Trojan-BNK.Win32-Keylogger.gen
Trojan-BNK.Win32-Keylogger.gen is a threat displayed as detected by rogue security application aiming to deceive computer users. The warning is part of Firewall Alert exhibited by a family of rogue programs that will disguise to be part of Windows system. Trojan-BNK.Win32-Keylogger.gen is unreal that serves to frighten victims attempting to induce them to buy the complete version of endorsed product. Typically, these promoted applications are distributed in multi-versions like the following:
For Windows XP:
AntiSpyware XP, Antivirus XP, Total XP Security, XP Antispyware, XP Antivirus Pro, XP Guardian, XP Security Tool, XP Smart Security, XP Antimalware, XP Defender, XP Security and XP Internet Security
For Windows Vista:
AntiSpyware Vista, Antivirus Vista, Total Vista Security, Vista Antispyware, Vista Antivirus Pro, Vista Guardian, Vista Security Tool, Vista Smart Security, Vista Antimalware, Vista Defender, Vista Security and Vista Internet Security
For Windows 7:
AntiSpyware Win 7, Antivirus Win 7, Total Win 7 Security, Win 7 Antispyware, Win 7 Antivirus Pro, Win 7 Guardian, Win 7 Security Tool, Win 7 Smart Security, Win 7 Antimalware, Win 7 Defender, Win 7 Security and Win 7 Internet Security
Artificially detecting Trojan-BNK.Win32-Keylogger.gen from a clean and secured computer is intentionally put on view to scare users. On this tactics, rogue developers are hoping that frightened victims will keep their advice in obtaining the registered version of the endorsed program. The firewall alert contains the following message:
Internet Explorer is infected with Trojan-BNK.Win32-Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords.
This imaginary detection may lead to a more serious problem is user attempts to acquire the rogue program using credit card account. Not only that payment processing is not secured during the process, but rogue authors will take advantage of the scenario to charge the account more than the introduced price. Worst, credit card credential is used for some fraudulent online transaction to fund the operation of online illegal activities.
Systems Affected: Windows XP, Vista, Windows 7
Screen Shot Images:
As shown above, Trojan-BNK.Win32-Keylogger.gen is presented on fake Firewall Alert. Notice that the pop-up immediately recommend to activate the rogue program.
As expected, the same scheme is employed by latest variants of unwanted application, the same Firewall Alert containing duplicate messages. Only a slight changes on graphical design.
Trojan-BNK.Win32-Keylogger.gen Removal Tool:
1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on the file to install the application.
3. Follow the prompts and install as “default” only.
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished, click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart the computer.
Using Portable SuperAntiSpyware:
Alternatively, SuperAntiSpyware also removed rogue applications, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Download and run SuperAntiSpyware Portable Scanner.
Anna Thomas
Feb 25, 2010 @ 19:39:24
I have this on my computer. I am given the pop up that is shown above. I can google things but cannot go into anything without “Vista Internet Security” popping up a full screen telling me not to go any furthere and it won’t let me. I am not able to download any malware or spyware destroyers or searchers. What do I do? Is there something I can purchase at a store instead of having to download, because this has locked up my Internet.
Josh
Mar 03, 2010 @ 17:25:13
The same thing has happened to me that happened to Anna.
terry
Mar 08, 2010 @ 18:14:03
I had the same thing happen won’t let me do anything. What I did was a system restore to 1 week prior and downloaded everything in advance and ran the scanner I needed and it worked
lynn
Mar 11, 2010 @ 21:51:45
Try running a free ware called “Spybot Search and Destroy”. It will detect and remove the malware.
tanya
Mar 14, 2010 @ 06:07:49
tried spybot doesn’t get rid of it and cannot get on Internet to use auto remove.
Marc
Mar 15, 2010 @ 20:51:48
Use Malwarebytes Anti-Malware. http://www.precisesecurity.com/tools-resources/adware-tools/malwarebytes-anti-malware
Right Click the .exe and use “Run As” and run it as administrator after install. You can even install in Safe Mode w/ Networking.
