MosaicLoader Malware


MosaicLoader can perform a stunningly wide range of malicious actions. MosaicLoader is commonly used to steal information from the machines in which it resides and secretly transfer this info to the servers of their creators.


One of the MosaicLoader malware key characteristics is stealth

MosaicLoader can also collect details about your online banking information, your credit card numbers, etc. The virus can even record everything you type with your keyboard and then send it back to the hackers. 

Despite being some of the most common online threats, most people still don’t know much about Trojan horse viruses. However, this malware group is responsible for nearly 70% of all malicious infections that occur online. One of the newest Trojans versions, which goes under the name of MosaicLoader, for instance, has already succeeded in infecting quite a lot of computers. Yours is likely one of those computers seeing as you are on this page. The good news is, you are quite fortunate to have found this Trojan because one of its key characteristics is stealth. In most cases, Trojans that successfully make into the system of their victims remain there for months and even years without being detected. So, knowing that you have a Trojan named MosaicLoader or Presenoker in your system is the first step towards dealing with it. In the removal guide below you will find the exact steps you need to follow to remove it, so stay with us and repeat the steps.

A Trojan’s flexibility makes it unpredictable

Taking advantage of the capabilities of your machine is another dreadful use of this type of malware. For example, this can be done for mining cryptocurrencies or for spreading malware such as Ransomware, Spyware, or spam messages to your network. In that case, without your knowledge, you may get involved in the distribution of various computer infections or other illegal actions. Spying is another unpleasant ability of some Trojans – with the help of the Trojan, the hackers can hack into your webcam, or mic and monitor your actions, and your surroundings.

With all these possible criminal activities in mind, we wouldn’t be able to tell you precisely what the mission of MosaicLoader might be on your computer. But no matter what it is, you can be sure it’s nothing good and you should immediately remove the infection before you find out what it is capable of. 

Once you eliminate the threat (you can use the removal guide below for that) from your device, it is vital that you provide your machine with adequate antimalware protection. For that, we suggest you invest in reliable security software and use it to scan your entire computer. If you don’t have one, the professional tool on this page may offer you reliable protection from such threats and you can give a try to its scanner.

Also, don’t forget to search for any OS updates or security patches that need to be applied manually because an outdated system or software is an open gate to all sorts of external threats.


Name MosaicLoader
Type Trojan
Detection Tool

anti-malware offerOFFER *Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

Remove MosaicLoader Malware

To remove MosaicLoader security experts suggest that you start with uninstalling any malicious and potentially unwanted programs from your computer.

  • This can be done if you go to the Start menu, select Control Panel and then click on Programs and Features.
  • Next, search the list for programs that look bogus, haven’t been installed by you, or could potentially be linked to MosaicLoader.
  • Remove those programs by clicking on them and then clicking on the Uninstall button at the top.
  • Then, follow the uninstallation process till the end and make sure that you remove any other components related to the program that you are uninstalling. If you see a like the one below when you click Uninstall, select NO:


  • If you are not sure whether a given program is dangerous, it is a good idea to check it online and find as much information as you could about it in reliable security sites. This will hopefully help you decide what to do and distinguish the Trojan from the legitimate programs in the list.

Please note that uninstalling all dangerous programs from the computer is a necessary step for a clean system but might not be enough to remove MosaicLoader completely. Traces of the Trojan could be found in several system locations, that’s why our suggestion is to follow the detailed removal guide below and delete any entries that you find.


A system restart may be required during some of the steps below. That’s why if you want to complete all the steps from this guide without interruption, we recommend that you bookmark this page in your browser so you can find it quickly after a system reboot.



In this step, you will need to search for malicious processes related to MosaicLoader that are running in the background of your system and stop them.

The easiest way to view all processes that are currently running is by opening the Task manager (CTRL + SHIFT + ESC key combination) and clicking on the Processes Tab.

Under Image Name, you should see a list of processes related to your currently active programs. Keep in mind that MosaicLoader may use a fake name of a legitimate program to hide its malicious process in the list. For this reason, pay close attention to each process and if you detect anything suspicious (such as twisted letters and missing characters in the name, higher than usual RAM and CPU usage, etc.) try to find more information about the process in question online.

Another quick way to check a suspicious-looking process is to right-click on it and Open the File Location where its files are stored.


Then use a reliable scanner to check these files for malware.

For your convenience, below we have included a malware scanner that checks your files with up to 64 antivirus programs for maximum accuracy. Just drag and drop whatever files are stored in the file location in there and run a file-check.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If danger is detected in any of the scanned files, then you should stop the process they are related to (right-click on it in the Processes Tab and select End Process) and delete the files along with their folders. 


    If you aren’t sure that you have removed all malicious MosaicLoader-related processes in step 2, it is a good idea to Reboot your computer in Safe Mode with the help of the instructions from the link.

    Safe Mode will block any non-essential and dangerous processes from running in the background, so you can complete the guide without disturbance from the Trojan.


    With the computer booted in Safe Mode, click the Start button and type msconfig in the search field. Select the msconfig icon and this will open a System Configuration window.


    MosaicLoader might have added some malicious entries in Startup that’s why your job is to click the Startup tab and check the list of items for entries that look questionable, have “Unknown” Manufacturer or odd names and remove their checkmark if you believe they are part of the Trojan. After you are done with this, make sure that you click the OK button to save your changes.

    Another place where MosaicLoader might have made some unauthorized changes is the Hosts file on your computer.

    To check if any modifications have been made there, press the Windows Key and R together and copy/paste the following in the Run window that opens:

    notepad %windir%/system32/Drivers/etc/hosts

    Next, press Enter and scroll the text in the Hosts file until you find localhost.

    hosts_opt (1)

    If any strange-looking IPs below “Localhost“grab your attention, drop us a comment with a copy of those IP addresses. We will check if they represent any danger and will let you know what actions you need to take about them.


    The Registry is the next location where MosaicLoader might have made alternations without your knowledge. To search for Trojan-related entries in there, first open the Registry Editor by typing Regedit in the windows search field.

    Next, select the regedit.exe icon and once the Registry Editor window opens, use the CTRL and F key combination to open a Find box.

    In the Find box, type the Trojan’s Name and click the Find Next button. A search in the Registry will be performed for entries matching the Trojan’s name. Make sure you delete any results with that name by right-clicking on them and perform a new search.

    When no more results are detected with the Find function, use the left panel to manually navigate to the three directories listed below:

    • HKEY_CURRENT_USER—-Software—–Random Directory.
    • HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    • HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

    Carefully search each of them for sub-folders that look suspicious and have strange characters in their name. Delete those folders if you are sure they are part of the Trojan.

    Attention! Please DO NOT delete Registry entries if you are not completely sure they are related to the threat and the threat only. Any wrong deletions and changes in the Registry may do more harm than good and have a serious impact on your system’s performance and stability. To avoid involuntary system corruption, it is advisable to use a professional removal tool like the anti-virus program we recommend here or another trusted anti-malware program of your choice.

    About the author


    Violet George

    Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1