A detection of Trojan-BNK.Win32-Keylogger.gen by rogue security programs listed on this page is a mere scare tactic. You can stop Trojan-BNK.Win32-Keylogger.gen pop-up when you remove the rogue product from the computer.

Trojan-BNK.Win32-Keylogger.gen is a threat displayed as detected by rogue security application aiming to deceive computer users. The warning is part of Firewall Alert exhibited by a family of rogue programs that will disguise to be part of Windows system. Trojan-BNK.Win32-Keylogger.gen is unreal that serves to frighten victims attempting to induce them to buy the complete version of an endorsed product. Typically, these promoted software are distributed in multi-versions for different operating systems:

Artificially detecting Trojan-BNK.Win32-Keylogger.gen from a clean and secured computer is intentionally put on view to scare users. On this tactics, rogue developers are hoping that frightened victims will keep their advice in obtaining the registered version of the endorsed program. The firewall alert contains the following message:

Internet Explorer is infected with Trojan-BNK.Win32-Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords.

This imaginary detection may lead to a more serious problem is user attempts to acquire the rogue program using credit card account. Not only that payment processing is not secured during the process, but rogue authors will take advantage of the scenario to charge the account more than the introduced price. Worst, credit card credential is used for some fraudulent online transaction to fund the operation of online illegal activities.

Systems Affected: Windows XP, Vista, Windows 7

Screenshot Images of Trojan-BNK.Win32-Keylogger.gen:

Image of Trojan-BNK.Win32-Keylogger.gen

As shown above, Trojan-BNK.Win32-Keylogger.gen is presented on fake Firewall Alert. Notice that the pop-up immediately recommend to activate the rogue program.

As expected, the same scheme is employed by latest variants of unwanted application, the same Firewall Alert containing duplicate messages. Only a slight changes on graphical design.

How to Remove Trojan-BNK.Win32-Keylogger.gen

Systematic procedures to get rid of the threat are presented on this section. Make sure to scan the computer with suggested tools and scanners.

Step 1 : Download Microsoft Safety Scanner and Run a Scan

NOTE: We suggest that you PRINT or BOOKMARK this guide. There are steps that we may have to restart the computer in order to successfully remove the threat.

If you have previous version of Microsoft Safety Scanner that is more than 10 days old, please disregard it. Download a new copy from the official web site. Every 10 days, Microsoft will release the latest edition of this tool with updated anti-virus definitions to ensure that it will detect even most recent malware threats.

1. Download Microsoft Safety Scanner by clicking the button below and save it on your desktop. This is a free tool from Microsoft that offers on-demand scanning. It helps remove computer infection such as malware, virus, and Trojan.

Click to Download

2. Restart Windows in Safe Mode.

Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.
b) It will display the Advanced Boot Options menu. Select Safe Mode.

Start computer in Safe Mode using Windows 8 and Windows 10
a) Close any running programs on your computer.
b) Get ready to Start Windows. On your keyboard, Press and Hold Shift key and then, click on Restart button.
c) It will prompt you with options, please click on Troubleshoot icon.
d) Under Troubleshoot window, select Advanced Options.
e) On next window, click on Startup Settings icon.
f) Lastly, click on Restart button on subsequent window.
g) When Windows restarts, present startup options with numbers 1 - 9. Select "Enable Safe Mode with Networking" or number 5.

Startup Options

h) Windows will now boot on Safe Mode with Networking. Proceed with virus scan as the next step.

3. Once Windows starts in Safe Mode, locate the file of Microsoft Safety Scanner (msert.exe) that you have downloaded earlier. Double-click to run the file.

Icon of MSS

4. When it shows End user license agreement, please accept and click Next to continue.

5. On Scan Type window, please select Full scan. The tool will scan the entire system. This is ideal to detect and remove all threats that are present on the computer.

Image of MS Safety Scanner in full scan

6. Click Next to begin the scan. This process will take a while to finish. Please be patient and let MSS complete the scan procedure.

MSS while Scanning the computer

7. Once the scan operation ends, it will provide a report for identified threats. Please remove all the threats.

8. Reboot the computer and run another scan after Windows boots normally to make sure that Trojan-BNK.Win32-Keylogger.gen is gone. You may now restart Windows normally.

Step 2 : Double-check for Remnants of Trojan-BNK.Win32-Keylogger.gen using Malwarebytes Anti-Malware

This guide requires a tool called Malwarebytes' Anti-Malware. It is a free tool designed to eradicate various computer infections including Trojan-BNK.Win32-Keylogger.gen. MBAM scanner and malware removal tool is distributed for free.

