Do not respond to I monitored your device on the net for a long time

Also Known As: possible malware infections
Distribution: Low
Damage level: Medium

I monitored your device on the net for a long time email scam removal guide

What is I monitored your device on the net for a long time email scam?

Sextortion email scam is a type of scam where scammers claim that to have hacked into computers and recorded a humiliating video of recipients watching some adult video. As a rule, scammers threaten to send that video to other people on the contact list unless recipients pay a certain amount of money (usually in cryptocurrency). Such emails should be ignored, especially when a computer has no webcam connected to it (or integrated in it).

I monitored your device on the net for a long time email scam

Scammers behind this email claim to have monitored the device for a long time and managed to hack it and infect it with a virus. According to scammers, they have access to the camera, microphone, messengers, phone book, passwords to all social networks, etc. Scammers attempt to trick recipients into believing that they have used the connected/integrated webcam and the access to the screen to record a video of recipients watching pornography and, if recipients do not pay $1200 (in Bitcoins) to the provided BTC wallet address within 48 hours, then that video will be uploaded on social networks. Such emails should not be responded, and more importantly, payments to scammers should not be made. It is advisable to delete such emails and mark them as spam. It is worthwhile to mention that scammers behind such emails can use a spoofing technique. This technique is used to make it look like an email came from someone it did not. In other words, scammers forge the sender's address to trick recipients into believing that they have received the email from someone they know. It is common that scammers make the sender's address the same as the recipient's.

Threat Summary:
Name I Monitored Your Device On The Net For A Long Time Email Scam
Threat Type Phishing, Scam, Social Engineering, Fraud
Fake Claim Scammers claim to have recorded a humiliating video and threaten to release (publish) it
Ransom Amount $1200 in Bitcoins
Cyber Criminal Cryptowallet Address bc1qnkxjyxtdjmr8tkwzfz2t3rc4scdmnr4ll99kg9, bc1qpae26vlj5dnlxgwt2xjyw69sz3e596xs9xtwkn, bc1qyg3srjs0gz9l97xdp00vms4sgxa3ymj7aw7vae, bc1qvq53pjvx0gp3c5znercq6xvksps7vza5lh6ham, bc1qljx0ltxe0s2rhh7w0x9qzuhcdw0j79t0a6pxvv
Symptoms Unauthorized online purchases, changed online account passwords, identity theft, illegal access of the computer.
Distribution methods Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.
Damage Loss of sensitive private information, monetary loss, identity theft.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner
To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available.

More examples of email scams are "COVID-19 Vaccination NHS Email Scam", "Ruralvía Seguridad Email Scam" and "Stopped Processing Incoming Emails Scam". It is important to mention that scammes/cyber criminals can use emails as tools to trick recipient into providing sensitive information (e.g., credit card details, login credentials, social security numbers) or into opening malicious files designed to install malicious software (e.g., ransomware, Trojan-type malware).

How do spam campaigns infect computers?

When cybercriminals use emails as a channel to deliver malware, they send emails that contain a malicious attachment of a download link for a malicious file. In one way or another, their main goal is to trick unsuspecting recipients into downloading and opening a malicious file that is designed to infect the operating system with malware. Examples of files that cybercriminals use in their malspam campaigns are archive files (e.g., RAR, ZIP), executable files (like .exe, .run), Microsoft Office, PDF documents, JavaScript files. It is noteworthy that malicious Office documents cannot infect computers unless users enable editing/content (malicious macros) in them. Although, if such documents are opened with the Microsoft Office version that was released prior to 2010, then they install malware without asking any permissions. Microsoft Office 2010 and newer versions have the "Protected View" mode that prevents malicious documents from installing malware automatically.

How to avoid installation of malware?

