Trojan.Mentono is a Trojan horse designed to steal online banking information from the computers that it infects. It creates the following file on infected systems:
- %Application Data%\ Fobber\ nemre.exe
In addition to creating this file, it also creates the following registry entry:
- HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\ Fobber = “%Application Data%\ Fobber\ nemre.exe”
Finding this file and this registry setting is an indication that you are infected with this Trojan. Before removing the infection, backup your registry following the steps here.
Then, remove the infection as follows:
- Press [Windows Key] + [R], type REGEDIT and click OK.
- Navigate to the registry key: HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
- Delete the registry entry: Fobber = “%Application Data%\ Fobber\ nemre.exe”
- Close the Registry Editor and re-boot your PC.