The Trojan horses are pretty popular type of malware, which can cause various issues once it finds its way inside your machine. In this article, we are going to discuss a freshly detected threat of this type, which is named Trojan.win64.equationdrug.gen.
This Trojan represents a great danger to any computer, especially because it camouflages as harmless at first, but when it infects you, it can initiate different harmful activities and cause you a lot of trouble. In the next lines you will learn more about its specifics, usual methods of distribution and infection, as well as a few useful tips, which may help you protect your PC from such threats in the future. If you have a doubt that your system has been infected, then the instructions in the removal guide below may turn out to be very helpful for you. If you follow them closely, you will be able to detect and safely remove Trojan.win64.equationdrug.gen and all of its traces. We strongly advise you do so because having a Trojan horse like this one on your system can expose you to numerous hazards and even make your machine totally unusable if you don’t remove it on time.
What should you know about Trojans like Trojan.win64.equationdrug.gen?
The category of the Trojan horses represents almost 70 percent of all malware that can be found on the web. With such a huge share, this type of software is responsible for most of the malicious infections that one could catch online. The key to the popularity and the effectiveness in compromising the users’ machines lies in the stealthy way the Trojans spreads and camouflage. In most of the cases, the infection is hidden in some harmless looking type of web content, which the users can’t recognize as malicious and click on. This is how the contamination usually happens.
Once inside the machine, the Trojan can perform a wide variety of harmful tasks and it normally tries to perform them secretly, without any visible symptoms, which can eventually give it away. This makes it very hard for the victims to notice the infection and stop it before it has damaged their computer in a serious way. Trojan.win64.equationdrug.gen is a threat, which operates in the exact same way and uses the same typical features of a Trojan. It can be programmed to act in very different ways and serve the criminal purposes of the hackers, who have created it. What is more, if the victims are not able to detect and remove it on time, it may take over their device in a very stealthy way, do all the nasty stuff it has been programmed to, and not even give a hint of its presence until a major system malfunction raises the users’ attention.
What criminal deeds can a Trojan like Trojan.win64.equationdrug.gen perform?
As we already said, a threat like Trojan.win64.equationdrug.gen can be programmed to carry out a great range of tasks, and none of them will do good to your machine. The hackers can use the Trojan to corrupt and destroy certain files on your hard drives, mess with your system processes, data and software, which can result in the severe malfunction of the infected computer. They can also make the machine to crash, or behave strangely and involve it in some criminal schemes, without your knowledge. Trojan.win64.equationdrug.gen can also be exploited as an instrument for spying and credential stealing. The unscrupulous people behind the infection can use it to gain sensitive information about your passwords, accounts, social media profiles, credit or debit card credentials and everything that you type on your device thanks to methods like keystroke logging and then use this information to harass or blackmail you. Another danger that the Trojan brings is the possible contamination with other malicious infections like Ransomware, Spyware and other computer viruses. A lot of criminals camouflage such threats (especially Ransomware) and distribute them with the help of a Trojan horse. That’s why, if you have such an infection on your machine, it is not excluded that you may get infected with even more nasty viruses.
Unfortunately, these are not all the possible uses of the Trojans, but just some of the most common ones. Bear in mind that some other harmful activities may also take place and what exactly will happen to your computer entirely depends on the aim of the hackers and the way they program their Trojan. The best way to counteract the infection is to immediately remove it from your system and in the removal guide below we have shown you the exact steps to do that.
Sidenote: Readers of this guide are advised to bookmark this page or have it opened on another device since it is possible that they will need to close the browser at a some point during the tie they are completing the following steps.
The first thing that needs to be done prior to anything else is that you boot your PC into Safe Mode. If you are not sure how to do it, use this link to a guide on how to enter Safe Mode.
Press Ctrl + Shift + Esc to open the Task Manager. Go to the Processes section and look for any suspicious-looking processes. Usually, malware processes use high amounts of RAM and CPU and also have shady description (or none at all). Right-click on those processes and select Open File Location. If you are sure that the process is coming from the virus, delete everything in the file location. Also, right-click on the process again and then select End Process.
Press Winkey + R and type appwiz.cpl. Press Enter and in the newly opened window look for any shady program installs. Right-click on the suspicious programs and select uninstall. Follow the prompts to uninstall the sketchy application.
Open the Run window again (Winkey + R), type msconfig and hit Enter. Go to the Startup section and from the list of programs, uncheck everything that seems shady or has an unknown or suspicious-looking manufacturer. Click on OK. On Windows 10, the startup programs list is in the Task Manager.
Open the Start Menu and paste the following line in the search bar: notepad %windir%/system32/Drivers/etc/hosts. Click on the first result that gets displayed. A notepad file should open, look at the bottom of the text and see if there are any IP addresses below localhost. Write to us in the comments if you saw anything there.
Type regedit in the Run search bar and hit Enter. When the Registry Editor opens, press Ctrl + F, type the name of the virus and select Find Next. If anything gets found, right-click on it and select Delete. Do this for all search results.
Additionally, manually navigate to the following directories and see if they have any folders/keys that look shady (with a lot of random numbers and letters):
- HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run
- HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main
- HKEY_CURRENT_USER > Software > Any other random directory
Delete everything that looks suspicious. If you are not sure whether to delete something, be sure to ask us in the comments.