FormBook Malware Removal

This article can help you to remove FormBook Virus. The step by step removal works for every version of Microsoft Windows.

When someone mentions the term “computer virus,” most of us imagine Trojan horses. There is a good reason for that. These parasites are responsible for the worst cyber infections through history. The newest member of their malicious family is a Trojan named FormBook Malware. This particular virus is programmed to slither into its victims’ computers unnoticed and to act as a backdoor for other malware. Upon infiltration, FormBook corrupts your entire system. The virus can create and delete files and enters from your System registry. It can also communicate with a remote server (the hackers). Thus, it can be used to download and install software on your machine. The FormBook malware can affect its victims in a different manner. It all depends on what the hackers need. They can turn your PC into part of Botnet, or they can use it coin miner. Both outcomes are unwanted. You should also bear in mind that Trojan horses are usually used as spying devices. FormBook Trojan knows what kind of software you have installed, your IP and Mac addresses, and your online habits. The hackers can use the virus to steal, delete and corrupt for personal files. This virus has no place on your machine. The more time it spends on it, the more problems will it cause. Don’t be surprised if some programs of yours stop working. The virus will probably try to stop your anti-virus app. And thus, make your PC even more vulnerable. Do not waste your time. Remove this parasite before it is too late!

How did I get infected with?

The FormBook malware is distributed via massive spam email campaign. The crooks write on behalf of well-known organizations, companies, banks, post offices, etc. They attach corrupted documents to their letters. They also add links in the body of the message. Do not download the attachments. Neither should you follow the provided links. Before you even open a message from a stranger, you should verify the sender. If you receive a letter from an organization, for example, go to their official website. You can find their authorized email addresses there. Compare them with the one you have received a message from. If they don’t match, delete the pretender immediately. Unfortunately, this method is not flawless. Proceed with caution. Opt for red flags. Reliable companies would use your real name to address you. Thus, if you receive an email starting with “Dear Friend,” or “Dear Customer,” be on your guard. It is probably a spam. Enter the questionable email address into some search engine. If it was used for shady business there might be evidence online. Having a powerful anti-virus app is a must nowadays. The hackers are very imaginative. You can never know where an infection may strike from.

Why is this dangerous?

The FormBook malware should be removed upon detection. This virus can cause irreversible damage to your computer. The Trojan communicates with its owners. These people didn’t hesitate to invade your PC, they will not hesitate to use as they see fit. The FormBook Trojan can download and install other software. Thus, the hackers can use it to install ransomware or spying software. Can you imagine what may happen if the hackers get in possession of personally identifiable information about you? Do not use your computer for online banking! And stay away from social networks. Your best course of action is the immediate removal of the Trojan. This parasite is quite sophisticated. So is its removal. To delete this pest completely, you will need to modify your system’s key folders. If you delete one wrong file, you will end up with the dreaded Blue Screen of Death. If you miss one component of the virus, it will reinstall itself. Therefore, we recommend you to use a trustworthy anti-virus app. This is the safest and fastest way to deal with the FormBook Trojan. The sooner you clean your computer, the better!

Manual FormBook Removal Instructions

The FormBook infection is specifically designed to make money to its creators one way or another. The specialists from various antivirus companies like Bitdefender, Kaspersky, Norton, Avast, ESET, etc. advise that there is no harmless virus.

If you perform exactly the steps below you should be able to remove the FormBook infection. Please, follow the procedures in the exact order. Please, consider to print this guide or have another computer at your disposal. You will NOT need any USB sticks or CDs.

STEP 1: Track down FormBook related processes in the computer memory

STEP 2: Locate FormBook startup location

STEP 3: Delete FormBook traces from Chrome, Firefox and Internet Explorer

STEP 4: Undo the damage done by the virus

STEP 1: Track down FormBook related processes in the computer memory

• Open your Task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Carefully review all processes and stop the suspicious ones.

• Write down the file location for later reference.

Step 2: Locate FormBook startup location

Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

Clean FormBook virus from the windows registry

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”

• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to: %appdata% folder and delete the malicious executable.

Clean your HOSTS file to avoid unwanted browser redirection

Navigate to %windir%/system32/Drivers/etc/host

If you are hacked, there will be foreign IPs addresses connected to you at the bottom. Take a look below:

Step 4: Undo the possible damage done by FormBook

This particular Virus may alter your DNS settings.

Attention! this can break your internet connection. Before you change your DNS settings to use Google Public DNS for FormBook, be sure to write down the current server addresses on a piece of paper.

To fix the damage done by the virus you need to do the following.

• Click the Windows Start button to open the Start Menu, type control panel in the search box and select Control Panel in the results displayed above.
• go to Network and Internet
• then Network and Sharing Center
• then Change Adapter Settings
• Right-click on your active internet connection and click properties. Under the Networking tab, find Internet Protocol Version 4 (TCP/IPv4). Left click on it and then click on properties. Both options should be automatic! By default it should be set to “Obtain an IP address automatically” and the second one to “Obtain DNS server address automatically!” If they are not just change them, however if you are part of a domain network you should contact your Domain Administrator to set these settings, otherwise the internet connection will break!!!

 

• Check your scheduled tasks to make sure the virus will not download itself again.

How to Permanently Remove FormBook Virus (automatic) Removal Guide

Please, have in mind that once you are infected with a single virus, it compromises your whole system or network and let all doors wide open for many other infections. To make sure manual removal is successful, we recommend to use a free scanner of any professional antimalware program to identify possible virus leftovers or temporary files.