September 11, 2008

How to Remove Trojan.Bankpatch.C ?

Trojan.Bankpatch.C steals information from affected computer by modifing DLL files.The Trojan creates and run a file named conlf.ini inside %Temp% directory. Then the trojan injects malicious codes in to DLL files inside "System32" directory. Infect files like :kernel32.dll, powrprof.dll, wininet.dll, dllcache\kernel32.dll, dllcache\powrprof.dll, dllcache\wininet.dll. Trojan.Bankpatch.C infected files detected as Trojan.Bankpatch.C!Inf.

Then the trojan creates these files inside "System32" directory
1. ldshyr.old
2. nwklr.ini
3. nwpp.ini
4. nwwlnt.ini

How to Remove Trojan.Bankpatch.C ?
1. Perform standard procedure for Virus removal.

2. Remove the following entries from windows registry.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\"lwh" = "http://ffcsanta.com

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\rbt




No comments: