Trojan.Silentbanker

Updated: April 2, 2013 Trojan 2 Comments

Trojan.Silentbanker is a dangerous computer Trojan that will steal sensitive information from its victims. Once Trojan.Silentbanker is executed, it can record key presses, take screen shot images, and steal confidential data that are related to online banking. Collected data will be sent to a remote attacker via email or File Transfer Protocol. Trojan.Silentbanker can also drop and execute additional threat. Exploiting Internet browser vulnerabilities is the most common propagation method for this Trojan.

Alias: Spy-Agent.cm

Damage Level: Low

Systems Affected: Windows 9x, 2000, XP

How to Remove Trojan.Silentbanker:

FIRST AID TO STOP Trojan.Silentbanker:
When Trojan.Silentbanker virus infects a computer, it will modify system settings and inject itself to legitimate Windows files. System Restore is the tool-to-go-to in bringing back clean files and restoring earlier configuration. If you have saved previous restore point, please restore Windows to an earlier date.

MANUAL REMOVAL OF Trojan.Silentbanker:
1. If an anti-virus program is present, update the definition file.
2. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- From the menu, select Safe Mode.

3. Run a full system scan and clean/delete all infected file(s).
4. Delete/Modify any values added to the registry if present.
- To edit the registry, click on Start. Search or Run regedit.exe.

Note: For a complete guide on Safe Mode and Registry Editor, please see tutorial links on the sidebar.

5. Exit registry editor and restart the computer.

ADDITIONAL TOOLS AND PROGRAMS:

Scan Trojan.Silentbanker with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent the compromised computer from executing any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. You can download it for free.

Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.

Technical Details and Additional Information:

Other functionalities of this Virus:
- Trojan.Silentbanker will disable sound device on the infected computer.
- The Trojan will attempt to gain access to different bank accounts.
- It records user name and password used for online banking transaction.

Malicious Files Added by Trojan.Silentbanker:
sk.exe
[RANDOM CHARACTERS][RANDOM DIGITS].dll

File Location for Windows Versions:

  • Files are placed on various locations but can be usually found on root of hard drive and under Windows/System32/.

Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\”midi1″ = “[RANDOM CHARACTERS][RANDOM DIGITS].dll”

Alternative Removal Method for Trojan.Silentbanker

Option 1 : Use Windows System Restore to return Windows to previous state

If Trojan.Silentbanker enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Trojan.Silentbanker infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.