Neither files or programs should be downloaded (or installed) via third party downloaders (or installers), Peer-to-Peer networks (for example, torrent clients, eMule), from unreliable, unofficial pages. The only safe sources for downloading software are official websites and direct links. Installed programs should never be updated or activated with unofficial, third party tools. Those tools can be and often are malicious. Installed software has to be updater or activated with implemented functions or tools from official developers. It is noteworthy that it is not legal to use unofficial tools to activate software, or use pirated software. One more important thing is not to open attachments or links if they are include in emails that are not relevant and sent from suspicious addresses. Such emails can be used as channels to deliver malware. Lastly, it is advisable to have a reputable antivirus or anti-spyware suite installed on a computer and scan for threats regularly. If you've already opened malicious attachments, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated malware.

Appearance of the email (GIF):

i monitored your device on the net for a long time email scam appearance

Text in the email:

Subject: The device has been successfully hacked.

I monitored your device on the net for a long time and successfully managed to hack it. It was not difficult for me, as I have been in this business for a long time.

When you visited a pornography site, I was able to put a virus on your computer that gave me full access to your device, namely your camera, microphone, phone calls, messengers, what happens on your screen, phone book, passwords to all social networks, etc.

To hide my virus, I have written a special driver which is updated every 4 hours and makes it impossible to detect it.

I captured video of your screen and camera device and edited a video of you masturbating in one part of the screen and a pornographic video that you opened at that moment in the other part of the screen.

I can safely send any data from your device to the Internet, as well as anyone who is recorded in your contacts, messengers and social networks.
I can also give anyone access to your social networks, emails and messengers.

If you don't want me to do it, then:
Transfer $1200 (US dollars) to my Bitcoin wallet.

My Bitcoin wallet address: bc1qnkxjyxtdjmr8tkwzfz2t3rc4scdmnr4ll99kg9, bc1qpae26vlj5dnlxgwt2xjyw69sz3e596xs9xtwkn, bc1qljx0ltxe0s2rhh7w0x9qzuhcdw0j79t0a6pxvv

I give you 48 hours to transfer the money. Otherwise, I will perform the above.
The timer started automatically as soon as you opened the email.
I am also automatically notified when this email is opened.

If you do not know how to transfer money and what Bitcoin is. Then type "Buy Bitcoin" into Google

As soon as I receive a transfer of the required amount, the system will automatically inform me about the received payment and offer to delete from my servers all the data I received from you.
And therefore, I will confirm the deletion.

Do not try to complain anywhere, as a purse does not track, mail from where the letter came, and is not tracked and created automatically, so there is no point in writing to me.
If you try to share this email with anyone, the system will automatically send a request to the servers and they will proceed to upload all the data to social networks. Also, changing passwords in social networks, mail, device will not help you, because all the data is already downloaded to a cluster of my servers.

Good luck.

A Czech variant of "I Monitored Your Device On The Net For A Long Time" scam email:

Czech variant of I Monitored Your Device On The Net For A Long Time spam email

Text presented within:

Subject: Vás systém byl napaden virem. Vase zarízení bylo úspesne hacknuto.


Sleduji vaše zarízení online dlouho a dokázal jsem ho hacknout. Nebylo to pro me težké, protože jsem v tomto oboru dlouho.

Když jste navštívili porno stránku, dokázal jsem do vašeho pocítace dát virus, který mi umožnil plný prístup k vašemu zarízení, a to ke kamere, mikrofonu, hovorum, zprávám, obsahu na obrazovce, telefonnímu seznamu, heslum do všech sociálních sítí , atd.

Abych skryl svuj virus, napsal jsem speciální ovladac, který se aktualizuje každých nekolik hodin a znemožnuje jeho detekci.

Porídil jsem videozáznam vaší obrazovky a kamery a pripojil jsem video, kde jedna cást obrazovky obsahuje video vaší masturbace a druhá cást pornografické video, které jste v tomto okamžiku otevreli.

Mohu bezpecne prenést všechna data z vašeho zarízení na internet, stejne jako na všechny vaše kontakty, posly a sociální síte.
Také mohu komukoli poskytnout prístup k vašim sociálním sítím, e-mailum a poselum.

Pokud nechcete, abych:
Prevedte 1300 $ do mé bitcoinové peneženky.

Dávám vám 48 hodin na prevod vašich penez. Udelám to jinak.
Hodiny se spustí automaticky, když otevrete e-mail.
Také jsem byl automaticky upozornen, když byl tento e-mail otevren.

