CloudFanta Malware Removal

This page aims to help you remove the CloudFanta Malware. These CloudFanta Malware removal instructions work for every version of Windows.

A new Trojan horse version called CloudFanta has recently been reported by infected users. This malware is used to steal banking accounts and passwords by injecting infected .DLL files into the library of the computer. CloudFanta typically either uses a Java script or another form of code injector. The CloudFanta derives its name from the scam clouding service offer it uses to lure potential victims. Unsuspecting users are likely to willingly install the CloudFanta malware, while believing they will receive a free cloud service

What is CloudFanta Malware and how is it distributed?

CloudFanta shares a lot of similarities with a typical banking trojans, such as the well known Zeus trojan. Trojans are really among the most dreadful online threats one could encounter. These malicious pieces of content are created by cybercriminals, who use them to perform various harmful activities and criminal deeds on the infected computer. Usually, the infection with a Trojan is very hard to detect, and users rarely have the chance to catch it before it has completed its malicious mission. In fact, this is why Trojans have such a bad reputation and they really can be tricky and very sophisticated on their way to the victim’s system. A contamination with CloudFanta may happen when you least expect it, as this Trojan hides very well in all sorts of web content. Moreover, it is the king of disguise, masking itself as seemingly harmless files, images, email attachments, spam messages, videos, links, ads and whatnot. It takes just a click on one such well-masked threat for the infection to take place, and unfortunately many users have no clue when that wrong click has happened. That’s why paying attention when surfing the web is really important for your system’s safety, and having reputed antivirus software is a must when it comes to your protection against such cunning threats.

What malicious actions can CloudFanta do?

As a typical Trojan horse, CloudFanta may have multiple purposes, which may vary, depending on the malicious deeds that its developers have created it for. This means that different hackers may use threats like this one in many different ways. Here we’ve listed some of the most common harmful activities that a Trojan of this type could be used for, but be sure that such threats are not limited to just that.

  • Corrupting your files and your system – this Trojan could effectively be used to destroy or delete some of the data, found on your computer or even cause some severe system crashes.
  • Distributing Ransomware – It is not excluded that CloudFanta may silently deliver even nastier malicious infections, such as some Ransomware cryptovirus to your system. In fact, Trojans are usually used for that purpose, as they create backdoors for Ransomware to silently sneak in and mess up the data found on the infected device and blackmail you for ransom.
  • Exploiting your system resources and involving you in various cybercrimes – this type of malware might be used by the hackers as a tool that can turn your computer into a bot and get it involved in multiple criminal deeds, such as virus distribution, spam-spreading campaigns and much more.
  • Spying on you – having CloudFanta on your computer, you may unknowingly be exposed to the hackers’ eyes. With the help of this Trojan, they may gain unauthorized access to your entire machine, spy on you through your web camera or listen to your conversations through your microphone by hacking it.
  • Stealing your credentials – Once your system is compromised with CloudFanta, this malware can easily monitor all your online and offline activity on the computer. This means that it may copy and send all your sensitive credentials, passwords, payment details and online banking access details to a group of unscrupulous cybercriminals. It is pretty obvious how bad it could be if such hackers gain access to all your accounts and personal information. That’s why removing the Trojan should be your top priority, the moment after you’ve detected it.

How to remove this dreadful threat?

You may successfully deal with this Trojan if you closely follow the instructions in the guide below. We did our best to make them clear and easy to follow, even if you are not an expert in computer virus removal. However, if you don’t feel confident enough to manage this cunning threat, you may find the professional CloudFanta removal tool very helpful in detecting and deleting the Trojan. If you have any questions, do not hesitate to leave us a comment and we will be more than happy to help. And don’t forget to install proper antivirus software in order to keep such threats at bay in the future.


Name CloudFanta
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  A very sophisticated threat that can hardly be detected before it has completed its malicious actions.
Distribution Method This Trojan hides very well in all sorts of web content. Moreover, it is the king of disguise, masking itself as seemingly harmless files, images, email attachments, spam messages, videos, links, ads and whatnot.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

CloudFanta Malware Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:


Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.



Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


  • This step is very important, because you can catch other threats (like Ransomware and Spyware) while looking for the Adware process.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.


Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random


If all the prior steps fail to help you or you have reason to believe your system is exposed to threats like Ransomware, we advise you to download a professional scanner and remover.

Remember to leave us a comment if you run into any trouble!

Leave a Comment