Trojan.Silentbanker

Trojan.Silentbanker is a dangerous computer Trojan that will steal sensitive information from its victims. Once Trojan.Silentbanker is executed, it can record key presses, take screen shot images, and steal confidential data that are related to online banking. Collected data will be sent to a remote attacker via email or File Transfer Protocol. Trojan.Silentbanker can also drop and execute additional threat. Exploiting Internet browser vulnerabilities is the most common propagation method for this Trojan.

Alias: Spy-Agent.cm

Damage Level: Low

Systems Affected: Windows 9x, 2000, XP

How to Remove Trojan.Silentbanker:

FIRST AID TO STOP Trojan.Silentbanker:
When Trojan.Silentbanker virus infects a computer, it will modify system settings and inject itself to legitimate Windows files. System Restore is the tool-to-go-to in bringing back clean files and restoring earlier configuration. If you have saved previous restore point, please restore Windows to an earlier date.

MANUAL REMOVAL OF Trojan.Silentbanker:
1. If an anti-virus program is present, update the definition file.
2. Reboot Windows in Safe Mode
– After turning on the power, press F8 on the keyboard.
– From the menu, select Safe Mode.

3. Run a full system scan and clean/delete all infected file(s).
4. Delete/Modify any values added to the registry if present.
– To edit the registry, click on Start. Search or Run regedit.exe.

Note: For a complete guide on Safe Mode and Registry Editor, please see tutorial links on the sidebar.

5. Exit registry editor and restart the computer.

ADDITIONAL TOOLS AND PROGRAMS:

Scan Trojan.Silentbanker with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent the compromised computer from executing any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. You can download it for free.

Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.

Technical Details and Additional Information:

Other functionalities of this Virus:
– Trojan.Silentbanker will disable sound device on the infected computer.
– The Trojan will attempt to gain access to different bank accounts.
– It records user name and password used for online banking transaction.

Malicious Files Added by Trojan.Silentbanker:
sk.exe
[RANDOM CHARACTERS][RANDOM DIGITS].dll

File Location for Windows Versions:

  • Files are placed on various locations but can be usually found on root of hard drive and under Windows/System32/.

Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\”midi1″ = “[RANDOM CHARACTERS][RANDOM DIGITS].dll”

2 Responses

  1. Joe says:

    For all of the registry entries where it says RANDOM CLSID, how do I know exactly which one to delete? Any help would be appreciated. Thank you!

  2. precisesecurity says:

    Same what you have deleted on other subkeys which contains the Random Digits. Be sure to backup your registry before doing this. Here’s how to backup your registry.
    http://www.precisesecurity.com/tools-resources/troubleshooting/how-to-backup-windows-xp-registry

Leave a Reply

Your email address will not be published. Required fields are marked *