Kevin
Mar 19, 2010 @ 21:14:33
I had to download it using a second computer then saved onto external hardrive. After that it took 4 hours to scan. sux.
Scott
Mar 20, 2010 @ 05:26:00
I saved to a USB thumb drive from another computer. When I put it in the infected computer and click on the Setup, it will not do anything. I downloaded the app to the thumbdrive as well and it still did not work. Any ideas?
Bill
Mar 23, 2010 @ 20:48:03
trying the above , got it installed by renaming it on my thumb drive and installed from there to the infected computer. Currently scanning an has already found one source file.
vagina
Mar 30, 2010 @ 21:09:13
just disconnect your internet and restart Windows! it gets rid of threats!
James
Apr 01, 2010 @ 02:47:52
I used System Restore and it worked perfectly. Went to ‘Accessories’, ‘System Tools’ then ‘System Restore.’ I set it back 2 days. It got rid of this %#$@! fake virus. No more pop-ups and all is running well. Good luck !!
Sarah
Apr 01, 2010 @ 11:44:20
I just took James’s advice and the virus seems to have completely disapeared. Thank you so much!
sa
Apr 06, 2010 @ 23:18:23
I had this problem and tried to run Malwarebytes Anti-Malware which seemed to have removed it but I re-started my computer and now it won’t boot up properly. It appears as though it is loading as normal but then the screen goes blank, I can hear the fans and it sounds like everything is running but I can’t see anything on the screen.
I have tried starting in Safe mode etc but nirthere of these options seem to load.
Any advice please?
I really don’t want to reinstall as I haven’t backed up all my work (that’s bad, I know)
Please help
Roberto
Apr 10, 2010 @ 10:54:39
James, you’re my idol! Thank you so much!
IT Pro
Apr 14, 2010 @ 19:16:17
James, You are a Star !!
Thanks a million for your advice
Callie
Apr 21, 2010 @ 10:02:11
Good tip, James! I decided to go ahead and scan with Malware Bytes anyway, and if you’re someone that wants to do that as well but like me, couldn’t access regular IE here’s what I did;
Click your start-bar in the lower left corner
In the search area, type “internet explorer”
You should see at least two options, one of which is “Internet Explorer (No Add-Ons)”
If you use that to browse and download the Malware Bytes program you should be fine. I did that and didn’t receive the dreaded virus message. :)
Wilbur
Apr 25, 2010 @ 00:43:19
The program worked perfectly for me. I have Vista Home Premium and the full scan took approximately 2hrs 18min 24sec. Highly recommend this method
Harry.
Apr 28, 2010 @ 15:25:19
James,
THANK YOU – THANK YOU -THANK YOU.
i tried EVERYTHING to get rid of this malaware that froze my internet.
Then i read and followed your instructions on restore point to a date before this intrusion in to my life happened – EUREKA AND HALLEJLUAH it’s GONE GONE GONE – James – I LUV YA !!!
Harry.
Apr 29, 2010 @ 20:09:47
reference to my previous post (above) — on closing down my pc after the .32 malware bug was removed from popping up and freezing my internet after restoring my pc to a previous date – I had a message saying it was still running (in the background) undetected by me -so I then downloaded the malware removal tool as described in the text on removal ( how to remove Trojan- BNK.Win32.keylogger.gen) and did a full pc scan which found the bug in 3 different places on my pc – I clicked on remove all, and now my pc is clean (hopefully)
so please, do the FREE download and complete scan for piece of mind, hope this helps others that are in same predicament that I was,
Harry.
Jesse
Mar 04, 2011 @ 06:27:39
On the non infected computer change mbam to winlogon and the run it on the infected comp. that should do the trick…
jenny
Mar 21, 2011 @ 23:38:14
HELP! will not let me open Internet explorer or FireFox to download anything. already had malware bytes installed but wont let me open it, even in safe mode. wont let me open my system restore eithere. please help!
