If your PC has recently started slowing down and this has coincided with the appearance of something called Trojan:PowerShell/Barys.AB!MTB, this means you have malware in your system and must delete it.
Other symptoms involve strange pop-ups showing up randomly or unfamiliar background processes running in your Task Manager. Anything else that seems off could also be linked to Trojan:PowerShell/Barys.AB!MTB.
In simple terms, Trojan:PowerShell/Barys.AB!MTB can be defined as a Trojan Horse, a type of malware that tries to look harmless and is often disguised as a regular program (or is integrated in a safe-looking program).
We tested that SpyHunter successfully removes Trojan:PowerShell/Barys.AB!MTB* and we recommend using it. It will block Trojan:PowerShell/Barys.AB!MTB from reinstalling itself and it will make sure your device is clean from any malware.
Try Free For 7 Days*
Buy now15% OFF if you buy straight without trial.
OFFEROnce a Trojan gets installed, similar to Trojan:Win32/Malgent!MTB and Trojan:Win32/Vigorf.A, it begins performing actions that benefit cybercriminals and put your system, files, digital assets, and privacy at risk. Depending on the situation, Trojan:PowerShell/Barys.AB!MTB may tamper with important settings, consume resources, download additional threats, collect sensitive information that could later be used in scams or identity theft, and many, many more.
Trojans are basically the Swiss Army Knife of malware and can be modified to carry out all kinds of harmful tasks. But now that you know what you are dealing with, removal should be easier. The guide below will help you, but for the fastest and safest removal, it’s best to use SpyHunter 5 – the professional removal tool you’ll find attached on this page.
Trojan:PowerShell/Barys.AB!MTB Removal Guide
This guide starts with a shorter cleanup routine that is worth trying first because it removes the most obvious components quickly. If that attempt does not fully solve the problem, continue with the more detailed Trojan:PowerShell/Barys.AB!MTB removal steps below, which check the places ordinary uninstall methods often miss.
Quick Steps to Remove Trojan:PowerShell/Barys.AB!MTB
- 1.1First, go to your downloads folder (This PC > Downloads), sort the items there by date, and see if any suspicious files have been downloaded recently. Found anything fishy? Delete it before continuing.
- 1.2Next, go to the Start Menu, navigate to Settings (the gear icon), and then to Apps.
- 1.3You’ll see all installed programs listed on that page – sort them by installation date and look for Trojan:PowerShell/Barys.AB!MTB or anything else that looks suspicious, unfamiliar, or unwanted.
- 1.4If you find Trojan:PowerShell/Barys.AB!MTB or another sketchy app, select it and start the uninstallation process. Be careful when following the uninstallation prompts so that you don’t let anything linked to the program remain on your PC.
-
1.5Afterward, look for the installation directory. You’ll often find it at
C:\UserNames\UserName\AppData\Local\Programs\, but it might also be elsewhere. - 1.6If you find the malware folder, remove it together with any leftover files that might still be in it.
Restart the computer and then check whether the suspicious app is still present. A reboot matters because some changes do not fully apply until Windows loads again. If the program remains, that does not mean the cleanup failed – it usually means the deeper checks below are still required.
SUMMARY:
| Name | Trojan:PowerShell/Barys.AB!MTB |
| Type | Trojan |
| Detection Tool |
Some threats reinstall themselves if you don’t delete their core files. We recommend downloading SpyHunter to remove harmful programs for you. This may save you hours and ensure you don’t harm your system by deleting the wrong files. |
How to Fully Get Rid of Trojan:PowerShell/Barys.AB!MTB
The full guide begins with two preparation tasks that make the remaining steps much easier: showing hidden files and folders, and installing a file-unlocker for anything Windows refuses to delete. Those checks matter because Trojan:PowerShell/Barys.AB!MTB may leave behind components that stay hidden or locked while the infection is active.
1. Preparing for the Trojan:PowerShell/Barys.AB!MTB Removal
- 1.1
The first preparatory step you must perform is to enable the visibility of hidden files and folders.
Do this by searching for Folder Options in the Start Menu and selecting the View tab. Then activate “Show hidden files and folders” and save the change by clicking Apply and then OK. - 1.2Next, you’ll need to download and install a free utility called LockHunter It’s crucial because it lets you delete files locked by malicious processes.
We understand that some users would rather avoid extra utilities, and in many situations that is completely reasonable. In this case, though, a file-unlocker can be genuinely useful because malware-related files are often kept in use by background processes and cannot be removed through normal deletion alone.
LockHunter fits that role well because it is quick to install, straightforward to use, and does not force registration before you can work with it. In most cases, you can get it ready in a couple of minutes and then return to the guide without interrupting the cleanup for long.
Remove Trojan:PowerShell/Barys.AB!MTB Processes From the Task Manager
At this stage, open Task Manager and look for suspicious processes connected to Trojan:PowerShell/Barys.AB!MTB. The name is not always the same from one infection to another, so do not rely on a single exact match. Use judgment and pay attention to unfamiliar entries, unusual resource usage, and file locations that do not fit normal software.
2. How to Delete Trojan:PowerShell/Barys.AB!MTB Processes in the Task Manager
-
2.1This is done through the Task Manager which you can open by pressing
Ctrl + Shift + Esc. - 2.2If it shows a simplified view, click More Details to expand it and see all running processes.
- 2.3
Sort the list of processes by how much Memory or CPU they are using. Then look out for any that are using unusually large amounts of either resource type and yet don’t seem related to any legitimate programs that you have on your PC.Note: Don’t expect to find a rogue process named “Trojan:PowerShell/Barys.AB!MTB“. Most forms of malware will hide their processes under innocent-looking names.
- 2.4For each dubious process, right-click it and select Open file location. This will lead you to a folder where the data used by this process is stored.
- 2.5You must delete that entire folder, but you’ll likely get an error when you attempt to do that because some of the files there are in use by the malware. The workaround is to use LockHunter: right-click the folder, select “What’s locking this folder?” from the context menu, and click Delete in the next window.
- 2.6After removing the files, go back to Task Manager, write down the name of the rogue process (you’ll need it later), then click it, and click the End Task button to quit it.
Delete Trojan:PowerShell/Barys.AB!MTB Virus Files
This part focuses on finding leftover files linked to Trojan:PowerShell/Barys.AB!MTB in several Windows directories. Malware rarely stores every component in one place, and helper files can be scattered across temporary folders, user profile paths, and startup-related locations. Work carefully through each listed directory so no hidden piece is left behind.
3. How to Get Rid of Trojan:PowerShell/Barys.AB!MTB Files
-
3.1Start by examining the Startup folders at:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupC:\Users\*Your Username*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup -
3.2Search them for suspicious files, but if you aren’t what files are rogue, just delete everything in those folders except for the
desktop.inifile, which is a standard system file. -
3.3Next, inspect the
Program FilesandProgram Files (x86)in yourC:drive. Some malware apps will create folders there, so look for anything that looks linked to Trojan:PowerShell/Barys.AB!MTB or that is otherwise unrecognized or out-of-place folders. Delete anything suspicious you may find. -
3.4Three other locations you must check are:
C:\Users\%user%\AppData\Local\C:\Users\%user%\AppData\Local\Programs\C:\Users\%user%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
Again, if you notice anything fishy in them, it must be deleted. And if there’s a folder you aren’t sure about, it’s probably best to get rid of it. At worst, it will be something harmless linked to a legitimate program in your system. However, if you didn’t recognize its name right away, chances are it’s something you either don’t need or something that’s outright unwanted (like Trojan:PowerShell/Barys.AB!MTB). -
3.5
Finally, remember to clear the Temp folder. It’s located atC:\Users\YourUsername\AppData\Local\Temp.
It stores only temporary files, which are all okay to delete. So, to save yourself some time spent looking for malware files, just Ctrl + A to select everything, and then press Delete from your keyboard to delete all of the folder’s contents.
Get Rid of Trojan:PowerShell/Barys.AB!MTB Scheduled Tasks
Task Scheduler is one of the most commonly missed persistence points, which is why this step matters. Trojan:PowerShell/Barys.AB!MTB may create a job that launches a file at sign-in or at regular intervals, allowing the infection to return after you think it has been removed. Checking scheduled tasks closes that gap.
4. Eliminate Trojan:PowerShell/Barys.AB!MTB Scheduled Tasks
- 4.1
Open the Task Scheduler by searching for it in the Start Menu search bar. Then, one by one, review the scheduled tasks in the Task Scheduler Library. -
4.2For each task, double-click it and open the Actions tab, where you can learn what it is that the task is set to perform. Look for tasks that run unfamiliar executables, scripts, or anything located in the
AppDataorRoamingdirectories. - 4.3If you come across a task that executes anything suspicious, write down its file path, then right-click the task, and select Delete.
- 4.4After that, go to the file path you saved and delete the file that the task was set to run.
Uninstall the Trojan:PowerShell/Barys.AB!MTB Malware App Through the Windows Registry
Registry cleanup is important because leftover entries can help Trojan:PowerShell/Barys.AB!MTB start again or keep traces of it active after the files are gone. At the same time, changing the registry carelessly can affect Windows or legitimate programs. If you are not comfortable working there, SpyHunter 5 is the safer alternative for this part.
5. Remove Trojan:PowerShell/Barys.AB!MTB Through the Registry
- 5.1Type “regedit” in the Start Menu and hit Enter to go to the Registry Editor.
- 5.2Then click Edit > Find to open the search box and then type the exact name of whatever program you tried to uninstall during the quick steps at the start of the guide.
- 5.3Click Find Next and if a result comes up, click the registry key (folder) in the left panel that contains it and delete that key. Perform another search after each deleted key until there are no more results for that search query.
- 5.4Next, search for the name of any other programs you attempted to delete. Also search for the names of processes you ended in the Task Manager earlier in the guide.
-
5.5After you’ve deleted all relevant entries, manually navigate to these registry keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceHKLM\Software\Microsoft\Windows\CurrentVersion\RunHKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceHKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnceHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\SetupHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services - 5.6Select each of these keys to reveal their contents in the right panel. Then look for values referencing Trojan:PowerShell/Barys.AB!MTB or any unknown applications. Delete only the specific values linked to the malware and leave the keys that contain them intact.
