Remove 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA [email protected] Virus

How irritating is this problem? (6 votes, average: 4.33)

This page aims to help you remove the 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA virus. 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA is the bitcoin wallet used to run a trojan scam that displays the following message to users:

To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at [email protected] with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we dont receive your payment in the next 10 Days, we will make your code public or use them otherwise.

If the users do not send the requested amount to [email protected] however, they become a target later on due to the hack which allowed the crook their personal data in the first place.

There are many ways to get scammed on the Internet and one of the most common ones is by trusting random spam and phishing e-mails that get sent to your e-mail address. There could be all sorts of lies written in such letters, all aimed at tricking you in one way or another. For instance, you may get told that your debit or credit card has been blocked and you now have to provide its number and expiration date to have it unblocked. Or, you may get told that you’ve won some kind of prize and now must provide your online banking details in order to receive the said prize. In the current article, we will tell you about one other recently detected spam e-mail scam where the users are threatened that a hidden Trojan in their computer would do something bad unless a BitCoin ransom is paid to the cryptocurrency wallet of the blackmailer. This is actually a rather common occurrence where users receive such letters and if you are currently one of those users, you must know what the best course of action is.

Regarding the ransom and the potential threat on your computer

The first thing to remember about such scam schemes is that paying the money that has been requested is usually one of the worst things that you can do. This is because, even if there is a virus or a Trojan in your computer, there is no guarantee that the malware would go away if you pay. Another thing to mention is the fact that there would usually be no actual infection in the computer. The scammers normally try to scare their victims through bluffs and false statements. They may tell you that an advanced malware infection (such as the recently released 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA) has entered your system and may damage it or carry out some other nasty task such as gather sensitive info from your computer and send it to the people from your contacts list. However, unless there are some actual indications that there may be malware in your machine, there is no reason to trust the blackmailer’s statements made in the threatening message, nor is there a reason to pay anything.

But what if 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA or another virus is indeed in the computer?

Since the Trojan Horse infections like 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA are very sneaky threats and are difficult to notice, even if you do not see any particular infection symptoms, this doesn’t necessarily mean that your machine is safe. This is why some precaution measures need to be taken in order to make sure your system isn’t threatened. Again, paying the ransom isn’t a good option. Instead, what you should do is try the suggested removal steps you will see below. You can also use the tool for removing malware that has been linked in the guide for additional help with detecting and eliminating any potential hazards like 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA. Just bear in mind that there really is no need or sense in trusting the people who are harassing you in such ways, even if 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA or another virus is present in your machine, there are much better ways to deal with it than paying money to the anonymous crooks behind this blackmailing scheme.


Name 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms A Trojan may make your computer work very slowly and crash to BSOD as well as get frequent errors or become unresponsive.
Distribution Method  Sites with pirated or adult content are oftentimes used as platforms of malware distribution.
Detection Tool

Remove 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:



Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Leave a Comment