How to Get Rid of the Banker Fox Virus

Open the "Windows Task Manager" by pressing and holding down the Ctrl, Alt and Delete keys. Under the "Processes" tab, you'll find a list of programs that are being run on the computer. Locate "Banker Fox," left-click it once to select it, then left-click once on the "end process" button on the bottom right of the task manager. There are other processes that are also initiated by "Spyware protect 2009" that will need to be ended ---these include oranerkka, ooorjaas, irprokwks, otpeppggq, dkekkrkska, dkewiizkjdks, iddqdops, ienotas, iqmcnoeqz, jikglond, jiklagka, jrjakdsd, jungertab, kitiiwhaas, kkwknrbsggeg, klopnidret, krkdkdkee, krkmahejdk, aazalirt, krtawefg, krujmmwlrra, ktknamwerr, kuruhccdsdd, oropbbsee, otnnbektre, otowjdseww, rkaskssd, ronitfst, seeukluba, skaaanret, sysguardn, tobmygers, tobykke, zibaglertz, and sysguard, all of which end in the file type .exe.

Open the registry editor by left clicking once on "start" and left-click once on "run...." A message will pop up asking what the user wishes to open. A drop-down menu will be visible, so left-click it once and select the "regedit" option. The registry editor will now appear and will be divided into 2 sections. On the left side of the registry editor, left-click once on the small plus sign to expand the "HKEY_current user" heading.

Scroll down and look for "software," then left-click on the small plus sign to open it. Under the "software" heading, left-click once on AvScan, then left-click "edit" at the top of the registry editor and select "delete" to remove it. Also, delete "Spyware Protect 2009" from this section.

Go under the "software" heading and locate "Microsoft." Left-click once on "Microsoft," then left-click once on "windows" and left-click once on the "current version" title from underneath that heading. Select and delete "Run sysguardn." The remaining items to remove under the "Current version" heading are found under the "run" and "uninstall" categories. They are both titled "Spyware Protect 2009"; select and delete them.

Open the command prompt window by left-clicking once on "start" and left-click once on "run..." again, only this time type "CMD" in the field titled "open." Left-click once on "ok." Type in "regsvr32 /u vbzlib2.dll"---this will unregister "Banker Fox" from the DLL libraries.

Double-click on "my computer" to open it, then double-click again on the C drive. Look for "program files" and double-left-click it. Under "program files," look for any files that contain "Spyware Protect 2009" in the title, left-click each one once to select, then left-click once on "file" and once on "delete" to remove the unwanted malicious files. Left-click once on the "back" button at the top to exit the "program files".

Look for the "windows" heading and double-left-click to open it. Delete the following .exe files under the "windows" heading: oranerkka, ooorjaas, irprokwks, otpeppggq, dkekkrkska, dkewiizkjdks, iddqdops, ienotas, iqmcnoeqz, jikglond, jiklagka, jrjakdsd, jungertab, kitiiwhaas, kkwknrbsggeg, klopnidret, krkdkdkee, krkmahejdk, aazalirt, krtawefg, krujmmwlrra, ktknamwerr, kuruhccdsdd, oropbbsee, otnnbektre, otowjdseww, rkaskssd, ronitfst, seeukluba, skaaanret, sysguardn, tobmygers, tobykke, zibaglertz, and sysguard. These are the same files that were previously halted by using the Windows Task Manager.