This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Removal of a BKA Trojan

Hello,

One of our User has encountered a kind of the BKA Trojan (White screen after logon). The on-access-scan hasn´t detected anything, neither has the full-system-scan.

Any chance i can get rid of that thing except reinstalling windows?

This thread was automatically locked due to age.

0 QC over 12 years ago

Hello PhilippZ,
has the user admin rights or is it a Power User? Guess you can access this computer remotely, can't you?
The white screen is, AFAIK, presented when the computer is not connected, otherwise you'll get the "BKA" screen. If you can access the computer remotely there are a few things you could do:
run Sysinternal's PsList and try to identify the name of the rogue process
search the user's AppData folder(s) for the name
search the user's registry for the name, if this turns up nothing then search for values containing the AppData|Application Data path
In any case copy all files which seem suspicious (also look in the user's %Temp% locations for files created around the same time and copy them as well) and send them as samples.
Usually removing the executables (if you were able to identify them) and/or correcting the registry keys gets is sufficient to enable the user to work again. Most of these trojans don't have a sophisticated self-protection.
Again - please try to obtain samples and send them in.
HTH
Christian
:35431
Cancel
Vote Up 0 Vote Down

Cancel