Pokud nevíte, jak prevést peníze a co je to bitcoin. Poté na Googlu zadejte „Koupit Bitcoin“.
Adresa mé Bitcoin peneženky: bc1qyg3srjs0gz9l97xdp00vms4sgxa3ymj7aw7vae

Jakmile obdržím prevod požadované cástky, systém me automaticky informuje o prijaté platbe a požádá me o smazání všech údaju, které jsem od vás obdržel.
Potvrdím tedy odstranení.

Neobtežujte se nikde si stežovat, protože peneženka nesleduje poštu, odkud dopis pochází, a není sledována a vytvárena automaticky, takže mi nemá smysl psát.
Pokud se pokusíte tuto zprávu s nekým sdílet, systém automaticky odešle požadavek na servery a on bude pokracovat v prenosu všech dat na sociální síte. Zmena hesel na sociálních sítích, e-mailu a zarízení vám také nepomuže, protože všechna data jsou již stažena do mého serverového clusteru.

Hodne štestí a nedelejte nic hloupého.

A Portuguese variant of "I Monitored Your Device On The Net For A Long Time" scam email:

I Monitored Your Device On The Net For A Long Time Portuguese variant

Text presented within:

Subject: Seu sistema foi atacado por um vírus. O dispositivo foi hackeado com sucesso.

Bom dia!

Tenho monitorado o seu dispositivo na rede há muito tempo e consegui a hackearlo com sucesso.
Não foi difícil para mim, pois tenho muita experiência neste ramo.

Quando você visitou um site com pornografia, infectei seu computador com um vírus que me deu acesso total ao seu dispositivo,
a saber: a câmera,o microfone, as chamadas, os mensageiros instantâneos, o que está acontecendo na tela, a lista telefónica , as senhas de todos redes sociais e etc.

Para esconder o trabalho do meu vírus, escrevi um driver especial que é atualizado a cada poucas horas e torna a detecção de vírus impossível.

Capturei um vídeo da sua tela e da câmera do dispositivo e editei um vídeo em que você se masturba em uma parte da tela, e na outra mostra o vídeo pornográfico que você abriu naquele momento.

Posso enviar com segurança quaisquer dados do seu dispositivo para a Internet, bem como para todos os que estão registrados em seus contatos, os mensageiros e as redes sociais.
Também posso fornecer a qualquer pessoa um acesso às suas redes sociais, a email e uns mensagens instantâneas.

Se você quereis evitar esse desenvolvimento de eventos, faça o seguinte-

Transfira $ 1200 (dólares americanos) para minha carteira Bitcoin.

Endereço de meu carteira Bitcoin- bc1qvq53pjvx0gp3c5znercq6xvksps7vza5lh6ham

Dou-lhe 48 horas para transferir o dinheiro. Caso contrário, vou seguir os passos supramencionados.

O cronômetro começou automaticamente assim que você abriu a carta.

Além disso, recebo automaticamente uma notificação da abertura desta carta.

Se você não sabe como transferir dinheiro e o que é Bitcoin, escreva uma solicitação em Google "Comprar Bitcoin"

Assim que eu receberei a transferência do valor solicitado, o sistema me informará automaticamente do pagamento recebido e se oferecerá a deletar todos os dados que recebi de você de meus servidores.
Depois disso irei confirmar a eliminação.

Não tente reclamar em nenhum lugar, pois a carteira não pode ser rastreada e o e-mail de onde a carta veio também não é rastreado e gerado automaticamente, portanto, não vale a pena escrever para mim.

Se você tentareis compartilhar esta carta com alguém, o sistema enviará automaticamente uma solicitação aos servidores e eles começarão a enviar todos os dados para as redes sociais.

Além disso, mudança de senha em redes sociais, no e-mail ou em um dispositivo não irá ajudá-lo, uma vez que todos os dados já foram baixados para o meu cluster de servidor.

Boa sorte e  não faça coisas estúpidas.

