Today I came across a number of reports about a newly-released piece of malware called Alrustiq. After looking into it, it turns out this is a Trojan Horse cryptominer – a malware program similar to Altrousik and Altruistics, which I’ve already covered on HowToRemove.
What Alrustiq does in infected system is it uses up large portions of their CPU and RAM for cryptocurrency generation. Needless to say, any generated currency falls straight into the hands of whoever is behind this malware. At the same time, you are barely able to use your PC due to serious slow-downs of its productivity caused by the resource hogging.
Most people seem to have gotten this virus from pirated/unofficial software or open-source mods for various popular games like Minecraft or Roblox.
OFFERIn case you, too, have the Alrustiq App malware in your system, I strongly recommend following the steps below to remove it or, in case you want a quicker and more straightforward option, using the SpyHunter 5 removal tool available on this page.
Alrustiq App Removal Tutorial
To ensure that Alrustiq is fully removed from your system, you’ll need to get rid of all its components – files, processes, tasks, registry entries, etc. Do not skip any of the following steps or the malware might not get removed, or if it gets removed, it might automatically reinstall itself.
Here’s a quick rundown of the steps you’ll need to follow:
- Install LockHunter to help identify and delete any files that Alrustiq is actively using to prevent manual removal.
- Enable visibility for hidden files and folders by opening the Start Menu, typing Folder Options, and selecting the option to show hidden files under the View tab.
- Check the Task Manager for suspicious processes by pressing Ctrl + Shift + Esc, right-clicking any unknown processes, and selecting Open File Location to find their source files before ending the tasks.
- Delete leftover files in key locations such as
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupandC:\Users\YourUsername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. - Clear the Task Scheduler to ensure no scheduled tasks are keeping Alrustiq active or reinstalling its files.
- Clean the System Registry by searching for remnants of Alrustiq’s entries and carefully deleting them to prevent persistence.
But before starting, take an extra precaution: open the Start Menu, go to Settings > Apps, and sort programs by installation date. Look for unfamiliar or suspicious recent installs and remove them immediately.
Each step is explained in detail below, so don’t worry if it feels overwhelming. Follow the guide carefully, and you’ll successfully remove Alrustiq from your system. Take your time—step by step, you’ve got this.
SUMMARY:
I understand that some of the steps shown next might be a bit confusing to users who lack previous troubleshooting experience. Also, it’s worth noting that the completion of the entire guide can take upward of an hour.
If you think the manual solution is too confusing or too lengthy for you, you can also opt for deleting the Alrustiq malware with the help of Spy Hunter 5 – a powerful anti-malware solution linked on this page that will both clear your PC and keep it against further threats.
How to Remove the Alrustiq Virus
To be able to eliminate Alrustiq fully, you’ll need to be able to see and delete all its files. To ensure this, there are two preparatory actions you must perform:
First, to uncover any hidden malware files, open Folder Options via the Start menu, switch to the View tab, and enable Show hidden files and folders.
Some of the malware files may resist deletion – they may show a “File used by another process” error. To get around this, I recommend installing the free LockHunter tool. LockHunter is a lifesaver for stubborn files—it unlocks them, making it possible to delete what your system otherwise won’t allow.
Video walkthrough for this step:
Get Rid of Alrustiq App Background Processes
The actual removal process should begin with ending the Alrustiq App process and any other rogue processes in your Task Manager and also deleting their file location folders. Here’s how to do this:
Open Task Manager by pressing Ctrl + Shift + Esc. Expand the view to see detailed information about your running processes. Sort them by CPU or Memory usage to identify anything consuming an unusual amount of resources.
You might see the Alrustiq App process listed in the Task Manager, but it’s also possible that it goes under a different name. Malware often hides behind generic names, but if you see something that doesn’t seem right, right-click and select Open File Location.
This will take you to the folder where the process originates. If the folder connects to Alrustiq, delete it. If the process refuses to terminate, use LockHunter to unlock: right-click the blocked item > What’s locking this file/folder? > Delete it. After that, promptly return to the Task Manager window and end the rogue process.
Repeat this for all suspicious processes in your Task Manager.
How to Delete Persistent Files with Lock Hunter
Video walkthrough for this step:
Delete Alrustiq App Virus Files
You may have deleted the folders linked to the Alrustiq App processes, but there are likely more rogue files left in your system that you need to hunt down. The first locations that you should check for malware remnants are:
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
- C:\Users\YourUsername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Delete all files except for desktop.ini, which is harmless. Then, head to your Temp folder (found at C:\Users\YourUsername\AppData\Local\Temp) and clear out everything. Once done, empty your Recycle Bin to ensure nothing tied to Alrustiq lingers.
Then also check these two folders for suspicious items and delete anything you find:
- C:\Users\YourUsername\AppData\Local\Programs
- C:\Users\YourUsername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Lastly, go go to check the Program Files and Program Files (x86) folders in your C: drive for unfamiliar and recently created folders and delete those if you think they might be linked to Alrustiq.
Get Rid of Alrustiq Scheduled Tasks
Malware like Alrustiq often creates scheduled tasks that allow it to be launched automatically or even reinstall itself after getting deleted. It’s, therefore, crucial that you check for such tasks and delete them before moving on.
Type Task Scheduler in the Start Menu, open it and review all the entries under the Task Scheduler Library.
Pay particular attention to the Actions tab within each task. If you find a task that references a suspicious file or script, delete it and then manually remove the associated file.
Video walkthrough for this step:
Uninstall the Alrustiq Malware Through the System Registry
This step requires a lot of personal judgment – you will need to look for Alrustiq items in the System Registry, which can often be confusing and time-consuming. In case you aren’t comfortable tampering with the system’s registry, you can always let SpyHunter 5 take care of things. If not, here’s how to perform a registry cleanup:
Malware often hides its final traces in the Windows Registry. To root out Alrustiq completely, open Registry Editor by pressing Win + R, typing regedit, and hitting Enter. Use Ctrl + F to search for any entries tied to Alrustiq and delete them carefully.
Manually check these keys for anything unusual:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceHKLM\Software\Microsoft\Windows\CurrentVersion\RunHKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceHKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnceHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\SetupHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services
In each of these registry locations, check their contents shown in the right panel and delete anything there that seems linked to Alrustiq. However, remember that the keys themselves (left panel) must stay intact.
Video walkthrough for this step:
When Manual Removal Isn’t Enough
If Alrustiq continues to persist despite your efforts, don’t hesitate to use a reputable anti-malware tool like SpyHunter 5. These programs are specifically designed to scan for and remove threats, making them invaluable in tackling particularly stubborn malware. Think of it as calling in reinforcements when the battle gets tough.
Preventing Future Infections
With the Alrustiq app finally gone, it’s time to strengthen your defenses. Start by keeping your operating system and software updated—updates often patch vulnerabilities that malware exploits. Be cautious about downloading files or clicking on links from unknown sources. If something feels off, trust your instincts and avoid it.
Additionally, invest in a reliable antivirus program with real-time protection to serve as your first line of defense. And don’t forget to back up your data regularly. Whether you use cloud storage or an external drive, having backups ensures you’re prepared for any future mishaps.
Wrapping Up
By following these steps, you’ve not only removed Alrustiq from your system but also equipped yourself with the knowledge to prevent similar threats. Stay vigilant, practice safe browsing habits, and enjoy a more secure, efficient computer experience.
Leave a Comment