9
- Connects to the internet without permission
- Shows commercial adverts
- Normal system programs crash immediatelly
- Slow internet connection
- System crashes
- Cant change my homepage
- Slow Computer
Trojan.BankerTrojan.Banker is a computer parasite which tries to disable online banking security software, in order to gain access to important banking information and private money funds. It usually monitors the user’s internet activity and various accesses to banking websites, in order to record the user activity and store such data as banking logins and passwords. Trojan.Banker steals a whole range of important information, including email account details, passwords saved on your internet browser, and various passwords related to instant messaging. When this Trojan is installed in your system, it performs certain changes which later on can indicate the presence of this parasite in your computer. For example, if there is a msnmsgr.exe in your Windows Task Manager, and you don’t have Windows Messenger installed, this is the first signal of a possible Trojan.Banker infection. This pest also performs certain changes to your system, so that the program would load every single time you turn on your computer. The presence of a folder titled C:\Windows\System32\gbiehuni.dll also indicates that you have caught Trojan.Banker. This folder is your Downloaded Program Files folder which has been renamed into gbiehuni.dll. Other possible renames are GBIEHCEF.DLL, gbiehabn.dll and GBIEHABN.DLL. This way the Trojan tries to disable components of software which is used by some banks in order to secure the authentication, when the customer logs in to his account. In case the system is infected, the user must remove Trojan.Banker immediately before it manages to steal and leak anymore important data. Manual removal of such parasites is very hard, so it is recommended to scan the system with reliable malware detector and then delete Trojan.Banker and all of its files for good. |
|
Download Spyware Removal Tool to Remove*
Trojan.Banker
|
|
How to manually remove Trojan.Banker
Files associated with Trojan.Banker infection:
BrwsPtnr.dll
appconf32.exe
xlr.exe
xln.cpl
xlb.cpl
userviet.exe
Nvsvc32.exe
win32.cpl
sbfiv.exe
hostne.exe
services.exe
ctfmon.exe
krn4.exe
msmsgs.exe
nl6.exe
winnt7.exe
winnt.exe
csrrs2.exe
csrrs1.exe
svchost.exe
spoolsvr32.exe
System32.exe
SerialsWorld[skbhyu].exe
spoolsv.exe
wininit.exe
mydpla.exe
Systema.exe
svhost.exe
Z48B83X1LIB.DLL
WPV501258147400.EXE
winmsne.exe
winnt2.exe
smsni.exe
sms.exe
dll.exe
svchosts.exe
winsex.exe
winnt5.exe
winnt6.exe
winnt3.exe
winnt4.exe
gbieh.dll
iexplorer2.exe
ssmss.exe
systm321.exe
sunwin32.exe
csrss.exe
fc.exe
mac.dll
msbcs.exe
nl.exe
ree1.exe
ree2.exe
WindowsUpdate.scr
iexplore.exe
Explorer.exe
AcroIEHelpe.dll
gbiesrv.exe
netfx20.exe
ntos.exe
load[1].exe
Certificado-4.1.10[1].exe
install_en[1].exe
codecpack.v.1.1.18[1].exe
orkutATupdate.exe
ExAlien.exe
Trojan.Banker DLL's to remove:
gbieh.dll
mac.dll
AcroIEHelpe.dll
Trojan.Banker processes to kill:
SearchSettingsProtection.exe
appconf32.exe
xlr.exe
userviet.exe
Nvsvc32.exe
sbfiv.exe
hostne.exe
services.exe
ctfmon.exe
krn4.exe
msmsgs.exe
nl6.exe
winnt7.exe
winnt.exe
csrrs2.exe
csrrs1.exe
svchost.exe
spoolsvr32.exe
System32.exe
SerialsWorld[skbhyu].exe
spoolsv.exe
wininit.exe
mydpla.exe
Systema.exe
svhost.exe
winmsne.exe
winnt2.exe
smsni.exe
sms.exe
dll.exe
svchosts.exe
winsex.exe
winnt5.exe
winnt6.exe
winnt3.exe
winnt4.exe
iexplorer2.exe
ssmss.exe
systm321.exe
sunwin32.exe
csrss.exe
fc.exe
msbcs.exe
nl.exe
ree1.exe
ree2.exe
iexplore.exe
Explorer.exe
gbiesrv.exe
netfx20.exe
ntos.exe
load[1].exe
Certificado-4.1.10[1].exe
install_en[1].exe
codecpack.v.1.1.18[1].exe
orkutATupdate.exe
ExAlien.exe
ExAlien
Remove Trojan.Banker registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{B42BF63C-5354-4c5c-A789-66EFEEC5E1B0}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1260323839
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 2krn
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 3krn
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Avast ! Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ csrss
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ddos
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ drivevideo
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ gbiesrv
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ GlobalFlagimglog2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ hostne
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Javs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ krn
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ krn99
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Messenger
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Microsoft security control
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Modulo_Ad_Autorizador
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ msav
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ msbcs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ MSMSGS
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ netfx20
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ PreInstall
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sbfiv
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ SerialsWorld
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Service Pack 3
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ smsnisys
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ svchosts
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ svchosts.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ System More Service
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ System Update
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ System32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Systm32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Technology NT
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ winkey
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ winmsne
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ winnt2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ winnt3
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ winnt4
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ winnt5
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ winnt6
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ winnt7
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ winsex
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ WinSystem
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ wservices
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ xlb
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ xln
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ xlr
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33161E98-0A6C-4d3c-BD62-3A7D56137F52}
Microsoft\Windows\CurrentVersion\Run\Imparck[1].exe
RUNNING PROGRAM\Explorer.exe
RUNNING PROGRAM\WindowsUpdate.scr
RUNNING PROGRAM\winnt6.exe
{33161E98-0A6C-4d3c-BD62-3A7D56137F52}
Comments
Where's the proof that Spyhunter will find this Trojan? I have scanned my computer with Spyhunter (free version) and it can't find anything and yet I have scanned it with "exterminate It" and it says it's there but can't get rid of it!! Next you'll tell me only the paid version will find it and delete it. I have my doubts so far.