EVILNUM is a dangerous piece of PC malware that can take over the attacked computer and force it to run harmful processes. EVILNUM has been categorized as a Trojan horse and it’s typically distributed under the guise of a spam email attachment or pirated program.


The EVILNUM malware takes screenshots of the user’s desktop and active windows.

Virus programs like EVILNUM can be found all over the Internet as they belong to the most widespread malware category at the moment. One of the key factors that contribute to the huge popularity of the Trojan horse malware type stems from their versatile nature, there are a lot of different kinds of harm a virus like this could cause and also there’s pretty much no operating system that is immune to these threats. Even Mac computers and iPhone devices aren’t fully secure against Trojans. In fact, the number of Trojan horses that can attack Apple products has drastically increased throughout the past two or three years. This only goes to show how threatening and problematic the representatives of this malicious software category are.

The EVILNUM malware 

In the current post, our main goal is to help those of you who have the EVILNUM malware on their PCs. If you aren’t sure whether the the EVILNUM malware is in your computer’s system, here are some of the potential symptoms that one could expect from such a virus attack:

  • Blue Screen of Death (BSOD) crashes.
  • Program freezes and errors that don’t normally occur.
  • Increased usage of system resources (RAM, CPU, GPU, HDD space) without the running of any resource-intensive programs.
  • Suspicious-looking processes in the Task Manager’s Processes tab that aren’t coming from the OS and use a lot of CPU and RAM.
  • Corrupted files and programs.
  • Changes in the settings of some of your programs (especially the browser) that you haven’t permitted or made yourself.
  • Obscene and obnoxious adverts and banners in the browser, especially ones that promote/redirect to adult or gambling sites.
  • Changes in some of the system’s settings.
  • Any other irregularity or disturbance you may notice could also be a potential Trojan horse red flag.

One important thing we need to mention here, however, is that most (if not all) of the symptoms we listed above could have many different causes. A potential Trojan horse attack is only one of the possible reasons for those symptoms. Still, if you notice one or multiple of them, it’s essential that you rule out the possibility of a Trojan horse attack by checking your computer with the help of a reliable antivirus or antimalware tool (one such tool that we recommend can be found in the removal guide below). If you do indeed detect a Trojan or are still worried that such a threat may be present in your computer even after you’ve scanned it, be sure to complete the removal guide for EVILNUM we’ve prepared for you.

Since Trojans mostly spread via different forms of disguise, it is essential that you never download anything offered to you on suspicious sites, spam emails, or questionable online ads. Only download content that you are sure you can trust and only do it from reliable download sources in order to stay safe.


Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  A Trojan could potentially cause Blue Screen crashes, system and/or data corruption, unwanted changes in the system or browser settings without your permission, software errors, and other similar kinds of disturbances.
Distribution Method Hackers who create Trojan horses oftentimes upload them to insecure file-sharing/torrent sites where the Trojan is disguised as a popular program or game that has been pirated. Spam messages and fake ads are also common distribution methods.
Detection Tool

Not Available

Remove EVILNUM Malware

If you are looking for a way to remove EVILNUM you can try this:

  1. Click on the Start button in the bottom left corner of your Windows OS.
  2. Go to Control Panel -> Programs and Features -> Uninstall a Program.
  3. Search for EVILNUM and any other unfamiliar programs.
  4. Uninstall EVILNUM as well as other suspicious programs.

Note that this might not get rid of EVILNUM completely. For more detailed removal instructions follow the guide below.

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result
EVILNUM MalwareMaldet

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:



Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:


If there are suspicious IPs below “Localhost” – write to us in the comments.


Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


About the author


Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Leave a Comment