This page aims to help you remove the Win.Trojan.Pmabot Malware. Our removal instructions work for every version of Windows.


Win.Trojan.Pmabot is a Trojan Horse that can allow hackers to see everything on your monitor and track down your activity on the infected computer. Win.Trojan.Pmabot does that by providing the criminals with remote access to your screen.


Multiple antivirus programs detect the Win.Trojan.Pmabot Malware

Of all the online threats, perhaps the Trojan Horse viruses are the most common and the most notorious. And while everyone has probably heard of them in one way or another, not everyone is fully aware of what harm they can do. What’s more, many web users don’t really consider the possibility that their computer may ever get infected by such malware until they actually get their systems compromised. That’s why finding a Trojan Horse such as Win.Trojan.Pmabot on your machine can be quite shocking. Most victims don’t even know how long the infection has been there, what it has been doing the whole time, or the kind of harm that should be expected. That’s why, in this post, we are about to answer all of these questions and help the victims of Win.Trojan.Pmabot safely remove it. For that purpose, we’ve created a removal guide with detailed instructions and screenshots for every removal step and we’ve also a trusted removal tool for a professional system scan. If you are a victim of Win.Trojan.Pmabot, carefully follow the steps outlined in the guide, but not before reading the rest of this article.

We all know that the Trojans are very malicious online threats, but what does that really mean? Well, for starters, the representatives of this malware category are the most common type of malware you could encounter. Trojans cause nearly 70% of all malware infections, and this is not an accident – it just so happens that the Trojan-based viruses, such as Win.Trojan.Pmabot, have a big number of different malicious abilities that make them popular among hackers and cyber criminals in general. For example, they can be programmed to perform a wide range of different malicious tasks and thus help with the completion various cyber crimes. Moreover, the Trojans can sneak secretly in your system and wait for the hackers’ commands for days, weeks or months before they get activated.

Threats like Win.Trojan.Pmabot can be used to manipulate the system’s processes and exploit the vulnerabilities of the device. One of the most common uses of such infections is to serve as backdoors for other forms of malware such as Ransomware or Spyware. Theft is another possible use for infections of the Trojan Horse type. Win.Trojan.Pmabot, for instance, may steal different sensitive details from its victims and send them to the hackers’ servers. These details may involve financial information, passwords, login details, social media accounts, etc., which, once in the hands of the hackers, can be used for many cyber crimes.

So you can see clearly that an infection like Win.Trojan.Pmabot can be a real danger to your computer and to you personally. That’s why is best to not postpone the elimination of the hidden Trojan virus and immediately remove it with the help of the instructions below. After you successfully deal with the infection, it is of no less importance to fix any security issues and problems that Win.Trojan.Pmabot may have caused on your machine. These might be related to the absence of an antivirus program or the presence of one that is outdated. To fix that, make sure you download reliable security software and install all the needed updates and virus definitions. Also, to maintain a safe and secure system, be mindful of the type of content you interact with when online. We recommend avoiding sketchy websites, spam, and shady pop-ups, as these may be used as transmitters of malware.


Name Win.Trojan.Pmabot
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  Trojans are stealthy threats which don’t indicate their presence with particular symptoms and try to remain unnoticed for long.
Distribution Method Malicious email messages and their attachments, spam, malvertisements, cracked software, torrents, illegal websites.
Detection Tool

Remove Win.Trojan.Pmabot Malware

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


    Hold together the Start Key and R. Type appwiz.cpl –> OK.


    You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:



    Type msconfig in the search field and hit enter. A window will pop-up:


    Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

    • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:


    If there are suspicious IPs below “Localhost” – write to us in the comments.


    Type Regedit in the windows search field and press Enter.

    Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

    • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
      HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
      HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment