Trojan Horse

Sonoko A MS Trojan Removal (Dec. 2017 Update)

One of the most important aspects of keeping your computer safe from dangerous malware programs is being well informed regarding the different types of viruses that can potentially try to attack your system. Therefore, we have decided to dedicate the following few paragraphs to one of the most dangerous types of malware viruses out there – the infamous Trojan Horse and its latest version, Sonoko A MS Trojan.

About Trojan Horses

Everybody has heard about Trojans and how dangerous they can be. If a virus of this category manages to get inside your PC and gets run with Administrator rights, the hacker who is operating it could basically do nearly everything they want with your system. The extreme versatility of Trojan Horses is what makes them so potentially devastating and also so highly popular among cyber-criminals.

Another thing that most virus programs of that type are known for is their extreme stealthiness that we will elaborate upon in one of the next paragraphs. Also, know that if you have fallen prey to the noxious Sonoko A MS, we can potentially help you deal with it. You can use our Sonoko A MS Trojan removal guide manual and follow the instructions in it so as to eliminate the malware threat. Also, if you should run into any problem during the completion of the instructions from the guide, you can always ask for our assistance by telling us in the comments what you need help with.

What can a Trojan be used for?

As we stated above, Trojans are a highly versatile type of viruses and they can be utilized in a number of illegal and harmful ways. Below, we will introduce you to the most common ways programs like Sonoko A MS get employed but know that other uses are also possible as well.

  • Backdoor – This use of Trojans is likely where they get their name from. Similarly to the ancient Trojan Horse constructed by the Greek and used to infiltrate the independent city of Troy, a typical Trojan virus can be utilized to allow other malware programs to get inside one’s PC. Once the Trojan gets into the user’s system, it can download additional viruses such as banking malware that can steal money from the victim’s banking accounts or Ransomware which can lock the personal documents of the targeted user with an advanced encryption and and then demand a ransom payment for the decryption code.
  • System corruption/damage – Trojans can also target your system data and corrupt it causing your PC to become unstable. It is possible that your machine starts experiencing errors, freezes and even Blue Screen of Death crashes that can make it frustrating and in some cases, nearly impossible to work on the computer. In many cases, the whole system would need to be reinstalled for the computer to work again properly.
  • Spying – Another common way viruses that belong to this category can be used is for espionage. There are different techniques that a Trojan can utilize to spy on you – it can take screenshots of your screen and send them to the hacker or keep tabs on your keystrokes so that the attacker would know what you are typing on your keyboard. Telemetry data collection is also possible. However, one of the scariest ways in which a Trojan Horse might spy on you is by taking over your personal webcam and using it to look directly inside your room even when it appears that the cam is turned off.
  • Mining and spam distribution – A lot of Trojans have a whole network of interconnected PCs that have all been infected by the virus and tasked to execute a certain task. These networks are called botnets and if your PC gets made part of one such botnet, it could be forced to mine for bitcoins or some other cryptocurrency or it might be tasked to distribute out malicious spam in order to further spread the nasty infection to other users.


Remember how we mentioned that Trojans are very sneaky and difficult to spot? Well, while there are certain possible indicators that might serve as red flags and give away an infection by such a virus, users need to know that those are situational – oftentimes there might be nothing to suggest the presence of a Trojan. Therefore, it is extremely important that your computer is at all times protected by high-quality security software such as a good antivirus program and maybe a specialized anti-malware tool for added protection. Also, your OS and browsers must be updated to their latest versions so that any security vulnerabilities that they might have would hopefully be patched-out.

Even if malware programs like Sonoko A MS often do not show any obvious symptoms, you must still keep an eye out for suspicious PC behavior such as slow-downs, frequent errors or Blue Screen crashes. If any of this occurs on your machine, take the necessary precautions and investigate the issues in order to determine whether it is caused by a Trojan or by some other problem.

Remember to stay safe!

The most crucial rule that will help you avoid infections by viruses like Sonoko A MS in future is to stay safe on the Internet. This means that you mustn’t go to sites with bad reputation or ones that are illegal and you must always approach new e-mails and social media messages that contain links or file attachments with great caution. Remember, even if you receive a message from a person who’s in your contacts list,it could still be dangerous spam if their PC has already been added to a Trojan’s botnet. Also, make sure that you do not interact with any sketchy web-ads or online offers since they might also be potentially hazardous. All in all, do not forget to use your common sense every time you open your browser and start browsing the World Wide Web as this is the most essential measure that you can take against attacks by Sonoko A MS and other malware.


Sonoko A MS Trojan Removal

Sidenote: Readers of this guide are advised to bookmark this page or have it opened on another device since it is possible that they will need to close the browser at a some point during the tie they are completing the following steps.

Step 1

The first thing that needs to be done prior to anything else is that you boot your PC into Safe Mode. If you are not sure how to do it, use this link to a guide on how to enter Safe Mode.

Step 2

Press Ctrl + Shift + Esc to open the Task Manager. Go to the Processes section and look for any suspicious-looking processes. Usually, malware processes use high amounts of RAM and CPU and also have shady description (or none at all). Right-click on those processes and select Open File Location. If you are sure that the process is coming from the virus, delete everything in the file location. Also, right-click on the process again and then select End Process.

Step 3

Press Winkey + R and type appwiz.cpl. Press Enter and in the newly opened window look for any shady program installs. Right-click on the suspicious programs and select uninstall. Follow the prompts to uninstall the sketchy application.

Step 4

Open the Run window again (Winkey + R), type msconfig and hit Enter. Go to the Startup section and from the list of programs, uncheck everything that seems shady or has an unknown or suspicious-looking manufacturer. Click on OK. On Windows 10, the startup programs list is in the Task Manager.

Step 5

Open the Start Menu and paste the following line in the search bar: notepad %windir%/system32/Drivers/etc/hosts. Click on the first result that gets displayed. A notepad file should open, look at the bottom of the text and see if there are any IP addresses below localhost. Write to us in the comments if you saw anything there.

Step 6

Type regedit in the Run search bar and hit Enter. When the Registry Editor opens, press Ctrl + F, type the name of the virus and select Find Next. If anything gets found, right-click on it and select Delete. Do this for all search results.

Additionally, manually navigate to the following directories and see if they have any folders/keys that look shady (with a lot of random numbers and letters):

  • HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run
  • HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main
  • HKEY_CURRENT_USER > Software > Any other random directory

Delete everything that looks suspicious. If you are not sure whether to delete something, be sure to ask us in the comments.

About the author


Boris' main task on TinySoftware is to keep an eye out for the latest cyber threats, software news and technology trends and then turn those into articles for this site. In his articles, he seeks to present the collected information in a way that would be easy to understand by the regular user allowing everyone to learn more about the each of the topics that he covers on TinySoftware.

Leave a Comment