AdWind RAT


AdWind RAT is a malicious Trojan horse that is actively used to spread harmful viruses on the Internet and cause various types of harm to the infected computers. This virus has recently been reported to be associated with infections of the Ransomware type, as well as many other online fraud and theft activities.

AdWind RAT

Multiple VirusTotal scanners can detect AdWind

After it gets into the computer system, this Trojan may secretly initiate certain malicious actions, but unfortunately, without a proper antivirus system you may not be able to spot it. The infection has hardly any visible symptoms and this helps it to perform its criminal deeds without being interrupted. If you have ever been infected with AdWind RAT, there is no doubt that you should immediately take actions to remove the Trojan horse and any associated scripts in order to prevent the malware from causing serious harm. Otherwise, it can very easily lead to the loss of valuable files, as well as your money, your login credentials and serious system corruption. To help you deal with the infection, we have specially assembled a detailed removal guide and some very useful tips on protection and prevention. Make sure you take a look at them and remove the virus as soon as possible.

The AdWind RAT

Trojan horses like the AdWind RAT (Remote Access Trojan) are considered to be some of the most cunning online threats. The AdWind RAT can be used for a number of criminal purposes and ever since it was created, it has been infecting unsuspecting online users.

More than 70% of all malware infections are caused by Trojan horses and this type of threats still tops the list as the most numerous and hazardous malicious group. Once a Trojan like this is installed on your system, it hides deep inside the computer and tries to remain unnoticed. Why does it do this? In most cases, the malware is waiting for extra commands from its criminal creators. The hackers can easily use it to download some destructive script and other malicious software in the already infected computer system, block certain web pages, collect personal data about their “victims”, and so on. In addition, these threats can lead to system delays, redirection, and other similar issues that should not be overlooked. In case AdWind RAT has infected you, you should immediately scan your computer with a reliable anti-virus program that you trust and remove the malicious files. For this purpose, we strongly recommend using our professional removal tool or other acceptable security software. You may also use manual instructions, like the ones available in the removal guide below, but we only encourage you for that if you know what you are doing.

Be careful as Trojan threats like AdWind RAT can try to get inside your computer as an “important” email with an attachment that is presented as a warning from the police, the tax office, a retailer, or someone else you could trust. Typically, the infection is hidden in the attached email file, which, once downloaded to your computer, helps AdWind RAT download additional files and execute its scripts. Still, sometimes this Trojan horse reaches the target computer after the “victim” has been led to click on a misleading link, contained in a spam email message, a social media share, a fake ad or some already compromised website. So be careful and avoid any suspicious links, emails and attachments you don’t trust or come from non verified senders!

If you think that a Trojan horse is nestled in your computer, it is of utmost importance to detect and remove it on time. The longer it stays, the greater harm it may cause, that’s why if you don’t want to end up being infected with Ransomware or get your bank account credentials stolen, we advise you to take immediate actions. Use the following guide to safely find and delete the AdWind RAT related scripts and scan your PC with the suggested malware removal tool or other reliable software for best results.  

Finally, we would like to add that you should consider providing extra safety against such infections because, as we have already warned you, a Trojan horse might be lurking in many web locations. To increase the security of your system, you need to use a reliable antivirus, to regularly update your software with the latest security patches and keep all of your important data safe by backing it up on external hard drives, CDs, DVDs, or just rely on online backup like Google Drive, Dropbox, and so on. This way, even if a nasty malware attacks you, you will prevent major data loss and will be able to easily recover.


Name AdWind RAT
Type Trojan
Danger Level High (Trojans are often used as a backdoor for Ransomware)
Symptoms This threat is very difficult to detect as it hardly has any symptoms.
Distribution Method Spam messages, malisious emails with attachments, fake ads, misleading links, infected webpages, pirate content.
Detection Tool

AdWind RAT Malware Removal

If you are looking for a way to remove AdWind you can try this:

  1. Click on the Start button in the bottom left corner of your Windows OS.
  2. Go to Control Panel -> Programs and Features -> Uninstall a Program.
  3. Search for AdWind and any other unfamiliar programs.
  4. Uninstall AdWind as well as other suspicious programs.

Note that this might not get rid of AdWind completely. For more detailed removal instructions follow the guide below.

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide

AdWind RAT

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

AdWind RAT


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

AdWind RAT

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
AdWind RAT
Drag and Drop File Here To Scan
AdWind RAT
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

    AdWind RAT

    Hold together the Start Key and R. Type appwiz.cpl –> OK.

    AdWind RAT

    You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

    AdWind RAT

    AdWind RAT

    Type msconfig in the search field and hit enter. A window will pop-up:

    AdWind RAT

    Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

    • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    AdWind RAT

    If there are suspicious IPs below “Localhost” – write to us in the comments.

    AdWind RAT

    Type Regedit in the windows search field and press Enter.

    Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

    • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
      HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
      HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

    Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
    More information about SpyHunter and steps to uninstall.


    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment