FormBook Malware


FormBook Malware is a new Trojan horse threat that usually gets disguised as a safe file and this way tricks people to get infected. The malicious transmitter can be downloaded from insecure web pages, torrent sites, free download links or received by email as an invoice or other similar documents.

FormBook Malware

The FormBook Malware

A fraudulent file usually contains the JavaScript code that downloads and activates the executable file of the FormBook Malware virus. The moment this dangerous computer threat gets inside the machine, it has the potential to initiate various malicious processes, hidden from your sight, and may silently infect your computer with other malicious software including worms, viruses, Trojans, spyware, ransomware or other similar computer parasites. If you suspect that your PC might have been infected with this malware, we urge you to scan your system with the professional malware removal tool, available below. In case you detect FormBook Malware, do not hesitate to use the instructions of the guide that we have provided and remove the Trojan immediately. Such threats should not be kept inside the system in any case, since its effects on the entire computer may be very destructive. More about that you can learn in the text that follows.

The FormBook Malware

The FormBook malware is a type of malware that nobody wants to have on their PC even for a minute. The FormBook malware is so tricky and so harmful, that it can be kept responsible for more than 70% of all the malicious infections that happen through the Internet.

After crashing into the victim’s computer, for instance, a Trojan may destroy the entire system. Yes, we really don’t overestimate it because a Trojan horse is capable of destroying important files, damaging Windows logs, stealing of personal information, and also installing more malicious software. According to the data at our disposal, the FormBook Malware virus could be used as a potential transmitter of various nasty viruses including the most famous Ransomware threats.

This malware may also be exploited by the hackers as a tool that can provide them with remote access and let them steal sensitive information from you such as your passwords, login credentials or bank account details. If you don’t want to become a victim of a crime of such type, you definitely should remove the infection the moment you detect it. But how can you know if your computer is infected with FormBook Malware? Here are some possible signs you should observe:

  • The computer starts to work extremely slowly;
  • Programs do not open or stop working shortly after they have been opened;
  • Complicated and aggressive pop-ups appear on the screen, even if the user does not surf the web; they usually report that your computer is highly infected and offer you to install a malicious malware program to “fix” all the problems;
  • Web browsers become unresponsive and unexpectedly start redirecting you to suspicious web pages.
  • Frequent system error messages and crashes start to appear

Unfortunately, it is very difficult to detect and remove FormBook Malware manually because it usually gets disguised as a safe system process or a file. In addition, this Trojan horse may disable the computer security programs and may pass through the Windows Firewall and most of the non-reputed antivirus programs. To catch and remove this threat, we recommend that you scan your computer with a reliable anti-malware program that can detect this virus. We suggest you use the professional removal tool for that. Alternatively, you can follow the instructions in the removal guide below and try to eliminate the infection manually. Just make sure you carefully detect the correct malicious files and delete them all.

How is FormBook Malware distributed and how to protect yourself?

Trojan horses, unlike other viruses, are famous for their creative distribution and infection techniques. Typically, the cybercriminals distribute them via email or social media messaging, peer-to-peer file sharing programs, or just through download links, placed on an insecure web page. Yet, the most popular and effective way to spread viruses like FormBook Malware is by directly sending the victims an infected email. The cybercriminals usually send misleading messages that prompt the user to open an attachment, typically masked as an official document, such as a court notice, invoice, resume or account. The email service providers usually try to filter out these messages as Junk/Spam, but some fraudulent emails may pass through spam filters successfully. That’s why, before opening an email, check that the sender is familiar to you. If it is not, do not open such letters and the attachments contained therein. Try to use your common sense to keep away from any potential malware transmitter because it is certainly better to avoid them than dealing with their devastating effects.


Name FormBook
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  Unusual system behaviour, sudden crashes, sluggishness, unresponsiveness.
Distribution Method  Email and social media messaging, peer-to-peer file sharing, infected links, fake ads, malicious email attachments. 
Detection Tool

Not Available

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

FormBook Malware Removal


FormBook Malware

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

FormBook Malware


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

FormBook Malware

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

FormBook Malware
Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result
FormBook MalwareClamAV
FormBook MalwareAVG AV
FormBook MalwareMaldet

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

FormBook Malware

Hold together the Start Key and R. Type appwiz.cpl –> OK.

FormBook Malware

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

FormBook Malware

FormBook Malware

Type msconfig in the search field and hit enter. A window will pop-up:

FormBook Malware

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

FormBook Malware

If there are suspicious IPs below “Localhost” – write to us in the comments.

FormBook Malware

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!



About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment