Bad Rabbit Ransomware uses a trojan called windows \ infpub.dat .(You can find our removal guide at the bottom of the article.) Therefore, you need to be aware of the different types of malware and what they can do, what symptoms they can have and how they get distributed throughout the internet. In the following article, we will focus on the infamous Trojan Horse virus type and especially on one of the most recent additions to the Trojan Horse family, namely, a virus known as infpub.dat.
Since you are reading this, there’s high chance that this piece of malicious software has already managed to invade your PC system. If that is indeed your present situation, we can also offer you a guide that has instructions on how to manually uninstall and get rid of the harmful program. Also, if you have any trouble completing the guide, you can always ask for our aid down below in the comments.
What are Trojans capable of?
One main characteristic of a typical Trojan Horse like infpub.dat is its versatility. As long as the malware manages to infect the targeted PC and its file gets executed with Administrator rights, the hacker who’s behind the attack should technically be able to gain almost unlimited control over the infected PC’s system. This means that a Trojan can be used to complete all sorts of tasks depending on what the cyber criminal is actually after. There are several rather commonly implemented uses of this type of malware:
- System damage – Trojans can heavily damage the attacked computer’s system in a number of ways, oftentimes requiring a full reinstall of the Operating System to restore things back to normal. Furthermore, in some instances even reinstalling the OS might not be enough meaning that the machine would be basically rendered unusable after the malware’s attack.
- Mining and spamming – As the hackers takes over the infected machine, they can decide to use the computer’s resources for their personal profit or to further spread the infection. A common example of a how Trojans like infpub.dat can be used is when the targeted PC is tasked with BitCoin mining. Also, some hackers choose to force the infected machine to send out spam e-mails and other forms of web messages in order to spread the virus to more users.
- Backdoor – There is a reason why they call them Trojans. A lot of malware programs which belong to this category are actually used to infect the targeted machine with some other nasty virus. One very common example of such behavior is when Trojans are used to infiltrate the user’s computer and then download a Ransomware virus onto it which would, in turn, go on to encrypt the user’s personal files and ask for a ransom payment in order to make them accessible again.
- Espionage and stalking – a lot of Trojans have a offer a wide arsenal of options for virtual stalking and spying on the targeted victim. For instance, the keylogging method allows the attacker to learn what the user has been typing on their keyboard potentially revealing passwords and usernames to the hacker. Also, Trojans could remotely monitor the screen of the computer and even use the personal webcam to stalk the hacker’s victims.
More uses of Trojan Horse malware are also possible as the ones we mentioned above are only the most frequent and commonly encountered ones.
You need a good antivirus
It is pretty much impossible or at least bloody difficult to detect an infection by infpub.dat or another similar virus by simply looking out for symptoms. The reason for that is because in many cases the signs of the infection might be way too subtle to notice. Sure, sometimes a Trojan might lead to Blue Screen of Death system crashes or frequent errors but this is not always the case. Therefore, having a reliable antivirus is mandatory if you wish to keep your PC safe in future.
Regardless, if you still notice that your PC has been behaving oddly as of late, take the necessary measures and have it checked as as soon as possible in order to catch any potential malware threats in time, before they get the chance to cause any substantial damage.
Stay safe on the Internet
There is no better way to protect your virtual security and privacy than to always be mindful of your interactions with anything that you encounter on the Internet. Hackers typically rely on less-than-careful users to make a mistake and click on the wrong ad or open the wrong e-mail file attachment to get their virus on the unsuspecting victim’s PC. Therefore, you must constantly keep an eye out for anything shady or suspicious and ensure that you avoid it. Never go to or use sites that you cannot trust and always use your common sense while exploring the online world as this is the only way to truly maintain a safe computer with no viruses on it.
Trojan Horse Removal Guide
Within the next guide, you will be given instructions that will help you remove the infpub.dat PC virus from your computer. However, before you start carrying out the following steps, we advise you to bookmark this webpage and have it opened on a separate device nearby (a smartphone,a tablet, another PC, etc.) as some of the steps might require a re-start of the computer.
Step 1: Safe Mode and Hidden files and folders
In order to increase your chances for success, you are advised to boot your PC into Safe Mode and to also reveal the hidden files and folders that are on it. If you don’t know how to do that, here are links to separate guides that can help you: Safe Mode Guide; Hidden Files and Folders Guide.
Step 2: Task Manager
Use the Ctrl+Shift+Esc or the Ctrl+Alt+Delete keyboard combinations to evoke the Task Manager. Now, go to the Processes tab and look for anything that has the infpub.dat name on it. If there’s nothing with that name, look for any processes that use too much RAM, have weird or no description and that generally seem suspicious.
If you find anything, right-click on it and select Open File Location. If you are sure that the process was malicious, delete everything in the file location directory. Then go back to the Task Manager Processes tab and stop the shady process by right-clicking on it and then selecting End Process.
Step 3: Startup
Use the Winkey+R key-combo to evoke Run. In the newly-opened search bar type msconfig and hit the Enter button.
In the new window go to the Startup and look through the startup programs. If you see anything that looks suspicious (for example, has unknown or no manufacturer), remove the tick from its checkbox to disable it on startup and then select OK.
Step 4: Localhost
Type notepad in the Start Menu search bar and open Notepad. Click on File and then on Open. Go to the following folder c:\windows\system32\drivers\etc and open the Hosts file. If nothing appears when you get to the etc folder that can be opened, change the file type from Text documents to All files.
Now look at the bottom of the notepad file and see where it says Localhost. Take a look below that and see if there are any IP addresses there. If there are some IP’s, copy them and send them to us in the comments section down below so that we can determine if they need to be removed.
Step 5: Registry Editor
Re-open Run and type regedit. Hit Enter and once the new window opens, press Ctrl+F. In the search bar, type the name of the virus and click on Find Next. See if anything gets found under the name of the virus and delete the registry keys and folders that come up as results.
However, remember that if you delete the wrong registry key, it might do more harm than good to your PC so if you aren’t sure, you’d better ask us in the comments below about what to do if you find anything inside the Registry Editor.
Step 6: Potentially hazardous data
Open the Start Menu and copy-paste each one of the following locations, one after the other and hit Enter after each so that the folder opens:
Open each folder location and sort the files by date (from newest to oldest). Now, delete the ones that have been created around and after the time your PC got infected. In the Temp folder, delete everything.
Did we help you remove infpub.dat? You need help with any of the steps or you simply want to give us your feedback? Feel free to leave us a comment down below – we highly value the communication with the readers of our content!