A Windows Defender warning telling you that something called Win32 Packunwan was detected on your PC is a valid reason to be concerned about the safety of your system. Malware warnings are never fun, but at least you got notified about the potential threat and can now address it.
Win32 Packunwan is a Trojan Horse detection that could be linked to all sorts of rogue apps or even ordinary PUPs (potentially unwanted programs). However, the fact it got detected means you need to take action and address the issue by cleaning your system.
Similarly to other Trojans like Win32/Gamehack and the Altisik Service, Win32 Packunwan typically sneaks onto your system through pirated software, particularly cracked games from sites such as Steamunlocked. However, it can also be detected in legitimate apps, such as console game emulators and open-source tools, as well as in mods for various popular games like Minecraft and Roblox.
Win32/Packunwan Removal Tutorial
We want to help you save time if possible, so we recommend starting simple and trying to identify and uninstall the problematic app the regular way. It might not work, but it’s worth a shot:
- Open your Start Menu and find Settings – the gear icon is easy to spot.
- Once there, click on Apps. Sort the list by installation date.
- Look at what was installed most recently. There’s a good chance the virus is attached to a cracked game or suspicious app.
- Found something? Click Uninstall and follow the steps.
Once you’ve uninstalled the program, head to the folder where it was installed (if you know where it’s located). Manually delete anything that might have been left behind. Restart your computer afterward. This could do the trick. If not, don’t stress. We’ll dive into the full process now.
SUMMARY:
| Name | Packunwan |
| Type | Trojan |
| Detection Tool |
IMPORTANT! READ BEFORE CONTINUING
Trojans like Win32 Packunwan evolve – their creators introduce changes to their code to improve their persistence and make them harder to spot. We tested the following steps and they are effective at the time of writing but, despite our efforts to keep our guides updated, we can’t promise this will always be the case.
Also, the guide itself requires some time to complete as well as a certain minimum level of technical experience.
For all these reasons, we provide an alternative way to remove Win32 Packunwan in the form of SpyHunter. It’s a powerful removal tool available on this page that can weed out any lingering malware from your system and make it clean and secure again.
How to Get Rid of Packunwan
If you want to stick with the manual method, there are two preparatory steps you must complete to ensure success:
First, open the Start Menu and search for and open the Folder Options. There, in the View tab, enable the Show hidden files and folders option, and click OK.
Next, download the free LockHunter tool and install it. We know some of you probably prefer not to download anything, even if it’s a totally free app, but in this case, there’s no going around this.
There are certain steps you may not be able to complete without LockHunter, so go ahead and get it now before continuing.
Remove the Win32 Packunwan Virus Processes
Win32 Packunwan uses rogue processes to continue running in the background. Those processes drain your computer’s resources and can even cause noticeable slowdowns. Furthermore, you’ll probably not be able to delete the malware until those processes are stopped and their related data – deleted.
Open Task Manager with the Ctrl + Shift + Esc keyboard combination. Switch to the full view by clicking More Details if needed.
Now look through the list of processes. Sort the tasks by Memory usage and CPU usage and focus on the ones that seem out of place.
Obviously, don’t expect a process labeled “Packunwan”. Look for anything that is using too much Memory or CPU yet doesn’t seem linked to any program that you are familiar with.
One specific name to watch for: svckost.exe. Not svcHost.exe, that’s a legitimate process.
If you think you’ve spotted a rogue process, right-click it, and select Open File Location. This takes you to the folder the malware hides in. You must delete that folder alongside everything that’s in it.
Don’t panic if you can’t delete the files. This is where LockHunter comes in handy. Just right-click the file or folder that’s resisting deletion and click the “What’s locking this…” option. Then click “Delete it!” in the following window and the file/folder will get removed.
Now go back to Task Manager and end the process by right-clicking and choosing End Task.
Repeat this process for any other questionable tasks. The malware may use multiple processes, so take your time. Thoroughness is key here.
Delete Packunwan Virus Files
Now it’s time to clean out the remnants. First, check the Startup folders. These folders house programs that run automatically when your computer boots. Malware often adds itself here to launch automatically as soon as Windows starts.
Navigate to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup. Look for anything that seems out of place. Delete suspicious items, but leave desktop.ini alone if you see it there.
Next, go to C:\Users\YourUsername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. Do the same here. Delete anything unfamiliar.
After that, check Program Files and Program Files (x86) for folders or files that might be connected to Win32 Packunwan.
Again, don’t expect to see the Trojan’s name there. Instead, look for folders with the names of programs you don’t recognize or don’t remember installing.
If you notice anything sketchy, delete it (use LockHunter if you need to).
Also, if you see a folder with the name of the program(s) you attempted to uninstall at the very start of the guide (the quick steps), delete it too. The same applies to any folders named GameVersionUpdate or anything similar.
Lastly, clear out your Temp folder. You’ll find it in C:\Users\YourUsername\AppData\Local\Temp.
Delete everything there. It’s all temporary data, so you won’t lose anything important. It’s a good idea to empty this folder regularly anyway, as it can slow down your system over time.
With these steps, you’ve cleared a large portion of the malware, but there are still a couple of places to visit.
Get Rid of Win32 Packunwan Scheduled Tasks
Many overlook the Task Scheduler, but know that hackers use it to reinfect your system after you’ve deleted the malware. You need to check it.
Search for Task Scheduler in the Start Menu and open it. Look through the tasks in the Task Scheduler Library on the left panel.
Check what each task does by double-clicking it and going to the Actions tab.
Look at the program or command the task executes. If it points to a questionable .exe file or script or anything in the AppData or Roaming folders, delete the task immediately.
Then go to the file it runs and delete that too.
Continue reviewing all tasks. Don’t rush through this step. If you miss one rogue task, the virus could return.
Delete Win32/Packunwan Malware Registry Entries
The Windows Registry holds system settings and information about installed programs. Malware often leaves traces here, which can allow it to reappear even after you think it’s gone.
Be careful with this step. If you incorrectly delete registry entries that shouldn’t be touched, this can harm the system and cause further problems. If you’re unsure about handling the registry, consider using SpyHunter for automated assistance.
Open the Registry Editor by typing regedit in the Start Menu search bar. Then right-click the program and run it with Admin rights.
Press Ctrl + F once you are in the Registry Editor and type the name of the program you tried to uninstall at the start of this guide.
If anything is found, delete it, but remember to search again after each deletion to ensure there aren’t any remaining items.
Also, search for the names of any of the rogue processes you ended in the Task Manager or any suspicious folders you deleted from Program Files and Program Files (x86).
Next, go to HKCU\Software\Microsoft\Windows\CurrentVersion\Run in the left panel. Look for a value called winlogon in the right panel with %TEMP%\svckost.exe in its data column. Delete it if found.
You’ll also want to check the following registry keys. Look for sketchy-looking values (right panel) contained in each of them. If you find anything that seems out of place, delete only the value item and not the entire key:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services
Take your time as you inspect these. You don’t want to accidentally remove a critical system file.
Once you are done here, the malware should hopefully be gone from your PC. If it isn’t and you continue getting Win32/Packunwan warnings, consider using SpyHunter or another reputable anti-malware tool to secure your system.
Leave a Comment