My computer was attacked by TrojanSpy:Win32/Banker.AMU. I got this report from my antivirus program. and I thought my antivirus can remove it, but it didn’t work. This virus is still there and interrupt my online activities. It frustrates me a lot. Now it runs lower than before. I would like my computer to keep in safe and clean state, can anyone help me?

TrojanSpy:Win32/Banker.AMU Description:

TrojanSpy:Win32/Banker.AMU is a very horrible and infectious Trojan virus. It main be used to attack online banking accounts where it may be initialized for stealing users’ login credentials from their computer. It can install itself by copying its executable file into Windows system folder, and then forcibly modifies the registry to run this file and changes the start-up items so that it can be activated immediately when users boot up their computers. Once it deeply roots on your computer, it will perform evil activities which cause system errors. And several program does not work properly. Meanwhile, this virus can make use of your computer’s system loophole to download and install other malicious programs and extension or plugin into your computer. It is able to damage system by corrupting and infecting the key files of the operating system which will cause computer runs abnormally. Computer will get overheated and slow down performance as TrojanSpy:Win32/Banker.AMU takes up too much CPU capacity. Therefore, PC will take a long time to turn on or shut down even run some programs after being attacked by this virus, some of them may even get the blue or black screen of death frequently which can further damage the computer hardware as well. Anti-virus program cannot remove it completely as this Trojan can replicate itself to many locations on the infected computer and infect system files. Once this Trojan enters into users’ PC, it will perform terrible activities such as changing the homepage, desktop image and other items, also the security tools may be disabled. Your computer may be remotely controlled by cyber criminals who can steal users’ information like banking account, password even security certificate, which will cause you financial loss.T o keep your computer and your information  in a safe and clean environment, don’t hesitate to remove it.

TrojanSpy:Win32/Banker.AMU is a malicious Trojan horse infection with strong destructive ability to the computers. It is mainly from malicious websites, free downloads or spam emails, because Trojan is often bundled into free software or inserted those malicious websites and even some legitimate websites which have been hacked by hackers. It will pop up as a fake flash update or video codec or discount sales or promotion product, don’t trust and click on those message banner or windows, otherwise you will activate this Trojan or other threats. Besides,spam E-mail is another main mean for this Trojan to spread. Usually spam email contains infected attachments or links to malicious websites. This Trojan main aims at stealing users’ online banking account, so it may pretend to be a legit bank or online shop to send you a fake email to rick you disclose your account number even password, finally it can help hacker to steal your all  savings. In a word, you should pay more attention to your downloading free software or application, especially to the installation procedure, and your online activities and don’t open an spam email randomly. Therefor, in order to prevent TrojanSpy:Win32/Banker.AMU virus from accessing your computer, you should be cautious of your online activities.


Some Traits about TrojanSpy:Win32/Banker.AMU Virus

-Can slow down the performance of the computer, or even blue screen.

-Can create many junk files which occupy a lot of space in hard drive.

-Can download other malicious programs into computer, which make further damage.

-Can redirect you to pages you don’t want all the time no matter what you are doing.

-Take a long time to turn on or shut down your computer

-Your sensitive information can be stolen by hacker who can access to your computer with the help of this Trojan.

-May pretend as an anti-virus program and cheat you that computer is in dangerous, and ask you to pay to remove the threats.

Warm prompt: It’s complicated for people who are not computer savvy or not familiar with the virus to remove the Trojan. You can contact YooCare/YooSecurity PC professional online service for help:

Removal Guide for PCs with Windows OS

There is a removal guide of Trojan provided here; however, expertise is required during the process of removal, please make sure you are capable to do it by yourself.

>>>>>> Press Ctrl+Shift+Esc keys simultaneously to get the Task Manager to stop the active processes of TrojanSpy:Win32/Banker.AMU virus. To do this, you will need to click the “Processes” tag at the top then find out suspicious processes and right click on them and select “End Process”.



>>>>>> Click “Start” menu at the lower left corner and type “regedit” in the search programs and files box and press Enter key. Then you will open the “Registry Editor”.



>>>>>> You will need to find out the suspicious registry files in the Registry Editor, They are usually located in: HKEY_LOCAL_MACHINE > SOFTWARE. You need to distinguish them from their “Name” and “Data” at the right column. All of them will be randomly distributed. If you are not good at this, ask for an expert for help.

registry editor

>>>>>> After you find out the suspicious registry files, you need to find out where the .exe files of the virus locate. Usually, they will be in the operating system drive. To open it, you will need to click Start menu > Computer & My computer. Generally speaking, the Operating System drive is Local Disk (C:).


>>>>>> Basically speaking, all the related files of TrojanSpy:Win32/Banker.AMU virus will be located in Windows > System32. Find out all the files of the Trojan virus and delete them. Make sure that all the files you deleted are viruses, but not the files of the operating system. Any mistakes will cause data loss even system crash.


Video of Key Steps on How to Modify or Change Windows Registry:


If your computer has been infected by TrojanSpy:Win32/Banker.AMU virus, various attacks must be initiated immediately to corrupt your system files and weaken the security level of the infected computer. It will modify all your key registry settings as well as disable your firewall because of its root-kit. And the CPU usage percentage will be high as 100% , which will be able to cause constant system freeze. Cyber criminals can remotely control the infected PC Computer with the help of this virus. Moreover, this Trojan is designed to steal users’  banking information so it is very good at stealing your personal information like credit card, bank account details, log-in passwords or other financial information could be leaked out. Victims of this virus will be suffering from financial loss. This Trojan must be removed as fast as possible to avoid further damages if you detect this nasty thing on your computer.

Warm prompt: If you are not computer savvy or not familiar with the virus to remove TrojanSpy:Win32/Banker.AMU virus. You can contact YooCare/YooSecurity PC professional online service for help:

Published by Tony Shepherd & last updated on May 27, 2015 5:47 am

Leave a Reply