How to Remove InvisiMole Trojan

This article can help you to remove InvisiMole Virus. The step by step removal works for every version of Microsoft Windows.

InvisiMole, a newly discovered Trojan horse, which is in the center of the attention of both security researchers and regular PC users. The virus is an advanced spyware parasite which appears to be active since 2013. The researchers at ESET have discovered that the Trojan has very low infection ratio due to its very targeted distribution. Currently, only a few samples of the virus have been found in Ukraine and in Russia. Their analysis has revealed that the Trojan has a very versatile nature. It has a modular structure which allows the hackers to make fast modifications. Every module gives the virus different functions. Thus, depending on the situation, the hackers can “upgrade” the Trojan to not only spy on you, but also to install other viruses and malware. InvisiMole is a highly dangerous cyber parasite. Once on board, it roots deeply into your OS and corrupts everything. It is very hard to be detected, much less deleted. The parasite is capable of cyber, as well as physical espionage. It can control both your web camera and microphone. It can also track your online actions. Unfortunately, the parasite is also quite capable of scanning your personal files for sensitive information. The Trojan is a serious breach of your security. It has no place on your device. Your best and only course of action is its immediate removal. Do not waste your time! Act now, or you might regret it later!

Remove InvisiMole

How did I get infected with?

InvisiMole is spread through a targeted campaign. Due to the lack of detected infections, the security researchers cannot pinpoint the exact distribution vector. The Ukrainian and Russian users are advised to be very cautious as this virus seems to target these two countries. However, as the Internet connects the whole globe, no one should feel “excluded”. The Trojan can easily infect anyone. Its main distribution techniques include torrents, fake updates, and malicious software copies. The good old spam emails are also quite likely to be used for virus distribution purposes. Only your caution can spare you such problems. So, make sure you do your due diligence. To slip into your computer unnoticed, the viruses take advantage of system vulnerabilities. Therefore, make sure you have all new updates installed. Especially the security ones. Regularly scan your system for malware. Even a simple ad-generating intruder may become the cause of serious infection. And, of course, be very careful how you interact with your inbox. All unexpected messages should be treated as potentially dangerous. The crooks tend to write on behalf of well-known and trusted organizations and companies. Thus, if you receive an unexpected message from your bank, for example, take a moment to verify it. Simply, go their official website and compare the email addresses listed there with the one you’ve received a letter from. If they don’t match, delete the pretender immediately.

Why is this dangerous?

InvisiMole is very dangerous. This parasite monitors your online, offline and physical activities. The Trojan has full control of your system. It can take pictures with your web camera and turn on your microphone. The parasite tracks your activities and waits for you to make a mistake. Can you imagine what may happen if the hackers discover your usernames, passwords, phone number, or address? Nothing good can come out of this situation. Unfortunately, that is not the end of the stream of bad news. Your personal files and the data saved in them are also at risk. The Trojan can scan your personal files and extract sensitive information. InvisiMole is created for cyber espionage. Unfortunately, it is also capable of controlling your system. The Trojan can download and install other viruses. It is a backdoor to your OS. This Trojan is unpredictable. It is a complete and total menace. Furthermore, no one knows who the threat actors are, thus, no one can even predict what they might be after. You are in a very bad position. The best thing you can do now is to clean your computer. Remove the Trojan before it gets the chance to cause irreversible damage to you or to your system.

Manual InvisiMole Removal Instructions

The InvisiMole infection is specifically designed to make money to its creators one way or another. The specialists from various antivirus companies like Bitdefender, Kaspersky, Norton, Avast, ESET, etc. advise that there is no harmless virus.

If you perform exactly the steps below you should be able to remove the InvisiMole infection. Please, follow the procedures in the exact order. Please, consider to print this guide or have another computer at your disposal. You will NOT need any USB sticks or CDs.

STEP 1: Track down InvisiMole related processes in the computer memory

STEP 2: Locate InvisiMole startup location

STEP 3: Delete InvisiMole traces from Chrome, Firefox and Internet Explorer

STEP 4: Undo the damage done by the virus

STEP 1: Track down InvisiMole related processes in the computer memory

  • Open your Task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Carefully review all processes and stop the suspicious ones.

end-malicious-process

  • Write down the file location for later reference.

Step 2: Locate InvisiMole startup location

Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

Clean InvisiMole virus from the windows registry

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

  • A dialog box should open. Type “Regedit”

regedit

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to: %appdata% folder and delete the malicious executable.

Clean your HOSTS file to avoid unwanted browser redirection

Navigate to %windir%/system32/Drivers/etc/host

If you are hacked, there will be foreign IPs addresses connected to you at the bottom. Take a look below:

hosts-redirect-virus

Step 4: Undo the possible damage done by InvisiMole

This particular Virus may alter your DNS settings.

Attention! this can break your internet connection. Before you change your DNS settings to use Google Public DNS for InvisiMole, be sure to write down the current server addresses on a piece of paper.

To fix the damage done by the virus you need to do the following.

  • Click the Windows Start button to open the Start Menu, type control panel in the search box and select Control Panel in the results displayed above.
  • go to Network and Internet
  • then Network and Sharing Center
  • then Change Adapter Settings
  • Right-click on your active internet connection and click properties. Under the Networking tab, find Internet Protocol Version 4 (TCP/IPv4). Left click on it and then click on properties. Both options should be automatic! By default it should be set to “Obtain an IP address automatically” and the second one to “Obtain DNS server address automatically!” If they are not just change them, however if you are part of a domain network you should contact your Domain Administrator to set these settings, otherwise the internet connection will break!!!

 

  • Check your scheduled tasks to make sure the virus will not download itself again.

How to Permanently Remove InvisiMole Virus (automatic) Removal Guide

Please, have in mind that once you are infected with a single virus, it compromises your whole system or network and let all doors wide open for many other infections. To make sure manual removal is successful, we recommend to use a free scanner of any professional antimalware program to identify possible virus leftovers or temporary files.

Leave a Comment