1. In order to completely remove Trojan-BNK.Win32-Keylogger.gen, it is best to download and run the recommended tool. Please click the button below to begin download.

Download Tool

2. After downloading, double-click on the file to install the application. If you are using Windows Vista or higher version, right-click on the file and select 'Run as administrator' from the list.

3. When User Account Control prompts, please click Yes to proceed with the installation.

4. Follow the prompts and install as 'default' only. There are no changes needed during the installation process.

Launch MBAM

5. Malwarebytes Anti-Malware will launch for the first time. It is necessary to proceed with software update.

6. After downloading updates, please click on Scan on the left sidebar.

7. Choose Threat Scan on scanner's console to ensure that it thoroughly check the PC for any presence of Trojan-BNK.Win32-Keylogger.gen and other forms of threats. Click the Start Scan button to begin.


8. Once the scan has completed, Malwarebytes Anti-Malware will issue a list of identified threats. Mark all threats and click on Quarantine Selected.

MBAM Scan Finish

9. If it prompts to restart the computer, please reboot Windows.

Alternative Removal Procedure for Trojan-BNK.Win32-Keylogger.gen

Use Windows System Restore to return Windows to previous state

During an infection, Trojan-BNK.Win32-Keylogger.gen drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.

To verify if System Restore is active on your computer, please follow the instructions below to access this feature.

How to Access System Restore on Windows XP, Windows Vista, and Windows 7

a) Go to Start Menu, then under 'Run' or 'Search Program and Files' field, type rstrui.
b) Then, press Enter on the keyboard to open System Restore Settings.


How to Open System Restore on Windows 8 and Windows 10

a) Hover your mouse cursor to the lower left corner of the screen and wait for the Start icon to appear.
b) Right-click on the icon and select Run from the list. This will open a Run dialog box.
c) Type rstrui on the 'Open' field and click on OK to initiate the command.


If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.


About Marco Mathew

Marco Mathew works as Windows Network administrator before establishing Now, Marco is dedicating full-time to help computer users' fight viruses, malware, trojan, worms, adware, and potentially unwanted programs.


  1. AvatarAnna Thomas

    I have this on my computer. I am given the pop up that is shown above. I can google things but cannot go into anything without “Vista Internet Security” popping up a full screen telling me not to go any furthere and it won’t let me. I am not able to download any malware or spyware destroyers or searchers. What do I do? Is there something I can purchase at a store instead of having to download, because this has locked up my Internet.

  2. AvatarJosh

    The same thing has happened to me that happened to Anna.

  3. Avatarterry

    I had the same thing happen won’t let me do anything. What I did was a system restore to 1 week prior and downloaded everything in advance and ran the scanner I needed and it worked

  4. Avatarlynn

    Try running a free ware called “Spybot Search and Destroy”. It will detect and remove the malware.

  5. Avatartanya

    tried spybot doesn’t get rid of it and cannot get on Internet to use auto remove.

  6. AvatarKevin

    I had to download it using a second computer then saved onto external hardrive. After that it took 4 hours to scan. sux.

  7. AvatarScott

    I saved to a USB thumb drive from another computer. When I put it in the infected computer and click on the Setup, it will not do anything. I downloaded the app to the thumbdrive as well and it still did not work. Any ideas?

  8. AvatarBill

    trying the above , got it installed by renaming it on my thumb drive and installed from there to the infected computer. Currently scanning an has already found one source file.

  9. Avatartohall4

    just disconnect your internet and restart Windows! it gets rid of threats!

  10. AvatarJames

    I used System Restore and it worked perfectly. Went to ‘Accessories’, ‘System Tools’ then ‘System Restore.’ I set it back 2 days. It got rid of this %#[email protected]! fake virus. No more pop-ups and all is running well. Good luck !!

  11. AvatarSarah

    I just took James’s advice and the virus seems to have completely disappeared. Thank you so much!

  12. Avatarsa

    I had this problem and tried to run Malwarebytes Anti-Malware which seemed to have removed it but I re-started my computer and now it won’t boot up properly. It appears as though it is loading as normal but then the screen goes blank, I can hear the fans and it sounds like everything is running but I can’t see anything on the screen.

    I have tried starting in Safe mode etc but nirthere of these options seem to load.

    Any advice please?

    I really don’t want to reinstall as I haven’t backed up all my work (that’s bad, I know)

    Please help

  13. AvatarRoberto

    James, you’re my idol! Thank you so much!

  14. AvatarIT Pro

    James, You are a Star !!

