How to remove the Troj/Banker-EPN infection and the wmiprevse.exe file
Description:
Troj/Banker-EPN is a Trojan that attempts to steal accounts, passwords, and other online banking related information. This infection listens to the traffic that you send to online banking web sites, and when it finds certain information, records it and sends it to a remote location. This information is then used to either perform identify theft or to sell it to those who will.
Once this infection is installed, it will create the C:\Windows\wmiprevse.exe file and then add the following registry key so that it runs automatically when you start Windows:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”wmiprevse” = “C:\Windows\wmiprevse.exe”
If this infection is found on your computer, it is strongly suggested that you contact all of your banks and have your account information changed immediately. Also by explaining the situation they can have your accounts monitored for illicit activity.
Manual Removal Instructions for Troj/Banker-EPN:
End these processes if they exist:
Learn how to end processes
wmiprevse.exe
Delete these files if they exist:
Lean how to remove files
C:\Windows\wmiprevse.exe
Remove these Registry keys if they exist:
Learn how to remove Windows Registry entries
Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly. Please edit the Registry only if you know what you are doing.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”wmiprevse”
May 24th, 2010 at 11:16 pm
Identity Theft is so rampant these days because it is quite easy to harvest information from someone else.`.-