View Full Version : trojan virus! please help

07-01-2012, 08:02 PM
So I was sitting on my computer looking at FB when all of a sudden it closed out. It came up virus detected. When I tried to use my microsoft security essentials it said it was not installed, but it is bc that is what I have been using. It is saying I need to activate Vista antivirus 2012. It says that

wscript.exe is infected with Trojan-BNK.Win32.Kelogger.gen

I have no idea what that means but I just know it will not let do anything and says system integrity alert. Attack from port 55318 attack port 5843 threat Joke.1068

again I do not know what that means either. That part is in a seperate box saying vista antivirus alert 2012. Please can someone help me fix this!!! I am so lost. I posting from my phone so I am reading what the boxes on the screen are saying

07-01-2012, 08:11 PM
Download, update and run in Full mode, Malwarebytes from www.malwarebytes.org Is your MSSE up to date?


07-01-2012, 08:22 PM
That looked very suspicious so I Googled the virus name.....

Trojan-BNK.Win32.Keylogger.gen is a fake virus warning (a pop-up window that says your PC is infected). It deceives people into downloading/installing various malware voluntarily. Trojan-BNK.Win32.Keylogger.gen is a non-existent virus. It may also prompt users to obtain a full version of fake anti-virus software in order to remove threats which do not even exist. If the Trojan-BNK.Win32.Keylogger.gen keeps popping up on your computer, please use legitimate anti-malware to remove it.

07-01-2012, 08:23 PM
It should be, I just updated it the other day. The thing is it is not.letting me do anything. If I hit continue with computer unprotected will it let me download that thing you are talking about?

07-01-2012, 08:25 PM
A friends PC once got this or similar. I booted to "safe mode with networking", downloaded http://www.malwarebytes.org/, updated and scanned.

07-01-2012, 08:28 PM
But it wont let me turn on my MSSE.... It is blocking me from that. When I try to use microsoft sdcurity essentials it says computer at risk. When I try to start it it says could not start, the specified service does not exist as an installed service. But it is bc I use it.

07-01-2012, 08:30 PM
Sorry to soundg ignorant but how do I put it in safemode? I do not know much about this limd of stuff.

07-01-2012, 08:32 PM
It should be, I just updated it the other day. The thing is it is not.letting me do anything. If I hit continue with computer unprotected will it let me download that thing you are talking about? Quite comonly the computers' own antivirus will be deactivated, access to online antivirus can be blocked and installing another antivirus program can be prevented as well. Renaming an antivirus install file name, can be a work-around.

07-01-2012, 08:36 PM
Sorry to soundg ignorant but how do I put it in safemode? I do not know much about this limd of stuff.Typically, F8 key at boot up will show the various safe mode options. Safe mode with networking will allow internet access.

07-01-2012, 08:38 PM
Gahhhh, I reall need to take a. Omputer class. I am not sure how to go about all of this :-(

07-01-2012, 08:40 PM
Okay what will happen or what should I do after I donwload that?

07-01-2012, 08:56 PM
After computer beeps, continuously tap F8 key... advanced options menu appears..... select: safe mode with networking.... will boot to a different looking desktop .... run your web browser and navigate to http://www.malwarebytes.org/... be sure and click on the right links and get the free software ... update once the program is running .... do a full scan

07-01-2012, 09:06 PM
You may find a lot of those fake antivirus programs will stop programs like malwarebytes from running, some of them are quite nasty these days.

As mentioned, start the computer in safemode with networking, download and run Rkill (http://download.bleepingcomputer.com/grinler/rkill.exe) < that's a direct download link, save it to your computer then run it by double clicking it. it may appear to hang or be doing nothing, there will be a message saying please wait, it will disable the infection(s), and tell you when its done by its results.

Now download Malwarebytes (http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26) < Direct link. ( wait a second or two and it will appear)

Install and run it, make sure you scan in FULL MODE, a quick scan will miss a lot.

DO NOT reboot even if asked to.

Now download and run SUPERAntiSpyware (http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe), once again install and use complete scan.

Malwarebytes is okish, but its far from getting everything.

Depending on how deep this infection is, it may need more cleaning.

If you want to ( and it pays to do this) from my sig, download and run Spybot S&D as well

Please note, depending on how much data is on your computer, and its spec's each scan can easily take an hour or more.

Seen many people do quick scans and they leave behind many infections.

