Phonzy Trojan


If you suspect that a malicious program named Phonzy has found its way into your system, and is presently residing in it, you should definitely take the necessary precautions, and check your computer for any hidden threats. Phonzy is a representative of the infamous malware family known as Trojan Horses.


The Phonzy trojan have a very wide freedom of operation

If a Trojan Horse is in your system, the issues that it may cause are highly varied, and the effects of such an attack may be unpredictable, especially with such a new Trojan Horse as Phonzy. Our advice for you is to read the rest of the article from this page, and then try to complete the steps presented in the guide below. And if anything gets found in your system that the completion of the manual instructions isn’t enough to remove, you can also use the tested and reliable anti-malware tool we have linked down below.

The Phonzy Trojan

One important thing you need to understand about the Phonzy trojan is that once they get activated in the targeted machine, they usually have a very wide freedom of operation, which allows them to carry out all sorts of insidious tasks. The way the Phonzy trojan gains such freedom is by tricking the user into providing it with an Admin permission to introduce changes into the system.

In order to trick the user into providing an Admin permission, the Trojan disguises its carrier file as something people would be willing to open in their computers. An example of that is the installer of some piece of software – a useful program, or a popular game, for instance. Once the fake installer is opened, the OS asks the user if they are sure they want to allow the program to make changes in the system. If the user selects “Yes”, the hidden Trojan gains all the freedom it needs in order to complete its harmful activities. Such harmful activities may include espionage, theft of sensitive info, Ransomware distribution, starting new processes in the computer that force the machine to do certain things (conduct DDoS attacks, mine BitCoins, spread spam messages, etc.), and many, many more. Basically, Trojan Horses are the Swiss-Army knife of malware, and can be used in many different criminal schemes, which is also the reason why they are so widespread.

Dealing with the Trojan in a safe way

As we already pointed out in the start of this post, if you have Phonzy or Wup.exe inside your machine, it is advisable that you try out the guide from below. The steps provided there should help you with the quick and safe elimination of this nefarious threat, and if you use the recommended security tool, you will also get protection against future encounters with Trojan Horses, and other malware. Just remember that the best protection your computer could get is the one you give it with your caution and alertness when browsing the Internet. If you stay away from obscure and sketchy sites, and if you do not click on spam message attachments, or questionable web ads, the chances of landing another Trojan would be rather low.


Name Phonzy
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  The symptoms of a Trojan infection may include system crashes, sudden errors, slow-downs, and more similar irregularities.
Distribution Method Pirated content is the most typical distribution method for Trojans.
Detection Tool

Remove Phonzy trojan

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


    Hold together the Start Key and R. Type appwiz.cpl –> OK.


    You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:



    Type msconfig in the search field and hit enter. A window will pop-up:


    Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

    • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    hosts_opt (1)

    If there are suspicious IPs below “Localhost” – write to us in the comments.


    Type Regedit in the windows search field and press Enter.

    Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

    • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
      HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
      HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1