Remove Cortana.exe & Cortana Runtime CPU Miner Trojan

This article can help you to remove Cortana.exe / Cortana Runtime Virus. The step by step removal works for every version of Microsoft Windows.

Cortana Runtime is not a legitimate process. If either it or Cortana.exe takes more than 5 to10% CPU usage, you are in trouble. A nasty Trojan horse uses these same process names to camouflage itself. The virus is a tricky CPU miner. It sneaks into your device unnoticed and corrupts your entire system. The Trojan follows instructions to steal your computer resources. It turns your device into a coin miner. Basically, the Trojan forces your system to perform accounting services for a coin platform. In exchange for its “help,” your device gets paid in fractions of the coin. The longer it serves, the bigger the profit. Thus, the Trojan never stops. It takes everything your computer has to offer and leaves nothing for you. The parasite causes system underperformance, overheating, crashes, program failures and Internet connection instability. This invader wreaks your system. The longer it runs undisturbed, the worse the consequences. Do not put up with this invader. Cortana.exe Trojan cannot be beneficial to you. It works for its owners. Every coin it wins is transferred not to your device, but to the crooks’ cyber wallet. Do you think that’s fair? The crooks make a mint while you struggle to use your PC. Don’t become their sponsor. Remove Cortana.exe/Cortana Runtime immediately!

Remove Cortana.exe / Cortana Runtime

How did I get infected with?

As advanced as Cortana.exe/Cortana Runtime Trojan is, the parasite cannot enter your OS without an invitation. Yet, it knows how to steal one. The Trojan relies on your carelessness and naivety. The parasite lurks in the shadows and waits for you to make a mistake. It hides in spam emails, torrents, fake updates and corrupted links. All it needs to succeed it one second of carelessness. Don’t make its job easier. Do not let your guard down. No anti-virus app can protect you if you act recklessly. Always take the time to do your due diligence. Don’t visit shady websites. Download your software from reputable sources only. Forget about the “Next-Next-Finish” installation strategy. When available, use the advanced custom installation option. Read the terms and conditions before you agree to them. And, of course, be very careful with your inbox. The good old spam emails are still the number one cause of Trojan infections. Threat all unexpected messages as potential threats. Take a minute to verify the senders before you even consider opening the messages. If you receive a letter, from your bank, for example, go to their official website. Compare the email addresses listed there to the one you’ve received a message from. If they don’t match, delete the pretender immediately.

Why is this dangerous?

Cortana.exe / Cortana Runtime Trojan is a nasty invader. It uses trickery to sneak into your OS unnoticed. Once in, it wastes no time and wreaks everything. The parasite corrupts your entire system and takes full control of it. The Trojan manipulates your OS however it pleases. It is capable of downloading and installing software, as well as monitoring your activities. In other words: the Trojan can install viruses and spy on you. This parasite is unpredictable. Its owners can reprogram it at any given time. They may instruct it to execute various unwanted changes on your OS, such install spyware, adware, hijackers, and other dangerous viruses. Do not play games with these criminals. You cannot win! Currently, the Trojan uses your computer as a miner. These operations, too, hide potential risks. The Trojan uses your CPU under very high temperature. If this continues for too long, issues will occur. We are not talking about the annoying underperformance. Cortana.exe/Cortana Runtime might cause irreparable hardware damage. The coin mining process is profitable only if you don’t use your own resources. Cortana.exe/Cortana Runtime uses yours. Do not put up with this situation. Protect yourself and your device. Take immediate measures against the invader. The sooner you clean your OS, the better!

Manual Cortana.exe / Cortana Runtime Removal Instructions

The Cortana.exe / Cortana Runtime infection is specifically designed to make money to its creators one way or another. The specialists from various antivirus companies like Bitdefender, Kaspersky, Norton, Avast, ESET, etc. advise that there is no harmless virus.

If you perform exactly the steps below you should be able to remove the Cortana.exe / Cortana Runtime infection. Please, follow the procedures in the exact order. Please, consider to print this guide or have another computer at your disposal. You will NOT need any USB sticks or CDs.

STEP 1: Track down Cortana.exe / Cortana Runtime related processes in the computer memory

STEP 2: Locate Cortana.exe / Cortana Runtime startup location

STEP 3: Delete Cortana.exe / Cortana Runtime traces from Chrome, Firefox and Internet Explorer

STEP 4: Undo the damage done by the virus

STEP 1: Track down Cortana.exe / Cortana Runtime related processes in the computer memory

  • Open your Task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Carefully review all processes and stop the suspicious ones.


  • Write down the file location for later reference.

Step 2: Locate Cortana.exe / Cortana Runtime startup location

Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

Clean Cortana.exe / Cortana Runtime virus from the windows registry

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


  • A dialog box should open. Type “Regedit”


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to: %appdata% folder and delete the malicious executable.

Clean your HOSTS file to avoid unwanted browser redirection

Navigate to %windir%/system32/Drivers/etc/host

If you are hacked, there will be foreign IPs addresses connected to you at the bottom. Take a look below:


Step 4: Undo the possible damage done by Cortana.exe / Cortana Runtime

This particular Virus may alter your DNS settings.

Attention! this can break your internet connection. Before you change your DNS settings to use Google Public DNS for Cortana.exe / Cortana Runtime, be sure to write down the current server addresses on a piece of paper.

To fix the damage done by the virus you need to do the following.

  • Click the Windows Start button to open the Start Menu, type control panel in the search box and select Control Panel in the results displayed above.
  • go to Network and Internet
  • then Network and Sharing Center
  • then Change Adapter Settings
  • Right-click on your active internet connection and click properties. Under the Networking tab, find Internet Protocol Version 4 (TCP/IPv4). Left click on it and then click on properties. Both options should be automatic! By default it should be set to “Obtain an IP address automatically” and the second one to “Obtain DNS server address automatically!” If they are not just change them, however if you are part of a domain network you should contact your Domain Administrator to set these settings, otherwise the internet connection will break!!!


  • Check your scheduled tasks to make sure the virus will not download itself again.

How to Permanently Remove Cortana.exe / Cortana Runtime Virus (automatic) Removal Guide

Please, have in mind that once you are infected with a single virus, it compromises your whole system or network and let all doors wide open for many other infections. To make sure manual removal is successful, we recommend to use a free scanner of any professional antimalware program to identify possible virus leftovers or temporary files.

Leave a Comment