An Italian variant of "I Monitored Your Device On The Net For A Long Time" scam email:

I Monitored Your Device On The Net For A Long Time scam Italian variant

Text presented within:

Subject: Il vostro sistema è stato attaccato da un virus. Il dispositivo è stato hackerato con successo.


Ho monitorato il vostro dispositivo sulla rete per molto tempo e sono riuscito a hackerarlo con successo.
Non è stato difficile per me, dato che lo faccio da molto tempo.
Quando avete visitato un sito con la pornografia, potevo contagiare il vostro computer con un virus, che mi ha dato un pieno accesso al vostro dispositivo, vale a dire:
alla camera, al microfono, alle chiamate, alla messaggistica istantanea, a cosa sta succedendo sullo schermo, al’elenco dei telefoni, le password da tutti i rete sociali, ecc.
Per nascondere il lavoro del mio virus, ho scritto un driver speciale che viene aggiornato ogni poche ore e rende il rilevamento di virus impossibile.
Ho catturato un video dal vostro schermo e dalla camera del dispositivo e ho montato un video in cui in una parte dello schermo c'è un video di come voi vi masturbe e nell'altra c'è un video pornografico che è stato aperto da voi in quel momento.
Posso inviare qualsiasi dato dal vostro dispositivo a Internet, nonché a tutti coloro che sono registrati nei vostri contatti, gli messenger e nelle rete sociale.
Posso anche fornire a chiunque l'accesso ai vostri rete sociale, la e-mail e alla messaggistica istantanea.
Se volete evitare un tale sviluppo di eventi, procedi come segue-
Trasferisca $ 1000 (dollari USA) sul mio portafoglio Bitcoin.
Vi do 48 ore per trasferire i soldi. In caso contrario, seguirò i passi sopre indicati.
L'indirizzo del mio portafoglio Bitcoin – bc1q05pnnyz9gpy86nkdj8rnjuvv5dns9cy8e64a35
Il timer si è avviato automaticamente non appena avete aperto questa lettera.
Inoltre, ricevo automaticamente una notifica sull'apertura di questa E-Mail.
Se non sapete come trasferire i soldi e cos'è un Bitcoin, scriva una richiesta a Google "Acquistare Bitcoin"
Non appena riceveró il bonifico dell'importo richiesto, il sistema mi informerà automaticamente del pagamento ricevuto e offrirà di cancellare tutti i dati che ho ricevuto da voi dai miei server.
E quindi io confermeró la cancellazione.
Non cercate di lamentarsi in qualche posto, poiché il portafoglio non può essere tracciato e anche la posta da cui proviene la lettera non viene tracciata e sta generata automaticamente, quindi non ha il senso di scrivermi.
Se proverete a condividere questa lettera con qualcuno, il sistema invierà automaticamente una richiesta ai server e loro inizieranno a caricare tutti i dati sui rete sociali.
Altresi, il cambio delle password di rete sociali, di posta o del dispositivo non vi aiuterà, poiché tutti i dati sono già stati scaricati nel cluster dei miei server.
Vi auguro buona fortuna e non fate sciocchezze.

A French variant of "I Monitored Your Device On The Net For A Long Time" scam email:

I Monitored Your Device On The Net For A Long Time email scam French variant

Text presented within:

Subject: Votre système a été attaqué par un virus. L'appareil a été craqué avec succès.



J’ai  surveillé votre appareil sur le réseau depuis longtemps et j'ai réussi à le pirater.
Cela n'a pas été difficile pour moi, puisque j’ai beaucoup d'expérience dans ce métier.

Lorsque vous avez visité un site avec  pornographie, j'ai pu infecter votre ordinateur avec un virus qui m'a donné un accès complet à votre appareil, à savoir: au camera,au  microphone, aux appels, à la messagerie instantanée, à ce qui se passe sur l'écran, à l'annuaire, au mots de passe de tous réseaux sociaux etc.

Pour cacher le fonctionnement de mon virus, j'ai écrit un pilote spécial, mis à jour toutes les quelques heures, ce qui rend impossible la détection du virus.