07-01-2012, 09:07 PM
The file name you are looking for is mbam-setup- ,,, it's (10.3MB) ,,, and will be downloaded from software-files-a.cnet.com
So as not to be confused the malwarebytes website will re-direct you to cnet.com for the download. Be aware, the correct file link to click on is somewhat confusing.
Quickly looking at it, click "download now".... then click the green bar that reads "download now, tested spyware free,,Cnet"

07-01-2012, 09:11 PM
Thank you for all that. I am going to do this in the morning and if I have any questions I will come back. I really appreciate it. And you made a great point, I usually only do quick scans on everything, so now I know I need to do full scans more often. It is almost 3:30 in the morning and my brain is not ready to concentrate on it yet.

07-01-2012, 09:12 PM
Ok, I'll go with wainuitech on this. He has the latest and best "hands-on" tips. Good luck

07-01-2012, 09:18 PM
Justa quick note -- when you run superantispyware for the first time it may look a little :horrified

If you want a PDF on how to run it,I can put a link, its the one I give my customers when they give a blank look after showing them :D

Robin S_
07-01-2012, 09:27 PM
To elaborate a little on what has already been said. Turn off your computer - you may need to click on the Start button and select Shut down. Wait about 10 - 15 sec then turn it on again and immediately keep tapping the F8 until you get a menu of various start-up options including 'Safe mode with networking'. Select this and it will start Windows in Safe Mode which is a cut-down version. Start your browser and download Malwarebytes from the link given above by Lakewood Lady. Presumably this will create an icon on your desktop for itself. Start it, update it and run it. It may need to be run a second time to do a complete cleanout. This should get rid of the trojan. If MSSE is not activated it will need to be - click on its icon in the notification area and it should fire up an 'Activate' or something button.

You may need to modify these instructions a little depending on what version of Windows you are running. I am not very familiar with Malwarebytes so someone might need to make some corrections.


Robin S_
07-01-2012, 09:31 PM
Curses. I was distracted by the arrival of desert before I pushed the Submit button.
You should have plenty of info to fix your problem now.

07-01-2012, 10:00 PM
One thing I forgot to mention before -- Download and run Ccleaner (http://www.piriform.com/ccleaner), it will clean out all your temp Internet files as well as other junk files in the computer, this will make scanning faster.

It may also remove any saved passwords/login for place like facebook etc, but it usually asks to do a scan for cookies to keep while installing.

Also look at what you click, there is one page, ( forth one from memory) it asks to install google chrome if you dont have it, UNTICK the two boxes other wise you will install chrome ( not everyone wants or likes it.)

Once installed, double click the icon on the desktop, then bottom right click "run Cleaner" -- it will show the results when finished.

The fake anti-virus will usually be a few random named exe files, sometimes they sit in the temp files and are easy to remove, other times its a little harder.

09-01-2012, 08:33 AM
I think this is a bad one. It stops in the middle of malwarebytes at like 15 minutes of running a full scan so it does not do it. What should I do, I need to get rid of this, please help.

09-01-2012, 09:52 AM
Where are you located angchick ?

09-01-2012, 10:07 AM
I live in Florida in the US.

Speedy Gonzales
09-01-2012, 10:15 AM
Sent you a PM Ang

09-01-2012, 10:41 AM
I live in Florida in the US.

Well that's me out for coming 'round for a coffee to help out ... :D

Go with Speedy ... he knows his stuff and anyone on this site will vouch for him ... he's one of the good guys !!

09-01-2012, 10:59 AM
LOL :) I definitely believe you, infact, he has helped me before!! All you people here are really awesome. I have really appreciated all the help I have recieved. I am hoping he will be able to work some magic, and help me now

Well that's me out for coming 'round for a coffee to help out ... :D

Go with Speedy ... he knows his stuff and anyone on this site will vouch for him ... he's one of the good guys !!

09-01-2012, 09:31 PM
Well, Mr. Speedy saved the day!!! Thank you again. And thank you all who gave advice to help. This is such a great place!!

Speedy Gonzales
09-01-2012, 09:52 PM
Great, good to hear its fixed. Looks like Vista antivirus 2012 installed somehow. It was giving the message/s about trojans etc. And it must have removed MSSE's service (it wouldnt turn on). Easy fix, uninstall MSSE, then reinstall it. Then we did a scan it found something . And Ang removed it with MSSE

10-01-2012, 09:19 AM
I live in Florida in the US.

Our God-son is skipper of one of those rich-kids yacht's birthed in Fort Lauderdale.

I digress sorry.

This pc was hit with the Security Sphere 2012 trojan and the troops on here were fantastic, but, hdd had to be taken out and put into another pc to have MalwareBytes get rid of it. Something beyond my capabilities, lol.

Glad you got it fixed tho.

Seasons Greetings from down under.