PCBugSquad

Description:

Troj/Banker-EPN is a Trojan that attempts to steal accounts, passwords, and other online banking related information.  This infection listens to the traffic that you send to online banking web sites, and when it finds certain information, records it and sends it to a remote location.  This information is then used to either perform identify theft or to sell it to those who will.

Once this infection is installed, it will create the C:\Windows\wmiprevse.exe file and then add the following registry key so that it runs automatically when you start Windows:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”wmiprevse” = “C:\Windows\wmiprevse.exe”

If this infection is found on your computer, it is strongly suggested that you contact all of your banks and have your account information changed immediately.  Also by explaining the situation they can have your accounts monitored for illicit activity.

Manual Removal Instructions for Troj/Banker-EPN:

End these processes if they exist:
Learn how to end processes

wmiprevse.exe

Delete these files if they exist:
Lean how to remove files

C:\Windows\wmiprevse.exe

Remove these Registry keys if they exist:
Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”wmiprevse”

To uninstall a program in Windows please perform the instructions for the particular version of Windows listed below.

How to uninstall a program in Windows XP

1. Click on the Start button
2. Select Control Panel
3. Once in the Control Panel, click on the Add or Remove Programs control panel icon.
4. A list of all the programs install on your machine will appear. Click on the program you would like to remove and then click on the Remove button.
5. The program will now begin to uninstall.  Please follow the prompts to uninstall the program.
6. When the program has finished uninstalling you can close the control panel windows.

How to uninstall a program in Windows Vista & Windows 7

1. Click on the Start button.
2. Select Control Panel.
3. Once in the Control Panel, under the Programs category, click on the Uninstall Program option.
4. A list of all the programs install on your computer will appear. Click on the program you wish to remove and then click on the Uninstall button on the menu bar above the list.
5. The program will now begin to uninstall.  Please follow the prompts to uninstall the program.
6. When the program has finished uninstalling you can close the control panel windows.

Your program will now be uninstalled.

Often times the most common tasks can be the most difficult ones. This is especially true when it comes to deleting files.  This tutorial will walk you through finding and deleting a file on your computer.

1. The first step is to search for the file. To do this, we open the Windows Search tool by clicking on the Start Menu and then selecting the Search option.  This should bring up a window similar to the one below.

   

2. Next click on the option labeled All files and folders.  This will change the window to appear like below.

   

   In the All or part of the file name: field enter the name of the file you would like to delete.

3. Now scroll down until you see More advanced options and click on it.  You should now see a screen similar to the one below.

   

   Make sure there are checkmarks in the boxes labeled Search hidden files and folders and Search system folders.  If there is no checkmark in those boxes, please put one there. When done, click on the Search button.

4. When the search has been completed you will see a list of all the files that were found that matched the name you entered in step 2.

   

   Select the file you would like to delete by left-clicking on the file once so it is highlighted as shown above.  Make sure you do not double-click on it as it may run the program instead. Once it is highlighted, press the Delete button on your keyboard.

5. Once you press the delete button a box will appear asking for confirmation on whether or not you really want to delete the file.

   

   Click on the Yes button to delete the file.

The file should now be deleted off of your computer.  You should now repeat these steps for any other files you would like to delete.

There will come a time in every computer users lifetime that they will need to stop a program from running in Windows.  For the most part, you can simply exit the program like you normally would by either clicking on the X in the upper right hand corner of the window or by clicking on the File –> Exit menu option. Unfortunately, though, it is common for a process to not exit like it should.  This could be because it is no longer responding, or frozen, or because it is malware and not allowing itself to be killed.

This tutorial will walk you through ending a process, or program, that cannot be closed by normal methods.  The first step is to open the Windows Task Manager.  To do this simply follow these steps:

1. On your keyboard, press the Ctrl+Alt+Delete buttons at the same time and then click on the Task Manager button if a menu appears.  Otherwise, Task Manager will automatically appear.  You can also press the Ctrl+Shift+ESC keys buttons on your keyboard at the same time to launch the Windows Task Manager. Managing these multi-button combinations can be tricky, so do not be concerned if it takes a few tries.
2. When the Task Manager opens you will see a screen similar to the one below.

   
   

   You should now select the program you would like to end by left-clicking on the name with your mouse.  The process you would like to stop should now be highlighted as shown in the image above where pgs.exe is highlighted.

3. Now click on the End Process button to end the program.  If a Window opens displaying a warning, you should click on the Yes button to end the program.

   
   

The program you wanted to close, should no longer be running and you can now close the Task Manager.  When ending programs, we suggest that you do not end any programs that are running under the User Name Local Service, Network Service, or System as it may cause instability on your computer.