We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

XP Internet Security 2012


the hick

Likes # 0

I downloaded IE8 earlier, now I have the above (maybe a coincidence. Its stopping me using internet on my PC (now using different PC), and tells me I have Trojan BNK.Win32.keylogger.gen.. I am a bit stuck, dont know what to do next. Any advice much appreciated, thank you.

Like this post
Fruit Bat /\0/\

Likes # 0

Ctrl + Alt + Delt ---- task manager Processes tab

Stop the following XP Internet Security 2012 processes:

[RANDOM CHARACTERS].exe

Start - Run type regedit press OK

Navigate to and Remove the following XP Internet Security 2012 registry keys:

HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP Internet Security 2012

HKEYLOCALMACHINE\SOFTWARE\XP Internet Security 2012

HKEYCURRENTUSER\Software\XP Internet Security 2012

HKEYCURRENTUSER\Software\Classes.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'

HKEYCURRENTUSER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'

HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'

HKEYLOCALMACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'

HKEYLOCALMACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'

HKEYLOCALMACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'

HKEYLOCALMACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'

HKEYLOCALMACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'

HKEYCLASSESROOT.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'

Locate (Search) and delete the following XP Internet Security 2012 files:

[RANDOM CHARACTERS].exe

%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h %LocalAppData%\kdn.exe %LocalAppData%\u3f7pnvfncsjk2e86abfbj5h %Temp%\u3f7pnvfncsjk2e86abfbj5h %UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h

Like this post
the hick

Likes # 0

Thank you for reply, are the random characters likely to be the ones at top of list? Not been here before! thankyou.

Like this post
Fruit Bat /\0/\

Likes # 0

Just tell us the ones you think are the random characters before trying to stop the process

Like this post
the hick

Likes # 0

Random: SbPFCl.exe, SbPFSvcexe, RTHDCPL.exe sbPFLnch.exe

these ones look non-random to me CALMAIN.exe, jqs.exe, avgnt.exe,
ctfmon.exe, smss.exe

thanks for your help.

Like this post
rdave13

Likes # 0

Bleeping Computers removal instructions (scroll down a bit) if above is difficult.

Like this post
the hick

Likes # 0

rdave13, thanks for the link. However, FixNCR.reg does not seem to have a SAVE option, only RUN and CANCEL. Still a bit stuck!

Like this post
rdave13

Likes # 0

It won't if you download it and run. Download it but select 'save' and to a flash drive or cd/dvd disc. Once saved you can run the exe. file when required.

Like this post
rdave13

Likes # 0

Use a 'clean' PC to do this.

Like this post
the hick

Likes # 0

Now seems sorted, thank you all for your help. After I had run FIXncr.reg, I was able to do a 'System Restore'. then downloaded IE-8 again. Result!

Like this post
rdave13

Likes # 0

I'd still run all your security apps in full mode just in case you've got hidden malware.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Tips for selling on eBay: auction tactics to get the best price for second-hand products