    Thanks a million for your advice

  15. AvatarCallie

    Good tip, James! I decided to go ahead and scan with Malware Bytes anyway, and if you’re someone that wants to do that as well but like me, couldn’t access regular IE here’s what I did;

    Click your start-bar in the lower left corner

    In the search area, type “internet explorer”

    You should see at least two options, one of which is “Internet Explorer (No Add-Ons)”

    If you use that to browse and download the Malware Bytes program you should be fine. I did that and didn’t receive the dreaded virus message. :)

  16. AvatarWilbur

    The program worked perfectly for me. I have Vista Home Premium and the full scan took approximately 2hrs 18min 24sec. Highly recommend this method

  17. AvatarHarry.

    i tried EVERYTHING to get rid of this malaware that froze my internet.
    Then i read and followed your instructions on restore point to a date before this intrusion in to my life happened – EUREKA AND HALLEJLUAH it’s GONE GONE GONE – James – I LUV YA !!!

  18. AvatarHarry.

    reference to my previous post (above) — on closing down my pc after the .32 malware bug was removed from popping up and freezing my internet after restoring my pc to a previous date – I had a message saying it was still running (in the background) undetected by me -so I then downloaded the malware removal tool as described in the text on removal ( how to remove Trojan- BNK.Win32.keylogger.gen) and did a full pc scan which found the bug in 3 different places on my pc – I clicked on remove all, and now my pc is clean (hopefully)
    so please, do the FREE download and complete scan for piece of mind, hope this helps others that are in same predicament that I was,


  19. AvatarJesse

    On the non infected computer change mbam to winlogon and the run it on the infected comp. that should do the trick…

  20. Avatarjenny

    HELP! will not let me open Internet explorer or FireFox to download anything. already had malware bytes installed but wont let me open it, even in safe mode. wont let me open my system restore eithere. please help!

  21. AvatarPatrick

    I ordered a virus remover from PCtools but it was unable to get rid of Trojan BNKwin32keylogger.gen.

    The remedy I used was to restore my computer to an earlier point in time and the problem went away.


  22. AvatarSatish

    Followed James’s solution and it worked like a charm!!! Thanks James!

    Was concerned that I already had Malware Bytes installed and it was not getting invoked + I tried to do a fresh install via a fresh downloaded exe and that also was not getting invoked.

    So I restored to the last restore point (yesterday) and all is well.

    I am running Malware Bytes now and checking all.

  23. AvatarKelley

    I did what James recommended above and that worked but now I can bring up web pages but it will not let me sign into any of my pages. Any suggestions? I know it has to do with security settings but I am not too bright when it comes to computer issues.

  24. AvatarChris

    As a result of infection of; BNK.Win32.keylogger.gen, I could not browse through eithere IE or Firefox. I disconnected the Internet, shut down and then restarted desktop computer, employed System Restore back to about 2.5 months. Reconnect Internet. At that point I was able to browse to MalwareBytes – Anti-malware from CNet and download their free anti-malware program. Once update is complete, let it scan and in a few minutes, mine was cleared. Hope this helps.

  25. AvatarBev

    Thanks James!!…it worked as you said.. It’s my daughter and son-in-laws laptop and they will be so happy.
    I had to do what Chris did and disconnect the Internet as even Safe Mode wouldn’t access I.E. But after disconnecting Internet and going to Accessories:System Tools then Restore it’s back to working great!

    So glad to have found this page!

  26. AvatarJami

    I rolled my system back a couple days. Now I’m waiting for the CNet program to remove the rest. I’m really mad that my Spy Sweeper couldn’t help me. But I’m glad I had a smart phone to find this site.

  27. Avatarleroy

    i cant roll back to a different date it only shows todays date.

  28. AvatarMike

    All i did was click on one of the top links for something I had searched for on Google and BAM – it immediately shut down both browsers I had up and all hell started breaking loose – constant fake warning messages. Don’t be fooled by any of them – just get rid of this thing. Its no fun that’s for sure – it toys with you in various ways – hijacks your browsers – won’t let you on the Internet – messes with your spyware removal program etc. I spent a few hours researching and trying different things. Here’s what finally worked for me – I booted up in safe Windows mode (F8 immediately at start up). I then ran Super Anti-spyware in safe mode and got rid of what it found. Malware Bytes or others are probably fine too but you have to already have 1 installed on your system – other wise good luck. Once it was removed, i was still getting some residual pop up warnings and stuff so then I tried what I had read somewhere else and got into Backup and Restore (can’t remember how I got there – sorry) and backed my computer up to 2 days before it happened. This completely got rid of the problem. I rebooted and ran Malware Bytes in regular mode and it didn’t find anything so it was gone. This BNK Keylogger thing certainly proved to me that its important to have antispyware already installed before something like this happens. Both that I mentioned are free and work well. I couldn’t imagine trying to install something by flash drive or whatever when the system was acting up this bad. Good Luck

  29. Avatarjared

    To everyone who is claiming they cannot open malwarebytes because of this spyware, you must right click it and run as administrator. simply double clicking to open like normal won’t work

  30. AvatarMike

    Update: – I got this thing again – Unbelievable! – Didn’t take hours to figure out this time though. I ran super anti-spyware in safe mode and removed the problems it found but after it rebooted I was still having pop-ups as before. Tried to get to System Restore (Start>All Programs>Accessories>System Tools>System Restore) but the pop ups wouldn’t let me in – the thing was blocking me from System Restore. #!*@%#! – OK so here’s the way in. (I have XP but assume its the same for later versions) Turn the system off – turn it back on and hit F8 key just as its booting up. Choose regular Safe Mode (not Safe Mode w/ Internet because the keylogger will block everything if you are online). When it starts to boot up in Safe Mode a box pops up and says “Windows is running in safe mode… blah blah… If you prefer to use System Restore to restore your computer to a previous state click NO.” This Is What You Want!! – Click NO button and System Restore will pop up and you can choose a previous date to boot from – the system will then do its thing and reboot from a previous checkpoint a day or whatever earlier. Abracadabra – Keylogger piece of #@%! GONE. Again – hope this helps someone – I couldn’t remember how I got there before so rewrote this while it was fresh in mind. Peace All

  31. Avataranonymous

    James, THANK YOU SO MUCH. That was so much easier than all the stuff I was getting from all the other websites.

  32. AvatarHolly

    I cant restore to a previous point apart from yesterday and i already had the bug then?

    Malwarebytes picks up 1 bug when i scan, i delete it, run it again and nothing comes up, and then on a restart its back?

    Please help.

  33. AvatarLinda

    I used it today on my husband’s work PC via thumb drive. The pop up kept coming but I had to just keep closing them and clicking on the downloads .exe that I needed to open and run (rkill.exe) and it’s all going well now. Good luck everyone!

  34. AvatarSmithers

    I did the James simple Restore point technique.. astonishingly for such a mild-Trojan, it actually worked. but looking at the bright side of the situation, as annoying as it may be. better a fake Trojan than a real one. I’m really relieved and thanks for the solution James and Mike and others.

  35. AvatarSheryll

    I could not open any web page in IE8 and had not previously downloaded Malware-Bytes on the infected computer. I went to Control Panel and created a new User Account as an administrator, restarted the computer and signed on as the new user I then opened IE and the fake pop-ups did not appear. I was able to download Malware-Bytes and installed it and then ran the scan and cleaned off the mess. Back up and running fine now. Hope this will help someone.

  36. AvatarJerry

    My Windows Vista32 got this nasty Trojan-BNK.Win32.Keylogger.gen bug, and it was a real pain! I looked-up the Trojan on the Internet using one of my old dial-up systems, and the suggestion that James made in his 1 April 2010 comment worked like a charm, TWICE. You see, I was not sure what site gave it to me and sure enough, I got it a second time. The procedure of restoring the system while in safe mode works great! Wish I had read James comment sooner. In summary, I was able to restart my computer, and while it was booting up, I continued to press F8 so that the menu to run in Safe mode came up. I then found the Restore System choice and entered it, and picked a restore point a few days earlier (certainly before the Trojan appeared.) In fact, I am writing this response on the computer that was previously infected. After the computer was operational, I ran my anti-virus and spyware/malware software — just to be on the safer side.

  37. AvatarChuck

    If the virus blocks MalwareBytes or other tools that you may try to use to remove them, try running those programs under “Run as Administrator”. That is how I got it to work on Windows Vista.

  38. Avatarjennifer

    I went to safe mode and click the restore…it did not come up anything for me to the restore point. Anyone has suggestion? Thanks.
    (note: mine is window vista)

  39. Avatarjennifer

    I followed Jerry’s and works now. thanks

  40. AvatarKenneth


    I don’t know you, but “love you man!” I followed your instructions and 5 minutes later the problem was gone. Thanks for sharing.


  41. AvatarDave

    Use another computer to download malware bytes. Saved to thumb drive. Inserted thumb drive into infected computer. Ran malware bytes setup file as administrator. It installed MB, ran a scan, found the annoying spyware, and removed it. Restarted computer and I was good to go in 5 minutes. Thanks all!

  42. Avatarbrad

    Dont run windows anymore, windows is a magnet to this kind of thing try linux

Leave a Comment

Your email address will not be published. Required fields are marked *