Medfos is a Trojan that automatically redirects your internet browser, whether it is internet explorer or Mozilla Firefox, to some pay-per-click websites. Such websites are googleppcfeed.com, marketingppcfeed.com, payviaclick.com and many more. When your computer gets infection, you will receive dozens of pop-ups, warnings, messages and alerts informing that your system is seriously infected.

It is installed secretly by using your system’s vulnerabilities. This includes mostly spam email attachments, downloads and some social activities as well. Trojan could start whenever you login to your computer, as the system registry is also changed. Whenever you want to browse something, it automatically redirects you to those PPC websites.

If you notice such problems in your system, it is not good to avoid them as presence of medfos in your system is dangerous. It brings a lot of potential risk to your personal data and destroys your system. To manually remove this malware from your system, you have to follow the instructions mentioned below.

Remove Win32 .medfos processes

  1. If you find Windows task manager difficult to explore you can always use any process explorer tool, as in the task manager you have to find the processes manually.
  2. You can download any good process explorer tool and then run and afterwards launch the tool.
  3. Select the Win32. medfos processes from the explorer and press the delete button to permanently delete the processes.

Remove Win32 .medfos Registry Keys

  1. The Win32 .medfos registry key values can be removed by using the windows registry editor.
  2. To find the required registry key values go to the Start button.
  3. Click the option Run.
  4. Type regedit in the given space named ‘Open’ and then press Ok.
  1. The windows registry editor will open when you follow the above mentioned procedure.
  2. Click on Edit through the left section of the registry editor.
  3. Click on Find and enter all the Win32 .medfos registry values.
  4. When the required registry key values are shown; select them and then press Delete.

The Win32 .medfos registry values that should be removed immediately are:

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run “.exe”

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run “”

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Internet Settings “CertificateRevocation” = ’0′

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′

HKEY_CURRENT_USER\ Software\Microsoft\Windows\ CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′

HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′

HKEY_CURRENT_USER\ Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’

HKEY_CURRENT_USER\ Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Run “.exe”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0?

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0?

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1?

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1?

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1?

HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1?

HKEY_CURRENT_USER\ Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’

HKEY_CURRENT_USER\ Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’

HKEY_CURRENT_USER \ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0?

HKEY_CURRENT_USER \ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0?

Remove Win32 .medfos other files

  1. Open the Search and then enter the Win32 .medfos data files to remove them effectively.

%AllUsersProfile% \ Application Data\~

%AllUsersProfile% \ Application Data\~r

%AllUsersProfile% \ Application Data\.dll

%AllUsersProfile% \ Application Data\.exe

%AllUsersProfile% \ Application Data\

%AllUsersProfile% \ Application Data\.exe

%UserProfile% \ Desktop\Trojan:Win32/Medfos.B.lnk

%UserProfile% \ Start Menu\Programs\Trojan:Win32/Medfos.B\

%UserProfile% \ Start Menu\Programs\Trojan:Win32/Medfos.B\Uninstall Trojan:Win32/Medfos.B.lnk

%UserProfile% \ Start Menu\Programs\Trojan:Win32/Medfos.B\Trojan:Win32/Medfos.B.lnk

Select the processes by right clicking on the above Win32 .medfos processes and then select the option Delete.

How to Remove Medfos?
Tagged on:                             

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>