XP Internet Security 2012

  the hick 19 Jun 11

I downloaded IE8 earlier, now I have the above (maybe a coincidence. Its stopping me using internet on my PC (now using different PC), and tells me I have Trojan BNK.Win32.keylogger.gen.. I am a bit stuck, dont know what to do next. Any advice much appreciated, thank you.

  Fruit Bat /\0/\ 19 Jun 11

Ctrl + Alt + Delt ---- task manager Processes tab

Stop the following XP Internet Security 2012 processes:


Start - Run type regedit press OK

Navigate to and Remove the following XP Internet Security 2012 registry keys:

HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP Internet Security 2012


HKEYCURRENTUSER\Software\XP Internet Security 2012

HKEYCURRENTUSER\Software\Classes.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'

HKEYCURRENTUSER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'

HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'

HKEYLOCALMACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'

HKEYLOCALMACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'

HKEYLOCALMACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'

HKEYLOCALMACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'

HKEYLOCALMACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'

HKEYCLASSESROOT.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'

Locate (Search) and delete the following XP Internet Security 2012 files:


%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h %LocalAppData%\kdn.exe %LocalAppData%\u3f7pnvfncsjk2e86abfbj5h %Temp%\u3f7pnvfncsjk2e86abfbj5h %UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h

  the hick 19 Jun 11

Thank you for reply, are the random characters likely to be the ones at top of list? Not been here before! thankyou.

  Fruit Bat /\0/\ 19 Jun 11

Just tell us the ones you think are the random characters before trying to stop the process

  the hick 19 Jun 11

Random: SbPFCl.exe, SbPFSvcexe, RTHDCPL.exe sbPFLnch.exe

these ones look non-random to me CALMAIN.exe, jqs.exe, avgnt.exe,
ctfmon.exe, smss.exe

thanks for your help.

  rdave13 19 Jun 11

Bleeping Computers removal instructions (scroll down a bit) if above is difficult.

  the hick 19 Jun 11

rdave13, thanks for the link. However, FixNCR.reg does not seem to have a SAVE option, only RUN and CANCEL. Still a bit stuck!

  rdave13 19 Jun 11

It won't if you download it and run. Download it but select 'save' and to a flash drive or cd/dvd disc. Once saved you can run the exe. file when required.

  rdave13 19 Jun 11

Use a 'clean' PC to do this.

  the hick 19 Jun 11

Now seems sorted, thank you all for your help. After I had run FIXncr.reg, I was able to do a 'System Restore'. then downloaded IE-8 again. Result!

  rdave13 20 Jun 11

I'd still run all your security apps in full mode just in case you've got hidden malware.


This thread is now locked and can not be replied to.

Should I upgrade to Windows 10? 8 reasons why you should upgrade to Windows 10... and 2 why you…

We are being sold the ability to spend money we don't have. And we love it

IKinema aims to banish droopy shoulders and wonky spines in animated CG characters

How to use Apple Music in the UK: Complete guide to Apple Music's features

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message