Once installed, this virus saves a Malay language MS Word document on your computer in which there is a list of candidates in the presidential elections provided. This dangerous Trojan infection is developed with the most advanced level techniques due to which you cannot detect or remove this virus even with the help of the most trustable antivirus program. Once entered in the system, the FinSpy start tracking your online activities, and access your confidential data. All this information then transferred to the hackers or developers of this virus who use it in the frauds and cyber crimes.
The Manual Removal of FinSpy
The manual removal process of the FinSpy is available but only recommended for the computer professionals, and people who are experienced in removing such types of complicated viruses due to its complexity. However, there are some reliable automatic removal tools available for the novice and basic level computer users. Following are the steps involved in the manual removal process:-
Start the System in Safe Mode
You can get rid of this virus only when you operate the system in the safe mode instead of normal or any other mode. Restart the computer, and press the F8 key repeatedly while the machine restarts to get the access of the boot options. Once you are able to see the list of boot options, choose the safe mode and press the Enter button to restart your computer in the safe mode.
Kill the Associated Processes
After starting your computer in the safe mode, you have to remove the associated processes of this Trojan infection. Open the windows task manager by holding the Ctrl+Alt+Delete keys together and select the Processes tab to see the list of running processes in the background of your computer. You have to remove the following suspicious processes:-
- %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
Delete the Associated Files
After removing the corrupt processes, you have to remove the associated data. In this regard, following are the files that you need to delete from the system files folder:-
- %Desktopdir%\Trojan /FinSpy.lnk
- %Programs%\Trojan /FinSpy \Trojan /FinSpy.lnk
Reverse the Modification in the Windows Registry
Complete the manual removal process by cleaning the windows registry. In this regard, click on the start menu, select Run, and type regedit to access the registry editor. Once the registry editor accessed, you have to delete the following corrupt entries of this Trojan infection, and close the registry editor:-
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Trojan /FinSpy\DisplayIcon %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe,0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Trojan /FinSpy
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Trojan /FinSpy \UninstallString “%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe” -u
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Trojan /FinSpy \ShortcutPath “%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” -u
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Trojan /FinSpy \DisplayName Trojan /FinSpy
Restart your machine in the normal mode, and run a complete system scan to remove any infections caused by this Trojan virus.