NanoCore RAT Trojan Removal

This article can help you to remove NanoCore Virus. The step by step removal works for every version of Microsoft Windows.

NanoCore is a nasty Trojan horse. This particular parasite has been active since 2013 and is known to be actively upgraded. It is a sophisticated malware which can be devastating for your system. The Trojan enters your OS in complete and utter silence. It doesn’t leave any tracks or symptoms and is impossible to be detected on time. Once on board, the Trojan corrupts essential for your OS files and processes. It modifies your System Registry and roots deep into your OS. Once established, the Trojans starts its malicious processes. All Trojans are dangerous, but this particular parasite is one of the worst kinds. NanoCore is a RAT (Remote Access Trojan). You can imagine what its main functions are — to give its owners access to your system. The hackers can use it to control your machine as they please. They can command the Trojan to infect your PC with all sorts of malware and viruses. From the intrusive adware to the deadly ransomware, anything may enter your machine via the NanoCore. With this parasite on board, expect only troubles. It is very likely to affect your PC general performance as well as your Internet Connection speed. Some programs of yours may display multiple errors. Your anti-virus software may get disabled. NanoCore is a breach of your security. You have no time to waste. Remove this parasite before it causes irreversible damage. We have prepared a manual removal guide below this article. Yet, you should keep in mind that the Trojan uses various camouflaging techniques. If you fail to delete all components of the virus, it will reinstall itself. Furthermore, if you delete essential for your OS files, your computer will crash. Therefore, if you are not confident in your computer skills, use a powerful anti-virus program.

remove NanoCore

How did I get infected with?

NanoCore Trojan is mainly distributed via spam emails. The scheme is simple. You receive an email from a police department, your bank, or the local post office. The subject looks urgent, so you open the message. It has a file attached but you know better than to open mysterious files. Luckily, the email provides a hyperlink which contains additional information. Do not follow the link. Links can be corrupted. Or they may lead to infected websites. The Internet is a dangerous place. You cannot afford to be careless. Before you even open a letter, verify the sender. You can simply enter the questionable email address into some search engine. If it has been used for shady business, someone might have complained online. If the email pretends to be sent from an organization, go to their official website. Compare the email addresses listed there with the one you have received a message from. If they don’t match, delete the pretender. Also, when you open the letter, opt for red flags. A reliable company would use your real name to address you. If the message starts with “Dear Friend,” “Dear All,” or “Dear Customer,” proceed with caution. Question everything. Other virus distribution methods include drive-by downloads, corrupted software, and malvertising. Only your vigilance and caution can keep your machine virus-free.

Why is this dangerous?

NanoCore RAT Trojan is a serious infection. This parasite messes with your entire system. It actively communicates with its owners and can be commanded to install various malware, spyware, and viruses on your device. What will happen with your machine depends on the hackers and what they need at the moment. They can spy on you, steal your files and even blackmail you. If they decide, they can turn your machine into a part of a botnet. Refrain yourself from using your infected device for online purchases and banking. You wouldn’t wish your usernames and passwords to become a possession of cybercriminals, would you? The longer NanoCore Trojan remains on your computer, the more dangerous will it become. We recommend you to immediately clean your computer. NanoCore RAT Trojan has no place on your device. The sooner you remove it, the better!

Manual NanoCore Removal Instructions

The NanoCore infection is specifically designed to make money to its creators one way or another. The specialists from various antivirus companies like Bitdefender, Kaspersky, Norton, Avast, ESET, etc. advise that there is no harmless virus.

If you perform exactly the steps below you should be able to remove the NanoCore infection. Please, follow the procedures in the exact order. Please, consider to print this guide or have another computer at your disposal. You will NOT need any USB sticks or CDs.

STEP 1: Track down NanoCore related processes in the computer memory

STEP 2: Locate NanoCore startup location

STEP 3: Delete NanoCore traces from Chrome, Firefox and Internet Explorer

STEP 4: Undo the damage done by the virus

STEP 1: Track down NanoCore related processes in the computer memory

  • Open your Task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Carefully review all processes and stop the suspicious ones.


  • Write down the file location for later reference.

Step 2: Locate NanoCore startup location

Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

Clean NanoCore virus from the windows registry

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


  • A dialog box should open. Type “Regedit”


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to: %appdata% folder and delete the malicious executable.

Clean your HOSTS file to avoid unwanted browser redirection

Navigate to %windir%/system32/Drivers/etc/host

If you are hacked, there will be foreign IPs addresses connected to you at the bottom. Take a look below:


Step 4: Undo the possible damage done by NanoCore

This particular Virus may alter your DNS settings.

Attention! this can break your internet connection. Before you change your DNS settings to use Google Public DNS for NanoCore, be sure to write down the current server addresses on a piece of paper.

To fix the damage done by the virus you need to do the following.

  • Click the Windows Start button to open the Start Menu, type control panel in the search box and select Control Panel in the results displayed above.
  • go to Network and Internet
  • then Network and Sharing Center
  • then Change Adapter Settings
  • Right-click on your active internet connection and click properties. Under the Networking tab, find Internet Protocol Version 4 (TCP/IPv4). Left click on it and then click on properties. Both options should be automatic! By default it should be set to “Obtain an IP address automatically” and the second one to “Obtain DNS server address automatically!” If they are not just change them, however if you are part of a domain network you should contact your Domain Administrator to set these settings, otherwise the internet connection will break!!!


  • Check your scheduled tasks to make sure the virus will not download itself again.

How to Permanently Remove NanoCore Virus (automatic) Removal Guide

Please, have in mind that once you are infected with a single virus, it compromises your whole system or network and let all doors wide open for many other infections. To make sure manual removal is successful, we recommend to use a free scanner of any professional antimalware program to identify possible virus leftovers or temporary files.

Leave a Comment