J'ai capturé une vidéo de votre écran et de caméra de l'appareil et j'ai édité une vidéo qui vous montre en train de vous masturber d'un côté de l'écran et la vidéo pornographique que vous regardiez à ce moment-là de l'autre.

Je peux envoyer à tout moment toutes les données de votre appareil à l’Internet , ainsi qu'à toutes les personnes enregistrées dans vos contacts, vos messageries et vos réseaux sociaux.
Je peux également permettre à quiconque d'accéder à vos réseaux sociaux, les e-mails et les messageries.

Si vous souhaitez éviter un tel développement d'événements, procédez comme suit-

Transférez 1300 $ (dollars américains) sur mon portefeuille Bitcoin.  

L'adresse de mon portefeuille Bitcoin – bc1qk29znuasm94k7ha4n2u7mpz7ak0nr5yuav2hn3

Je vous donne 48 heures pour transférer l'argent. En cas contraire je suivrai les étapes ci-dessus.

Le minuteur a démarré automatiquement dès que vous avez ouvert cette lettre.
De plus, je reçois automatiquement une notification d'ouverture de cette E-mail.

Si vous ne savez pas comment transférer de l'argent et ce qu'est le Bitcoin, écrivez une demande à Google "Acheter Bitcoin"

Dès que je reçois le virement du montant requis, le système m'informera automatiquement du paiement reçu et me proposera de supprimer toutes les données que j'ai reçues de vous de mes serveurs.

Et donc je confirmerai la suppression.

N'essayez pas de vous plaindre nulle part, car le portefeuille ne peut pas être suivi, et le courrier d'où provient la lettre n'est peut pas être suivi non plus  et se généré automatiquement, il est donc inutile de m'écrire.

Si vous essaierez de partager cette lettre avec quelqu'un, le système enverra automatiquement une demande aux serveurs et ils commenceront à télécharger toutes les données sur les réseaux sociaux.
Par ailleurs, le changement des mots de passe sur les réseaux sociaux, sur la messagerie ou sur votre appareil ne vous aidera pas, puisque toutes les données ont déjà été téléchargées sur le cluster de mes serveurs.

Bonne chance et non faites pas des bêtises.

A Russian variant of "I Monitored Your Device On The Net For A Long Time" scam email:

Russian variant of I Monitored Your Device On The Net For A Long Time Email Scam

Text presented within:

Subject: Запрос на оплату.


Хорошего вам времени суток!

Для вас от меня полохие новости.
Два-три месяца назад я получил доступ ко всем вашим устройствам, с помощью которых вы выходите в интернет.
Сразу же после этого, я начал следить за вашей сетевой активностью.

Вы хотите узнать как это было? Запросто!

Несколько месяцев назад я купил доступ к большой базе email адресов на черном рынке, это не сложно...
Когда я сделал сверку логинпароль, то получил доступ к нескольким тысяч почтовых аккаунтов, в том числе и вашему (********).

Вы заходите на ******** довольно регулярно, и мне не составило труда установить свой троянец на все ваши устройства, с которых вы это делали..
Я вам присылал в некоторых регулярных письмах ссылки, а вы незадумываясь нажимали на них, переходя на ресурс с експлойтом.
Вы своими руками установили себе вредоносное ПО...
Как видите, быть хорошим хакером нетрудно!

Моя программа-шпион дает мне доступ к микрофону, веб-камере или клавиатуре вашего устройства...
Я могу контролировать ваш экран, записывать звук или видео, вводить за вас сообщения!
После этого я закачал на свои удаленные сервера все ваши мультимедиа файлы (фото и видео), все ваши чаты и истории просмотра страниц браузеров.
В моем распоряжении находятся доступы к социальным сетям и мессенджерам, у меня есть все ваши контакты и переписки с ними...

Хочу добавить, что моё ПО постоянно обновляется (то есть она недосягаема для антивирусов) и находится в бут-секторе вашего диска.
Поэтому, даже если вы переустановите свою операционную систему, моя программа автоматически восстановится на вашем устройстве.
Вы я думаю теперь догадались, почему так долго вы не подозревали о момем существовании.

