Core Sync Virus


If the location of CoreSync.exe is in a subfolder of the Windows folder for temporary files, then this mean that your system has been compromised to a Trojan Horse virus.

Core Sync Virus

The CoreSync Virus is a Cryptocurrency Miner.

The Trojan Horse viruses are pretty common online infections. Yet the majority of web users still don’t know much about these terrible threats. For instance, we have received a number of messages from users who have been infected with one of the new Trojan Horse variants called Core Sync. The users have been asking questions about how to deal with the infection and what to expect from it. That’s why we’ve come up with the current article and the removal guide that you can find below. But before you go to the instructions there, we suggest you read the information that follows to learn a bit more about what Trojans like Core Sync might be able to do.

A key feature of all Trojan Horse viruses is the fact that they can hardly be detected by regular web users without the help of a strong security program. That’s what makes infections like Core Sync a preferred tool for any hacker or cybercriminal. As a matter of fact, a Trojan can go unnoticed for weeks, or maybe even months, so it’s great that you actually got to know about the presence of Core Sync on your computer. Sadly, we can’t tell you what kind of harm to expect from the infection since one of the qualities of the Trojans has to do with their versatility. With the help of a program like Core Sync, a hacker can do anything from data theft and espionage to total system destruction, and more.

The Core Sync Virus

Core Sync.exe is the name of a cryptojacking Trojan horse and should not be mistaken with the genuine Core Sync.exe file which is a software component of Adobe Acrobat by Adobe. The location of the malicious Core Sync.exe file will be in a temporary file folder.

Core Sync Virus

The Core Sync Virus

One of the possible uses for Trojan-based programs is for malware distribution and delivery, so the presence of Core Sync on your computer can lead to potential infection with Ransomware, Spyware, and who knows what else. A Trojan can also be used to turn your computer into a bot and allow the hackers to control it remotely without you even suspecting it. You may become a subject of 24/7 surveillance, a victim of money theft or theft of valuable information which not only can be sent to the hackers’ servers but also could be destroyed after that.  

As you can see, Trojans such as Core Sync are not to be underestimated and it is important that you quickly remove the one in your system. As mentioned earlier, you can use the removal instructions below but they may not always get rid of everything related to the malware program. That’s why, in case of doubt or if you need to speed up the removal process, you can use the professional removal tool posted below instead. In just a few minutes, this tool will scan the infected device and will find and remove Core Sync from your machine.

What is Core Sync?

Core Sync is categorized as a Trojan Horse and has been specifically created to cause damage to the infected computer. In most cases, Core Sync can provide the hackers with remote access to the infected computer and let them manipulate different system processes.

And as soon as you successfully remove Core Sync from your computer, it would be wise to take appropriate precautions to prevent potential future infections. You can start by getting your device updated with all the latest updates and by installing an antivirus or an anti-malware program of good quality. Another important aspect of having a virus-free computer is making sure you don’t visit questionable web locations and keep away from spam, emails from unknown senders, and suspicious attachments.


Name Core Sync
Type Trojan
Danger Level High (Trojans are often used as a backdoor for Ransomware)
Symptoms Trojans typically don’t show visible symptoms of their presence in order to remain in the system as long as possible.
Distribution Method Spam is a common method of distribution of Trojans along with malvertisements, torrents, and infected software installers.
Detection Tool

Not Available

Core Sync Virus Removal

If you are looking for a way to remove Core Sync you can try this:

  1. Click on the Start button in the bottom left corner of your Windows OS.
  2. Go to Control Panel -> Programs and Features -> Uninstall a Program.
  3. Search for Core Sync and any other unfamiliar programs.
  4. Uninstall Core Sync as well as other suspicious programs.

Note that this might not get rid of Core Sync completely. For more detailed removal instructions follow the guide below.

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide

Core Sync Virus

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Core Sync Virus


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

Core Sync Virus

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Core Sync Virus
Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result
Core Sync VirusClamAV
Core Sync VirusAVG AV
Core Sync VirusMaldet

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

Core Sync Virus

Hold together the Start Key and R. Type appwiz.cpl –> OK.

Core Sync Virus

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

Core Sync Virus

Core Sync Virus

Type msconfig in the search field and hit enter. A window will pop-up:

Core Sync Virus

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Core Sync Virus

If there are suspicious IPs below “Localhost” – write to us in the comments.

Core Sync Virus

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment