aware of the threat, why does their "Total Protection" software pass it on to my computer? The answer seems obvious to me. It creates a revenue flow for their tech support department.

I have two issues:

1. How may I clean my computer?

2. I am in the market for an effective program that will prevent future infections. Is there such a program?

Read other answers
RELEVANCY SCORE 64.4

I am having pop ups every so often that say I have on these viruses, mixing it up every time. Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.Keylogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqI followed the advice that was given to user mhill8888 on 19 August 2008 and I am still seeing the popups. I have run and updated MalwareBytes. I have run my system in safe mode and run ATF-Cleaner and SUPERAntiSpyware but I just got another pop-up. Here is my scanner log that I just received after running SUPER:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 09/06/2008 at 02:48 PMApplication Version : 4.21.1004Core Rules Database Version : 3558Trace Rules Database Version: 1546Scan type : Complete ScanTotal Scan Time : 01:51:23Memory items scanned : 253Memory threats detected : 0Registry items scanned : 5768Registry threats detected : 4File items scanned : 29114File threats detected : 95Trojan.Dropper/Gen [ComCfgWin] C:\WINDOWS\SYSTEM32\WJIHUZSB.EXE C:\WINDOWS\SYSTEM32\WJIHUZSB.EXE [smartinfo] C:\WINDOWS\SYSTEM32\RCFEBMZI.EXE C:\WINDOWS\SYSTEM32\RCFEBMZI.EXE C:\WINDOWS\SYSTEM32\DORIFQTI.EXEAdware.SpywareStrike C:\Program Files\SpywareStrikeAdware.WhenU C:\Program Files\Save C:\Program Files\Common Files\WhenUAdware.MovieLand/MediaPipe C:\Program Files\ItBill C:\Program F... Read more

A:Trojan-spy.win32.keylogger.aa

I ran Malware again and here are the results:

Malwarebytes' Anti-Malware 1.26
Database version: 1120
Windows 5.1.2600 Service Pack 2

9/6/2008 4:55:53 PM
mbam-log-2008-09-06 (16-55-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201178
Time elapsed: 49 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Read other 6 answers
RELEVANCY SCORE 64.4

Many popups. Has taken over Windows explorer when not in safe mode. Blocks me downloading malware removal tools, etc... Doesn't appear as its own name in registry. Could be disguised.

So how do I remove if I can't shut down its activity and I can't access the internet for malware removal tools?

See below HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:01 PM, on 4/29/2011
Platform: Windows XP SP3 (WinNT
5.01.2600)
MSIE: Internet Explorer v8.00
(8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common
Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe
C:\Program
Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common
Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common
Files\Intuit\Update
Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program
Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Microsoft\Search
Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Progr... Read more

Read other answers
RELEVANCY SCORE 64.4

I'm using this how-to page to remove the virus (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010), but I'm a bit stuck at this one step. I put all the necessary files onto my USB and plugged it into the infected computer. I opened up My Computer and saw my USB. I click on it and luckily I see both files (Malwarebytes setup and the reg files). As per the instructions, I double-clicked the FixExe.reg files and clicked "Yes." The instructions say I should be able to now download Malwarebytes. I double-click mbam-setup, but... nothing happens or pops up. No installation wizard or anything like that. I'm not sure what to do now. As you can tell, I'm a bit of a noob when it comes to this kind of stuff. Help would be greatly appreciated! Thanks! Oh, and I use Windows XP if that's any help. If you need me to provide any more information that would help you figure out my predicament, I'll gladly cooperate.

Read other answers
RELEVANCY SCORE 64.4

Every 5 minutes or so a box pops up on my screen saying I have a security breech. The box says that I have one of these viruses, mixing it up every time.

Trojan-Clicker.Win32.Tiny.h
Trojan-Downloader.Win32.Agent.bq
Trojan-Spy.Win32.KeyLogger.aa
Trojan-Spy.Win32.GreenScreen
Trojan-Spy.HTML.Bankfraud.dq

i have run MalwareBytes and simply can't get rid of this.

The only option these windows security alert message boxes give me is 'Enable Protection' which takes me to www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.

Any help would be greatly appreciated.

A:Trojan-spy.win32.keylogger.aa

Update and run Malwarebytes again and then post the log.

Read other 6 answers
RELEVANCY SCORE 64.4

Hi, my computer is infected with this virus. A pop up window came out. It says:

Win7 Security 2012 Alert
Win 7 Security 2012 has blocked a program from accessing the
Internet

This Program is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and
passwords.

Name: McAfee Security Center
Location: C:/Program Files/McAfee.com/Agent/mcagent.exe
Company: McAfee, Inc.
Version: 11.0.644.0

Windows recommend Activate Win 7 Security 2012
Click "Yes, Activate..." to register your copy of Win 7 Security 2012 and perform threat
removal on your system.

Yes, activate Win 7 Security 2012 (Recommended)
click here to activate and remove all infections

No, Continue Unprotected (Dangerous)
Click here to continue unprotected

That is all the pop window.
The computer was started in safe mode and a full scan with McAfee was done it did not encounter any problems.
Computer was shut down and restarted in normal mode and a whole bunch of windows started popping out. Dont remember exactly what it said just something
regarding the hard drive.
Shut down computer again and restarted in safe mode using f8. Same pop up window described above showed up.
All programs in the computer seem to be gone. All icons on the desktop are gone except recycle bin and McAfee icons.

These are all the details, I dont know much about computers, just very basic staff. PLEASE HELP!!
THANKS

A:Trojan-BNK.Win32.Keylogger.gen

Welcome aboard Start with this guide: http://www.bleepingcomputer.com/virus-removal/remove-win-7-security-2012

Read other 1 answers
RELEVANCY SCORE 64.4

Somehow this has appeared on my computer, a pop up keeps blocking my activity. It is sooooo annoying, can anyone help?

A:Trojan-BNK.Win32-Keylogger.gen

Hello and welcome. Let's try this..Run RKill....Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way as the malware programs will start again.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both o... Read more

Read other 13 answers
RELEVANCY SCORE 64.4

Safe Mode also blocked by Error message
STOP:0x00000007B (0xF89D5528,0x0000034,0x00000000,0x00000000)
Sorry if I previously posted out of line
Explorer will not connect. I can start Windows Normally but
Ran RKill from USB drive. Have log. Attempt to download MBam and run from E drive not successful. CCleaner also failed.
Need to clean this oldy but goody up.

A:Trojan-BNK.Win32.Keylogger.gen

Sorry if I previously posted out of line.
 
Don't worry, not need to say sorry. It just wasn't clear to us you had an infected machine.

Read other 2 answers
RELEVANCY SCORE 64.4

I had the virus like 30 minutes ago and i used malwarebytes to remove but im not sure if its gone.

A:trojan-bnk.win32-keylogger.gen

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The ... Read more

Read other 17 answers
RELEVANCY SCORE 64.4

I have just used spyware doctor to remove "Trojan-BNK.Win32.Keylogger.gen"
it found and removed it!!!
...But now my problem is that every file (.exe program) Tht i try to open, asks me to select the program from the list or use the internet to search for the the extension!!
I think when i removed the trojan, that it did something with the registry so im guessing that could be the problem.
I havnt done anything else because I know ill proberbly mess things up!

Any solutions on how to get eveyr program to open itself without asking?

thanks

A:Trojan-BNK.Win32.Keylogger.gen

this has to be the fastest fix ive ever done byself ever.....To fix this I searched up in google and came across this website:http://www.virusremovalguru.com/?p=5528thats related to my issue, and someone commented this:Here?s what worked for me ? I pasted this text onto the notepad application:Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\Software\Classes\.exe][-HKEY_CURRENT_USER\Software\Classes\secfile][-HKEY_CLASSES_ROOT\secfile][-HKEY_CLASSES_ROOT\.exe\shell\open\command][HKEY_CLASSES_ROOT\.exe]@=?exefile??Content Type?=?application/x-msdownload?Then I saved it to my desktop naming it fix.regI then opened up the newly made .reg file and clicked yes when prompted whether or not I wanted to update my registry with the newly modified information.I then restarted my computer and installed Malwarebytes anti-malware and did the update as well. Once installed, I ran a quick scan which found 11 viruses which I then subsequently removed.What the above .reg file did was neutralize the virus? crippling effect of preventing me from installing or even using Malewarebytes or any other anti-virus program which I had running at the time (Avira).Once restarted and sufficiently neutralized, the virus was powerless against Malwarebytes.Problem solved. Done and done.==================================So baisically the reg he made worked for me too!!!:D

Read other 3 answers
RELEVANCY SCORE 64.4

help, please my son's laptop has vista screaming trojans! of all kinds

A:TROJAN-BNK.WIN32.KEYLOGGER.GEN

Hello and welcome. I am moving this from Vista to the Am I Infected forum.About Keygens.. These are tools to pirate software...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...Keygen and Crack Sites Distribute VIRUX and FakeAVInfections also spread by using peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a sm?rg?sbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The infection also spreads through emails containing links to websites that exploit your web browser?s security holes and by exploiting a vulnerability in older versions of Sun Java. When you click on an infected email link or spam, Internet Explorer launches a si... Read more

Read other 17 answers
RELEVANCY SCORE 64.4

So far, I can only access most of my icons on my desktop by going to safe mode with networking. When I start my computer normally, this virus prevents me from going to most of my icons on my desktop, preventing downloading, and some of my icons got moved or deleted(not responsible for it). How can I get rid of this virus? Any suggestions? If this does get resolved, what should I do to prevent this again? Also, if there is available, send me a link for a FREE anti-virus installment AFTER my computer is free of that virus. I would appreciate the help you people get to help resolve this issue.

A:Trojan-BNK.WIn32.Keylogger.gen

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware,... Read more

Read other 3 answers
RELEVANCY SCORE 64.4

Here is a pic of what keeps popping up every so often:




A side-effect of this trojan is it is posting obscene ads on every site that I go to, they all have to do with a male enhancement pill named 'Vimax Pills'.


On step 3 of the 5 steps, I wasn't able to install IE-Spypad.


HijackThis Logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:00 PM, on 10/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsof... Read more

A:Trojan-Spy.Win32.Keylogger.aa

Hello and welcome to TSF
Download RSIT by random/random and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

========
Logs Required
log.txt
info.txt

If there is no response to this post within 72hrs, this thread will be closed.

Read other 18 answers
RELEVANCY SCORE 64.4

First I would like to mention, that Im not that good at computer lingo or terminology, so I apologize for the future headaches. Alright, here's what I got:

I got hit with "Trojan-BNK.Win32-Keylogger.gen'. I read somewhere on how to get rid of it, I can?t remember where, but this is what I did:

- SAFE MODE with NETWORKING
- Downloaded ?Malwarebytes? Anti Malware?
- Run full scan
- Removed the infected

Doing that stopped the hijacking (BIG RELIEF). But that didn?t solve everything. Im pretty much locked out in my account. In SAFE MODE: Administrator Account (not my standard account), I have access to most things (My Computer, Files, RUN, Task Manager). However my standard account has TASK MANAGER, DESKTOP items, MY DOCUMENTS, RUN prompt, and many more disabled (You name it, no access)

I?ve gone through the forums and did the ?Windows Ley + R? to bring up the run command and entered regedit and regedit.exe (I have Windows XP Home Edition), but both times, I?ve needed to open it with something.

I bought BitDefender 2012, so I?m trying to get to a stage where I can download it successfully and remove any other intrusions.

If anyone can help, I would really appreciate it. Thank you.

A:Need more help against "Trojan-BNK.Win32-Keylogger.gen"

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435105 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 64.4

Happy New Year! This is what I woke up to this morning Trojan-BNK.Win32-Keylogger.gen
Windows 7 won't let me do anything. When I googled on my iphone everyone said this is a virus. So here I am, a total novice, asking for HELP!!!

A:Trojan-BNK.Win32-Keylogger.gen

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

I was on my computer and the message appeared that I was infect with Trojan-BNK.Win32.Keylogger.gen, this program has been redirecting me to different web pages and not allowing me to utilize my computer. I had to go into safe mode to be able to get into certain sites, please help me remove.

A:Infected with Trojan-BNK.Win32.Keylogger.gen PLEASE HELP

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Any underlined text in my posts indicates a clickable link.If you have any questions at all, please stop and ask before proceeding. Please download DDS by sUBs from one of the following links and save it to your desktop.DDS.scrDDS.comDDS.pifDisable any script blocking protection (How to Disable your Security Programs)Double click DDS icon to run the tool (may take up to 3 minutes to run)When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.---------------------------------------------------Post the contents of the DDS.txt report in your next replyAttach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes ... Read more

Read other 18 answers
RELEVANCY SCORE 63.6

A friend of mine's laptop has a Windows Security Alert window popping up every few minutes stating suspicious software has been detected:

Name: Trojan-Keylogger.Win32.Agent.
Risk Level: High
Description: Agent.arpt is a Spyware program that records keystrokes takes screen shot of the computer.

My friend stated he was on FaceBook when he became infected with this persistant popup.

Computer:
Dell Vostro 1700 Laptop running WinXP SP3; current on all patching. Running McAfee Total Protection Service current subscription and current definitions.

Efforts:
1) McAfee Scan ran - Three items found, 2 corrected (Deleted) and 3rd identified in registry as Potentially unwanted Object: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\systray, Threat: Adware-Perfect.gen - - - Detected but no further action taken by McAfee.

2) Installed and ran SuperAntiSpyware, Items were found, quaranteened and deleted (by me). Second scan ran which came back clean.

3) Installed Malware Bytes, 4 items detected and removed - - Cookies
Afterwards, Windows Security Alert is still popping up as described. I downloaded HJT onto the laptop and ran it. Here is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:29 PM, on 6/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\service... Read more

A:Trojan-Keylogger.Win32.Agent

Read other 6 answers
RELEVANCY SCORE 63.6

OK So I am running windows Vista on a dell vostro 220 and I keep getting these dreadful Windows Vista Antivirus 2012 popups and alerts telling me to buy their fake software. Everybody on the web is saying download malwarebytes and the like then just rename the file before you install it but that doesn't work because it won't install. I can't seem to get rid of it. Can somebody please help me? I've seen posts for this before but this seems like a new version.

Seriously whoever helps me will receive the the JEREMIAH1 NO1. INTERNET TROUBLE SHOOTER AWARD!!!

Many thanks
 

Read other answers
RELEVANCY SCORE 63.6

Hi - I use windows 7 with XP and after research used rkill and then scanned with malwarebytes then rkill again and then scanned with Superantispyware. I can now get on internet using firefox and ie 7, but now have balloon that pops up with msg: from malwarebytes "successfully blocked access to a potentially malicious website" with assorted ip addresses about every 12 seconds. The "type is outgoing"

Not that computer savy, so appreciate your patience!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_30
Run by mark at 21:46:06 on 2011-12-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2568 [GMT -5:00]
.
AV: Anti-Virus - SBC Yahoo! Online Protection *Disabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program F... Read more

A:trojan-bnk.win32.keylogger.gen infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435330 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

I am infected with Trojan-BNK.Win32.Keylogger.gen

Win 7 Antivirus 2012 has blocked a program from accessing the Internet.

Yes, activate Win 7 Antivirus 2012

No, continue unprotected (dangerous)

I also get a popup on the lower right: "Threat: Devices.2000" Do you want to block this attack (Yes / No)"

Please advise on how to continue.

A:I am infected with Trojan-BNK.Win32.Keylogger.gen

Have a look at here

http://www.bleepingcomputer.com/virus-removal/remove-vista-internet-security-2012

Read other 11 answers
RELEVANCY SCORE 63.6

"trojan-bnk.win32.keylogger.gen" has infected my system. I have an HP laptop running Vista Home Edition. There are popups every few minutes claiming that my system has been infected by malware/spyware and that I should activate some Vista security stuff. I have had problems running Internet Explorer as it keeps prompting me to activate the Vista stuff. I have not attempted to remove anything or run any type of scanning/removal tools. I have McAfee Security running, but it doesn't seem to detect the infection. Thanks for any help you can provide!