В процессе наблюдения за вами я узнал что вы большой любитель хардкор-порно!
Вы очень любите посещась специфические ресурсы, смотреть "особые" фильмы, вы испытываете большое наслаждение, просматривая такой контент.
Я записал несколько моментов таких фиерических "наслаждений", а после, сделав монтаж нескольких мини-фильмов, вы на них очень классно доводите себя до оргазмов.

Я могу сделать щелчок мышкой - и все эти порно-сцены, с Вами в главной роли, будут у ваших родных и близких, ну и конечно у друзей и коллег.
Также проще простого выложить это все в открытый доступ.
Я ни на секунду не поверю, что вам на это будет все равно, учитывая еще и "специфику" этих фильмов (вы я думаю поняли о чем именно идет речь).
Для вас это будет концом прежних взаимотношений с бизкими людьми и друзьями. Все поймут вашу истинную сущность.
Вы же понимаете, что на такие извращения у обычных людей просто не бывает времени, да и фантазии тоже!
Вас не поймут....

Я предлагаю договориться по-мирному, то есть за деньги:
Вы переводите мне 50000 рублей (по текущему курсу в биткоинах). Как только вы заплатите, я сразу же удалю всю эту гадость про вас, что я записал и забуду про это.
Я также обещаю вам удалить с ваших устройств все свои программы.

Поверьте, что пустяковая сумма, учитывая сколько я времени потратил на слежку за вами!

Мой биткойн кошелек (BTC): 1HBL4YM6ZGn1AqtbVWaE39PPBPmxnjxoU1

Я вам даю на оплату ровно 50 часов. Если вы не уложитесь, видео с вашим участием мгновенно распространится по всем вашим контактам.

Важная памятка находитя ниже:

Что категорически нельзя делать:
^Пытаться связаться со мной (это невозможно, так как обратный адрес сгенерирован).
^Не обращаться к кому-либо за помощью или советом. Это совершенно лишнее, учитывая всю интимность ситуации с вами, вы себе просто навредите.
^Не выкидывайте и не ломайте свое устройство или компьютер! Напоминаю, что все файлы с видео находятся УЖЕ у меня.

НЕ переживайте о слудующем:
^Что я не увижу вашу транзакцию.
- Даже не задумывайтесь про это. Я полностью вижу что происходит у вас на экране, а вся история ваших действий записывается.
^Что я разошлю видео с вашим участием, даже если вы сделаете мне транзакцию в 50000 рублей.
- Во-первых, Если бы я хотел это сделать я бы уже сделал, во-вторых - зачем? я даже вас не знаю, зачем мне делать вам плохо, при том что свою часть сделки вы выполнили...

Не сосмневайтесь в том, что все будет честно!

Я советую на данный момент проявить благоразумие, так как честь дороже.
А на будущее - используйте более безопасный софт для работы с почтой!

И не тяните с оплатой, я ждать не буду!

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available.

Quick menu:

How to remove malware manually?

Manual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Combo Cleaner Antivirus for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:

malicious process running on user's computer sample

If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:

manual malware removal step 1Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:

screenshot of autoruns application

manual malware removal step 2Restart your computer into Safe Mode:

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.

windows 10 safe mode with networking

Video showing how to start Windows 10 in "Safe Mode with Networking":


manual malware removal step 3Extract the downloaded archive and run the Autoruns.exe file.

extract autoruns.zip and run autoruns.exe

manual malware removal step 4In the Autoruns application, click "Options" at the top and uncheck "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.

Click 'Options' at the top and uncheck 'Hide Empty Locations' and 'Hide Windows Entries' options

manual malware removal step 5Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.

You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".

locate the malware file you want to remove

After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.

searching for malware file on your computer

Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software.

To be sure your computer is free of malware infections, we recommend scanning it with Combo Cleaner Antivirus for Windows.

Click to post a comment

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
possible malware infections QR code
A QR code (Quick Response Code) is a machine-readable code which stores URLs and other information. This code can be read using a camera on a smartphone or a tablet. Scan this QR code to have an easy access removal guide of possible malware infections on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available.