Patrick
Apr 03, 2011 @ 22:39:54
I ordered a virus remover from PCtools but it was unable to get rid of Trojan BNKwin32keylogger.gen.
The remedy I used was to restore my computer to an earlier point in time and the problem went away.
Patrick
Satish
Apr 24, 2011 @ 23:39:51
Followed James’s solution and it worked like a charm!!! Thanks James!
Was concerned that I already had Malware Bytes installed and it was not getting invoked + I tried to do a fresh install via a fresh downloaded exe and that also was not getting invoked.
So I restored to the last restore point (yesterday) and all is well.
I am running Malware Bytes now and checking all.
Kelley
May 15, 2011 @ 14:43:09
I did what James recommended above and that worked but now I can bring up web pages but it will not let me sign into any of my pages. Any suggestions? I know it has to do with security settings but I am not too bright when it comes to computer issues.
Chris
May 18, 2011 @ 13:58:53
As a result of infection of; BNK.Win32.keylogger.gen, I could not browse through eithere IE or Firefox. I disconnected the Internet, shut down and then restarted desktop computer, employed System Restore back to about 2.5 months. Reconnect Internet. At that point I was able to browse to MalwareBytes – Anti-malware from CNet and download their free anti-malware program. Once update is complete, let it scan and in a few minutes, mine was cleared. Hope this helps.
Bev
May 21, 2011 @ 19:40:12
Thanks James!!…it worked as you said.. It’s my daughter and son-in-laws laptop and they will be so happy.
I had to do what Chris did and disconnect the Internet as even Safe Mode wouldn’t access I.E. But after disconnecting Internet and going to Accessories:System Tools then Restore it’s back to working great!
So glad to have found this page!
Jami
May 30, 2011 @ 21:16:39
I rolled my system back a couple days. Now I’m waiting for the CNet program to remove the rest. I’m really mad that my Spy Sweeper couldn’t help me. But I’m glad I had a smart phone to find this site.
leroy
May 31, 2011 @ 22:17:50
i cant roll back to a different date it only shows todays date.
Mike
Jun 06, 2011 @ 04:12:56
All i did was click on one of the top links for something I had searched for on Google and BAM – it immediately shut down both browsers I had up and all hell started breaking loose – constant fake warning messages. Don’t be fooled by any of them – just get rid of this thing. Its no fun that’s for sure – it toys with you in various ways – hijacks your browsers – won’t let you on the Internet – messes with your spyware removal program etc. I spent a few hours researching and trying different things. Here’s what finally worked for me – I booted up in safe Windows mode (F8 immediately at start up). I then ran Super Anti-spyware in safe mode and got rid of what it found. Malware Bytes or others are probably fine too but you have to already have 1 installed on your system – other wise good luck. Once it was removed, i was still getting some residual pop up warnings and stuff so then I tried what I had read somewhere else and got into Backup and Restore (can’t remember how I got there – sorry) and backed my computer up to 2 days before it happened. This completely got rid of the problem. I rebooted and ran Malware Bytes in regular mode and it didn’t find anything so it was gone. This BNK Keylogger thing certainly proved to me that its important to have antispyware already installed before something like this happens. Both that I mentioned are free and work well. I couldn’t imagine trying to install something by flash drive or whatever when the system was acting up this bad. Good Luck
jared
Jun 13, 2011 @ 22:54:56
To everyone who is claiming they cannot open malwarebytes because of this spyware, you must right click it and run as administrator. simply double clicking to open like normal won’t work
Mike
Jun 16, 2011 @ 00:08:07
Update: – I got this thing again – Unbelievable! – Didn’t take hours to figure out this time though. I ran super anti-spyware in safe mode and removed the problems it found but after it rebooted I was still having pop-ups as before. Tried to get to System Restore (Start>All Programs>Accessories>System Tools>System Restore) but the pop ups wouldn’t let me in – the thing was blocking me from System Restore. #!*@%#! – OK so here’s the way in. (I have XP but assume its the same for later versions) Turn the system off – turn it back on and hit F8 key just as its booting up. Choose regular Safe Mode (not Safe Mode w/ Internet because the keylogger will block everything if you are online). When it starts to boot up in Safe Mode a box pops up and says “Windows is running in safe mode… blah blah… If you prefer to use System Restore to restore your computer to a previous state click NO.” This Is What You Want!! – Click NO button and System Restore will pop up and you can choose a previous date to boot from – the system will then do its thing and reboot from a previous checkpoint a day or whatever earlier. Abracadabra – Keylogger piece of #@%! GONE. Again – hope this helps someone – I couldn’t remember how I got there before so rewrote this while it was fresh in mind. Peace All
anonymous
Jun 22, 2011 @ 04:46:02
James, THANK YOU SO MUCH. That was so much easier than all the stuff I was getting from all the other websites.
