TrickBot Malware Removal (August 2019 Update)

This page aims to help you remove TrickBot Malware. These TrickBot Malware removal instructions work for every version of Windows.

Recently, we received many questions about a particular threat called TrickBot. In case that you also are wondering what it is and what it can do, we should start by saying that this is one of the nastiest online threats – it’s a Trojan horse. Generally, Trojan infections make a good percentage of the malware infections worldwide and you really have all the reasons to be worried about having one on your machine. Luckily, there is no need to panic, because in this guide we will share with you all the possible ways you can effectively remove this threat and clean your computer. Just stay with us until the end to find out more.

TrickBot – a reason to be worried

Trojan horses have a fearful reputation. It is not a secret that this type of threats lurks all over the Internet and what is even more nasty about them is that they know how to hide well. With this in mind, infections like TrickBot may be caught from practically anything: a file, a link, a seemingly legitimate email message, spam, attachments or even a picture. The victims may not even notice when they have gotten the nasty Trojan on their computer, as usually a single click is enough for the infection to take place. Once through, the Trojan tries its best to remain unnoticed and without proper antivirus protection, it may take months or even years for the malware to be detected. And what could it do on your computer during all this time? Well, it is all up to the fantasy of the hackers behind it. As a typical Trojan horse, TrickBot is capable of a wide variety of malicious activities. To gain a better idea of the threat you are dealing with, here we have listed just some of the most usual malicious deeds that this Trojan may do:

Very often, the presence of TrickBot on your machine may be revealed by sudden system crashes or disturbing activity on your monitor, while you aren’t even doing anything. It’s not a ghost who’s moving the mouse cursor on your laptop, but it may be a hacker, who is simply having fun with your machine. Deleting content from your hard drives or mysteriously moving folders and files in different locations may also be part of the “fun” and it may be a sign of unauthorized access to your computer. TrickBot may also spy on you and silently collect all your online and offline activity, including the passwords you type, your login credentials, credit and debit card details, online banking access and much more. It is disturbing enough to know that such information may easily land in the hands of unscrupulous hackers and cyber criminals

Threats like this one are a favorite tool that helps cyber criminals transmit other malware and infect users with various nasty viruses, such as Ransomware. Actually, the Trojan-Ransomware combo is one of the most malicious malware combinations that not only compromises your privacy and invades your machine, but it also blackmails you for money. The role of TrickBot may be to find some weak points inside your system and let the Ransomware cryptovirus silently sneak inside it and encrypt your most valuable data. That’s why removing the infection as soon as possible is the best you could do to eliminate the possibility of even worse malware infections. The Trojan may also be after your system resources. The creators of TrickBot may use it to turn your computer into a bot and use its RAM and CPU for their malicious deeds, such as transmitting malware and distributing all sorts of harmful viruses online. By gaining access to it, the hackers may use your machine as a spam-distributing center or involve it in some cybercrime and illegal activities, which will later lead back to your computer and, respectively, to you as its owner. And while you surely don’t want to be involved in cybercrime without even knowing it, the best you could do is to remove TrickBot from your computer.

How to clean your system from the infection

Successfully cleaning your computer from such a great cyber threat like this one really requires all your attention. We should warn you that dealing with this Trojan may not really be easy and you may not be able to eliminate it from the first time, because this threat is really cunning and knows how to hide well. Usually, it places its malicious files deep inside your system. In this guide, however, we are going to show you exactly how to detect it and manually delete it from your computer. 


Name TrickBot
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  Sometimes, strange activity on the screen or high CPU usage may reveal the Trojan
Distribution Method  This threat is mostly distributed through spam emails, links, ads, seemingly harmless looking messages, pop-ups, torrents or apps.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

TrickBot Malware Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:


Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.



Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


  • This step is very important, because you can catch other threats (like Ransomware and Spyware) while looking for the Adware process.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.


Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random


If all the prior steps fail to help you or you have reason to believe your system is exposed to threats like Ransomware, we advise you to download a professional scanner and remover.

Remember to leave us a comment if you run into any trouble!

Leave a Comment