Microsoft.Photos.exe Virus


Microsoft.Photos.exe is a completely legitimate executable file belonging to a Windows application. Recently, however, there have been reports that this .exe has been flagged as a virus by well-known AV vendors.

Microsoft.Photos.exe Virus

Malware could disguise as Microsoft.Photos.exe and cause havoc on users’ PCs.

To be infected with a computer virus is an awful experience indeed. Most of the malware infections worldwide are caused by Trojan horses. That’s why we have assembled several articles to discuss various versions of Trojans. In this particular one we will be elaborating on the features and effects of Microsoft.Photos.exe. Hopefully our article and the Removal Guide attached to it will be exactly what you are looking for to successfully fight this unpleasant infection.

What is Microsoft.Photos.exe?

At first, the majority opinion was that this is a false-positive, but there are also reports that some windows apps were exploited through vulnerabilities through trojans. We can not tell you if this is the case, but we will proceed with the idea that you have been breached by a trojan. The correct path the .exe should run from, is C:\Program Files\WindowsApps\(…)\Microsoft.Photos.exe. If it is not running from there, or even if it is, but you have reason to suspect it is a trojan, we advise you to fully  complete the guide below, even if just for the sake of safety.

The Microsoft.Photos.exe Virus 

As an exemplary Trojan, Microsoft.Photos.exe possesses certain characteristic features common for all the existing versions of this type of malware. Among them are:

  • Its ability to self-install on the victim’s PC.
  • Its ability to infect all sorts of online content (please, take a look at the potential sources of this virus kind mentioned below).

    Possible ways of catching the Microsoft.Photos.exe Virus (or another similar virus)

    As the most multifunctional kind of malware, the Trojan group is also characterized by a great number of potential sources. The most likely ways to catch such a threat are listed below.

    • Via clicking on a malicious online ad: Not all the pop-ups and banners you come across while surfing the web are safe. Most of them are harmless. Nonetheless, the ones generated by suspicious websites are particularly shady, as they might redirect you to locations contaminated with malware and you may get a virus in the form of a drive-by download.
    • Via applying fake updates: You may sometimes see fake update requests displayed on your screen. As soon as you accept to apply them, you can automatically get infected with such a Trojan. The tricky part is that it is extremely difficult to tell the real update notification from the malicious one. That’s why we recommend that you always manually check for updates via the built-in feature of Windows to avoid any suspicious requests.
    • Via opening a malicious email (as well as any of its attachments): It is possible to catch Microsoft.Photos.exe by opening an infected email. We suggest that you open only the ones that come from senders you recognize. All others cannot be considered trustworthy. Also, do not forget that Trojans could come with infected images, documents, .exe files. To avoid an infection, you should also avoid all email attachments that you do not expect to receive. What is even more disturbing about that potential source is that the Trojan will most probably come accompanied with another virus, usually Ransomware. You may be aware of the fact that the infections caused by Ransomware are particularly hard to be removed and the files, encrypted by the virus, may be lost forever.
    • Via visiting a contagious website like a video or a torrent-distributing one: Any web pages that seem suspicious should be avoided, especially the illegal ones that distribute torrents, movies or software. They are very likely to be infected with malware.

    What might result from an infection with the Microsoft.Photos.exe Virus?

    There are a great number of possible negative effects such viruses may have on your PC and on you. The most disturbing ones are: stealing important data (such as bank account credentials); keeping track of you as an individual (such viruses might be used for taking control of all components of your system remotely and spying on you via your web camera or microphone); spreading viruses across the web (such malware might be helping a Ransomware version get around easily and sneak into your system); exploiting your PC resources (such malware is fully capable of hacking your PC and turning it into a bot so as to use all the resources it has); committing various crimes on your behalf (via hijacking your identity by using the data you enter on your PC to access accounts). Of course, the awful consequences of any infection caused by a Trojan are not limited to the ones above and there may be many more possibilities.

    What to do in case of contamination?

    In such a case, carefully read the instructions below and implement them even more cautiously. They are available in the Removal Guide just after the table at the end of this article.


    Name Microsoft.Photos.exe
    Type Trojan
    Danger Level  High (Trojans are often used as a backdoor for Ransomware)
    Symptoms Very difficult to be noticed, almost no symptoms.
    Distribution Method Distributed via online ads, spam letters, websites, shareware, videos, images, documents.
    Detection Tool

    Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
    More information about SpyHunter and steps to uninstall.

Microsoft.Photos.exe Virus Removal

If you are not sure what is going on, we advise you to read the “What is Microsoft.Photos.exe?” section near the top of this page.

Microsoft.Photos.exe Virus

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Microsoft.Photos.exe Virus

Hold together the Start Key and R. Type appwiz.cpl –> OK.

Microsoft.Photos.exe Virus

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

Microsoft.Photos.exe Virus

Type msconfig in the search field and hit enter. A window will pop-up:

Microsoft.Photos.exe Virus

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Microsoft.Photos.exe Virus

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Microsoft.Photos.exe Virus

If there are suspicious IPs below “Localhost” – write to us in the comments.

Microsoft.Photos.exe Virus

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


  • This step is very important, because you can catch other threats (like Ransomware and Spyware) while looking for the Adware process.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.

Microsoft.Photos.exe Virus

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Microsoft.Photos.exe Virus

If all the prior steps fail to help you or you have reason to believe your system is exposed to threats like Ransomware, we advise you to download a professional scanner and remover.

Remember to leave us a comment if you run into any trouble!

  • the fact that such a virus will normally remain hidden and will only show its true face as soon as it has achieved its goal, whatever it is (for more details, see the paragraph elaborating on the potential purposes of any Trojan). This malware family is particularly harmful, because its members are very well-hidden, and once inside your system they do not reveal themselves during the process of performing whatever they have been programmed to.


About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.


  • Hi I am not 100% sure but I think I have been infected with the trojan explained here. My firewall randomly asked if I would “cancel or allow” a connection from Microsoft-Photos.exe to the internet. I’ve never seen this exception asked of me before and so now I am somewhat paranoid about this.

    First of all, I am not able to access the folder in which the .exe is located. I can find it by enabling Hidden Files in my view finder but cannot open WindowsApps folder even as an administrator (I am the administrator). Are these telltale signs of an infection my machine? Are there any other surefire ways of identifying this infection? Very behind the scenes, I don’t like this at all…

    • According to what you’ve told us here, it is highly likely that you have the virus on your PC. It is possible that it stays dormant or doesn’t do anything overly malicious but you must still take precautions. Have a look at our guide and try completing the steps. After you are done, come back here, to the comment section, and told us what happened.

      • I have:
        1. cleaned the registry with CCleaner
        2. conducted a malware scan
        3. cleaned junk files (temporary files and folders)
        4. updated all PC drivers
        5. run system file checker (sfc)
        6. installed all pending windows updates

        Unfortunately I am still unable to access the folder, access is still denied. Is there anything specific you can think of that I should look for in Startup tab and/or Processes tab?

        • You say “access” the folder, but what about simply deleting it? Or you have tried that already and it still doesn’t work?

    • Simply go back to the Hosts file and delete those IPs from it. After that, save the changes to the file.

Leave a Comment