DDS results:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Christy at 21:47:12.11 on Sat 04/17/2010
Internet Explorer: 8.0.6001.18904
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3998.1207 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.ex... Read more

A:trojan-bnk.win32.keylogger.gen :: zidane21

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

---------------------------------------------------------------------------------------------

Read other 15 answers
RELEVANCY SCORE 63.6

I started with trojan-bnk.win32.keylogger.gen. I thought I removed it but it randomly comes back. I run superantispyware and I have trojans, remove them and two days later I have more. My computer used to shut down in 10 seconds now it takes about a minute. I search something on Google and open a link and I am re-directed to something else. Broni was quick to assist but said I have more issues that need more advanced help. I ran a bunch of tests and posted the logs for him and they are here at this link. http://www.bleepingcomputer.com/forums/topic433868.html/page__p__2519563__fromsearch__1#entry2519563

He sent me here and gave me a guide to follow. He told me to start on step 6 and then post everything. Any help would be so gratefully appreciated.

P.S. I had to skip step 8 since I'm running Windows 7 64bit

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Jason at 20:55:29 on 2011-12-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6164 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\syst... Read more

A:Started with trojan-bnk.win32.keylogger.gen

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434875 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 80 answers
RELEVANCY SCORE 63.6

Hi,
I recently have encountered the 'false' virus of Trojan-BNK.Win32.Keylogger.gen . I was wondering if anyone had any suggestions to removing it completely from my computer!? Thanks!!!

A:Trojan-BNK.Win32.Keylogger.gen Removal

Hello and welcome. We should run these and review the scan logs//Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may... Read more

Read other 1 answers
RELEVANCY SCORE 63.6

gmer.txt

info.txt

This fake Windows Security Popup keep coming up. I haven't followed the links, I just close it. My trendmicro software doesn't detectd it. I ran the RSIT and GMER. See Attached.
How do I remove this thing?

Is it really a keylogging program?

Logfile of random's system information tool 1.04 (written by random/random)
Run by Kristi at 2008-11-08 10:14:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 114 GB (73%) free of 156 GB
Total RAM: 1024 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:19 AM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINNT\system32\HPZipm12.exe
C... Read more

A:Trojan-Keylogger.Win32.Fung

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)

==========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
[*]Double click on combofix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode... Read more

Read other 5 answers
RELEVANCY SCORE 63.6

My computer is infected with some bad malaware, but I don't know what it is. I am got messages from a Microsoft looking window saying I had a Trojan-Keylogger.win32.agent. the windows would not go away and something started downloading, which I closed. My browser has also been hijacked. When I try to search for the Trojan-Keylogger.win32.agent on yahoo, my brower redirects me to another window. I am not too technical and I have been downloading some stuff off this web site. I did a Hijack this log, which I will post, and perhaps you can give me some advice? Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:40:42 AM, on 07/06/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\CSHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Prog... Read more

A:Trojan-Keylogger.win32.agent

Update,Searching for information, I saw a thread about something that looked very similar to what my computer has:http://www.bleepingcomputer.com/virus-remo...ivirus-pro-2009I had scanned with an old version of of Malwarebytes anti Malware, I downloaded a new version and it got rid of all kinds of bad stuff! Yay!But there are two files which it says are infected but cannot get rid of, it says it will delete them after rebooting, but I tried several times and they are still there.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.I ran a new HiJack this log file, could you take a look?Thank you!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:05:13 PM, on 07/07/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\... Read more

Read other 3 answers
RELEVANCY SCORE 63.6

I'm hoping somebody here can help!!!! A couple days ago, a Windows Security Alert box popped up on my computer (running WinXP) asking if I want to block suspicious software named Trojan-Keylogger.WIN32.Agent, with a description of Agent.arpt is s Spyware programm that records keystrokes and takes screen shot of the computer. The Keep Blocking and Unblock boxes are grayed out, and only the Enable Protection box is highlighted. I understand from my wife that she saw this box before I did, and she thought it was real and cliked on the link at the bottom of the box that says Click to download and activate protection.I have McAfee virus software running, and after I saw this for the first time, I ran spy-bot and ad-aware, as well as trying to restore my computer to previous date. It appears none of these things helped, because this box continues to pop up about every 5 minutes. I click the X to close the box.Earlier this evening, I ran HijackThis. Below is the log. Does anyone see something that I can attack to fix this problem? I appreciate the help.KevinHere's the log................Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:51:30 PM, on 6/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:�... Read more

A:Trojan-Keylogger.WIN32.Agent

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers