As far as malicious threats go, Trojan.Script.Base64 is among the most dangerous. Trojan.Script.Base64 belongs to the malicious code category of Trojan horse viruses and is a high-risk threat to your system.


Multiple antivirus programs detect Trojan.Script.Base64 on VirusTotal

If you have recently discovered that this particular piece of malicious software has landed in your OS, your top priority should be its prompt and thorough removal. Trojan.Script.Base64 is among the latest Trojan horse variants to be discovered by security researchers. And that makes it especially dangerous, as we don’t yet have enough information as to what its exact purpose is.

This only adds to the arsenal of other advantages that Trojans possess in general. Namely, these threats are particularly well-known for their stealth. They can sneak into their victim’s system and hide deep within it, often successfully avoiding detection for lengthy periods of time. Furthermore, they have a tendency to mimic system files and processes, making it even more difficult for users to detect them.

And one of the main distinctive features of Trojans like Trojan.Script.Base64 is their versatility. Viruses in this category have a wide range of malicious capabilities, which is one of the things that makes them so invaluable to hackers around the world – for decades now. And that is precisely what we had in mind when we said there’s not enough information about Trojan.Script.Base64 yet. There are too many possible usages that this virus may have and we haven’t yet pinpointed the exact one.

You can be sure that it’s something nasty, though. Trojans like Trojan.Script.Base64, Wup.exe, Presenoker can be used to insert other malicious threats into the infected machines, this is known as being used as a backdoor. And most commonly they act as backdoors for ransomware – another very popular and, unfortunately, no less harmful type of malicious code.

Other possibilities include stealing data from your computer using a variety of tactics. And that, in turn, could be used to hijack your social media accounts, hack into your emails, wipe your bank account clean or even steal your identity.

Furthermore, Trojan horse viruses are also notorious spies. They can give the hackers behind them access to your computer without you even realizing it. And things can get gruesome if the cybercriminals are seeking to watch you via your webcam in order to later blackmail you, for example.

Another usage that is gaining more and more momentum with cybercriminals is cryptocurrency mining. So a variant like Trojan.Script.Base64 may be set to mine cryptocurrencies for the hackers on your machine without you realizing it.

This is why it is highly important that you remove Trojan.Script.Base64 as soon as possible and not wait long enough for it to inflict any more damage than it already may have. Below is a detailed removal guide that will show you the exact steps you need to take in order to manually locate and eliminate this threat. But bear in mind that the steps must be followed exactly as described to avoid potentially deleting an important system file and damaging your OS. For those of you who’d rather play it safe, there’s also professional removal software linked in the below guide.



Name Trojan.Script.Base64
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  Trojan horse viruses rarely if ever reveal any sign of their presence in the system. 
Distribution Method  There are numerous transmitters for this type of malware but the most common are spam messages and malvertisements. 
Detection Tool

Remove Trojan.Script.Base64

If you are looking for a way to remove Trojan.Script.Base64 you can try this:

  1. Click on the Start button in the bottom left corner of your Windows OS.
  2. Go to Control Panel -> Programs and Features -> Uninstall a Program.
  3. Search for Trojan.Script.Base64 and any other unfamiliar programs.
  4. Uninstall Trojan.Script.Base64 as well as other suspicious programs.

Note that this might not get rid of Trojan.Script.Base64 completely. For more detailed removal instructions follow the guide below.

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


    Hold together the Start Key and R. Type appwiz.cpl –> OK.


    You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:



    Type msconfig in the search field and hit enter. A window will pop-up:


    Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

    • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:


    If there are suspicious IPs below “Localhost” – write to us in the comments.


    Type Regedit in the windows search field and press Enter.

    Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

    • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
      HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
      HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Violet George

    Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

    Leave a Comment