Holly
Jun 27, 2011 @ 08:07:13
I cant restore to a previous point apart from yesterday and i already had the bug then?
Malwarebytes picks up 1 bug when i scan, i delete it, run it again and nothing comes up, and then on a restart its back?
Please help.
Linda
Jun 30, 2011 @ 00:48:18
I used it today on my husband’s work PC via thumb drive. The pop up kept coming but I had to just keep closing them and clicking on the downloads .exe that I needed to open and run (rkill.exe) and it’s all going well now. Good luck everyone!
Smithers
Jun 30, 2011 @ 02:03:32
I did the James simple Restore point technique.. astonishingly for such a mild-Trojan, it actually worked. but looking at the bright side of the situation, as annoying as it may be. better a fake Trojan than a real one. I’m really relieved and thanks for the solution James and Mike and others.
Sheryll
Aug 02, 2011 @ 03:29:12
I could not open any web page in IE8 and had not previously downloaded Malware-Bytes on the infected computer. I went to Control Panel and created a new User Account as an administrator, restarted the computer and signed on as the new user I then opened IE and the fake pop-ups did not appear. I was able to download Malware-Bytes and installed it and then ran the scan and cleaned off the mess. Back up and running fine now. Hope this will help someone.
Jerry
Dec 16, 2011 @ 21:29:52
My Windows Vista32 got this nasty Trojan-BNK.Win32.Keylogger.gen bug, and it was a real pain! I looked-up the Trojan on the Internet using one of my old dial-up systems, and the suggestion that James made in his 1 April 2010 comment worked like a charm, TWICE. You see, I was not sure what site gave it to me and sure enough, I got it a second time. The procedure of restoring the system while in safe mode works great! Wish I had read James comment sooner. In summary, I was able to restart my computer, and while it was booting up, I continued to press F8 so that the menu to run in Safe mode came up. I then found the Restore System choice and entered it, and picked a restore point a few days earlier (certainly before the Trojan appeared.) In fact, I am writing this response on the computer that was previously infected. After the computer was operational, I ran my anti-virus and spyware/malware software — just to be on the safer side.
Chuck
Dec 20, 2011 @ 22:55:26
If the virus blocks MalwareBytes or other tools that you may try to use to remove them, try running those programs under “Run as Administrator”. That is how I got it to work on Windows Vista.
jennifer
Dec 21, 2011 @ 06:11:37
I went to safe mode and click the restore…it did not come up anything for me to the restore point. Anyone has suggestion? Thanks.
(note: mine is window vista)
jennifer
Dec 21, 2011 @ 06:39:34
I followed Jerry’s and works now. thanks
Kenneth
Dec 31, 2011 @ 14:05:00
James,
I don’t know you, but “love you man!” I followed your instructions and 5 minutes later the problem was gone. Thanks for sharing.
Kenneth
Dave
Jan 01, 2012 @ 21:14:36
Used another computer to dl malware bytes. Saved to thumb drive. Inserted thumb drive into infected computer. Ran malware bytes setup file as administrator. It installed MB, ran a scan, found the annoying spyware, and removed it. Restarted computer and I was good to go in 5 minutes. Thanks all!