This virus has been hitting systems for years, and has been resurging lately. Two computers in my household were infected within the same week, by different web sites. The virus may be getting around by an infected advertisement. Web owners accept the ad, and post it, unknowingly providing a virus to visitors. I had anti-virus programs running, and it still got by them. The other machine in the home has a LOT of antivirus (and firewall) running, and it got by that one's security too. Prevention aside, this article is about removal.
How this virus works is by writing itself to your registry (as many of the ugliest viruses do) and interfering with anything from your own virus program, browser launch, internet connection, etc. When you try to start a program, it pops up a fake "Windows Virus program" window explaining to you that your computer is infected with "Trojan-BNK.win32.Keylogger.gen" and you must "register" this fake "virus program" in order to clean Trojan-BNK.win32.Keylogger.gen off your system.
The virus will use the name of your system, so if you have Windows XP, it will tell you you need to register "XP Internet Security 2011" "XP Internet Security 2012" or with Windows Vista - "Vista Security 2012" or whatever.. the name is simply generated to match your operating system so that it will sound legitimate.
After hours and hours of research, I ended up realizing that on different systems, this virus is able to attack different operations. So, someone with windows XP is likely to experience different problems than someone with Windows 7 or Vista. Furthermore, the steps one takes on XP to clean it off may not work for the person with W7.
These are the steps we took to clean off the virus on our two systems, which included Windows 7 and Windows Vista.
You may need to re-start your computer in "Safe mode" to do steps below, but we did not find that helpful.
1) you need to stop that annoying pop-up window "your computer is infectd...register!" from popping up every time you click on anything. Do this by opting to "register" the fake program,
choose the button for "manual registry" and then it will want the "key" that you got when you "registered" the program.
Here is a "key" that will work 3425-814615-3990 - this "key" is being provided by anti-virus sites out there to help with cleaning off this virus, and since it is a virus, not a real program, sharing this key is in no way illegal.
2) download, install and use a program called "rkill.exe" it "kills" bad processes that are running in the background. rkill can be found at
www.bleepingcomputer.com. We had to double-click this program a few times to "kill" processes that were hampering our cleaning work. So, don't be afraid to use this a few times in-a-row after a restart or at any time, during this cleaning process. (If you begin to get an error message that "xyz is trying to run and cannot" ignore it and keep cleaning, it is probably that rkill has stopped the virus from working - this is what it meant for us, and once the virus was cleaned off we no longer got those kinds of messages.)
3) download, install and run malwarebytes from
www.malwarebytes.org, the trojan-seeking-killing anti-virus program. The reason we had to use this was that my other virus programs were not finding, or were disabled by, the virus, and also other programs I have used in the past, programs I usually only download and run when I get an infection (which is rare) and tried to use this time, require an internet connection in order to quarantine. The virus was preventing my sick computer connecting to the internet. Malwarebyts can be run, and will clean, without "needing" to be connected to the internet. It was a lifesaver. Make sure you do a deep scan with malwarebytes.
4) Malwarebytes should have detected some key viral things and may ask to restart and clean off items it may find during startup. Let it. This also takes a while. It did find several things during boot-up, and it gives you the options of "quarantine or delete" those files it finds. Typically it is safest to opt to "move all/quarantine" rather than "delete all".
5) By this time, our computers were working better, but the connection to the internet was messed up and neither machine could connect. After reading a few very very long forum comment histories and trying everything everyone else said worked for them, Windows 7 just would not connect. Some said it was a Windows error, not a viral thing. I noticed Windows had downloaded 2 "updates" the day before (perhaps that WAS the virus?). So, I "restored" the system to a point 2 days before. Walla, W7 connected. Windows Vista would not connect until it was re-booted a few times. It fixed itself without any haggling.
6) After this, we virus-scanned our systems with Stop Sign and E-Set, virus programs we use once a year for a deep clean.. to remove anything that might be lingering. Since we could now connect to the internet, we could use these that require connection. We also scanned using our existing anti-virals. I'd name the anti-virals we already had running on our systems, but since they let this virus slip by, I hesitate to reveal them. They don't need bad press, they are good programs. No ant-viral program is "complete" - always run a few and switch it up every once in a while.
That's our how-to, hope it helps you without as much searching and reading as it took us. This list seems easy and simple, but we tried a dozen or more "suggestions" and "steps" from other forums, and this list is the product of 1.5 days of research and trial (and for us, 1.5 days is about 20 hours work). Our computers are how we earn a living, so we are grateful for all the how-to's we found, it gave us hope. This list comprises what worked for us. Hope it works well for you too.