Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Annoying Pop-up's
  • Connects to the internet without permission
  • Installs itself without permissions
  • Slow Computer
  • Slow internet connection

TrojanSpy:Win64/Ursnif.AF

It is a must to delete TrojanSpy:Win64/Ursnif.AF from the operating Windows system; otherwise, your virtual security will fall at risk and your computer will become paralyzed by various malignant processes. As you can tell by the name of the infection it targets 64-bit Windows systems and it can spy upon your virtual activities. Note that the main task for this malicious infection is to steal your personal data, including passwords, usernames and quite possibly data regarding internet banking. To have TrojanSpy:Win64/Ursnif.AF deleted may be quite a task; however, it is a must to take control over this devious data stealer as soon as possible. So how exactly can you remove the trojan and accompanying files?

The devious trojan comes from a large family of computer infections. Some of the best known variants are TrojanSpy:Win64/Ursnif.A, TrojanSpy:Win64/Ursnif.AE and TrojanSpy:Win64/Ursnif.AS. All of the infections from the Ursnif family are controlled through devious executables; however, in the case of the malicious TrojanSpy:Win64/Ursnif.AF, the files are extraordinarily dangerous. This is due to the fact that many of them use the names of authentic Windows elements, including crss.exe (%WINDIR%), explorer.exe (%WINDIR%), Mouse.exe (%PROGRAMFILES%) and svchost.exe (%WINDIR%). Unfortunately, this means that if you are not an experienced Windows user, having these malicious files deleted manually could be highly difficult.

Even though it may be difficult to remove TrojanSpy:Win64/Ursnif.AF components you have to perform this right away because soon enough your computer and online accounts could be corrupted to spread spyware further. As research shows, all of the aforementioned cloaked files could be employed for a number of different tasks. You should beware of removed access to Task Manager and Registry Editor, disabled Safe Mode, reconfigured firewall and corrupted Windows Security Center. Obviously, these dysfunctions are caused in order to aggravate manual removal tasks. You may also notice that new folders and icons are added to the system and your Start menu. Unfortunately, other symptoms are less notable. For example, the trojan could use NETBIOSOUT protocols to connect to remote servers, and the TCP ports to spy on other systems. Furthermore, it could use your IM and email accounts or even computer USB drives to spread malware.

To remove TrojanSpy:Win64/Ursnif.AF from the computer it is wise to employ automatic spyware detection and removal software. If you proceed manually, it is possible that you will remove the wrong files or miss hidden infections causing further damage. If you wish to return to regular, safe Windows running, delete the trojan immediately and use reputable tools to do so. We recommend using SpyHunter and if you have questions about it – post a comment below.

Download Spyware Removal Tool to Remove* TrojanSpy:Win64/Ursnif.AF
  • Quick & tested solution for TrojanSpy:Win64/Ursnif.AF removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove TrojanSpy:Win64/Ursnif.AF

Files associated with TrojanSpy:Win64/Ursnif.AF infection:

XPize_Logon.exe
ucmbgmodqtk.exe
top1.exe
fltMC.exe
shfusion.exe
Boonty.exe
Hans-To-Hant.cpl
gpTransferListner.exe
HPIEAddOn.dll
Mouse.exe
SmitfraudFix.exe
Lollipop.exe
FantasyFootballBossAuto.exe
mafia2.exe
explorer.exe
Patcher_2.4.exe
Minings.exe
cmdlices64.dll
iehighutil.exe
igfxext.exe
crss.exe
wtlsciilrckdg.exe
jgf.exe
def.exe
winmgr.exe
ssd.dll
svchost.exe
DownloadServer.exe
5A55.exe
klproinstall.exe
winfile.exe
kl.exe
HDDRegenerator 1.71 Keymaker.exe
lollipop_03161418.exe
DisrIbs.dll
switchbot.dll
WinKeyword.exe
e212fb9ecd3e4a48107f2da66c532959.exe
DisrIbs.dll
5ca13f6c9495c07d.exe
Lollipop.exe
lolipop.exe
winfile.exe
lollipop_03161418.exe
HDDRegenerator 1.71 Keymaker.exe
FantasyFootballBossAuto.exe
SmitfraudFix.exe
klproinstall.exe
def.exe
mafia2.exe
cmdlices64.dll
WinKeyword.exe
top1.exe
winmgr.exe
svchost.exe
Minings.exe
explorer.exe
{251D6641-2103-0713-3D36-3D014F000C0F}.exe
Mouse.exe
skype.dat
e212fb9ecd3e4a48107f2da66c532959.exe
vmnethcp.exe
shfusion.exe
ff.exe
wtlsciilrckdg.exe
5A55.exe
ucmbgmodqtk.exe
Patcher_2.4.exe
iehighutil.exe
gpTransferListner.exe
switchbot.dll
crss.exe
Boonty.exe
fltMC.exe
Hans-To-Hant.cpl
igfxext.exe
jgf.exe
HPIEAddOn.dll
DownloadServer.exe
kl.exe
XPize_Logon.exe
gamexl.exe
{251D6641-2103-0713-3D36-3D014F000C0F}.exe
skype.dat
lolipop.exe
gamexl.exe
5ca13f6c9495c07d.exe
ff.exe

TrojanSpy:Win64/Ursnif.AF DLL's to remove:

DisrIbs.dll
cmdlices64.dll
switchbot.dll
HPIEAddOn.dll
HPIEAddOn.dll
DisrIbs.dll
switchbot.dll
ssd.dll
cmdlices64.dll

TrojanSpy:Win64/Ursnif.AF processes to kill:

explorer.exe
XPize_Logon.exe
gpTransferListner.exe
wtlsciilrckdg.exe
winfile.exe
Mouse.exe
e212fb9ecd3e4a48107f2da66c532959.exe
winmgr.exe
5ca13f6c9495c07d.exe
fltMC.exe
iehighutil.exe
klproinstall.exe
5ca13f6c9495c07d.exe
Lollipop.exe
lolipop.exe
winfile.exe
lollipop_03161418.exe
HDDRegenerator 1.71 Keymaker.exe
FantasyFootballBossAuto.exe
SmitfraudFix.exe
klproinstall.exe
def.exe
mafia2.exe
WinKeyword.exe
top1.exe
winmgr.exe
svchost.exe
Minings.exe
explorer.exe
{251D6641-2103-0713-3D36-3D014F000C0F}.exe
Mouse.exe
e212fb9ecd3e4a48107f2da66c532959.exe
vmnethcp.exe
shfusion.exe
ff.exe
wtlsciilrckdg.exe
5A55.exe
ucmbgmodqtk.exe
Patcher_2.4.exe
iehighutil.exe
gpTransferListner.exe
crss.exe
Boonty.exe
fltMC.exe
igfxext.exe
jgf.exe
DownloadServer.exe
kl.exe
XPize_Logon.exe
gamexl.exe
kl.exe
mafia2.exe
5A55.exe
Lollipop.exe
igfxext.exe
lolipop.exe
Boonty.exe
ucmbgmodqtk.exe
lollipop_03161418.exe
def.exe
svchost.exe
top1.exe
{251D6641-2103-0713-3D36-3D014F000C0F}.exe
crss.exe
gamexl.exe
shfusion.exe
HDDRegenerator 1.71 Keymaker.exe
DownloadServer.exe
jgf.exe
FantasyFootballBossAuto.exe
SmitfraudFix.exe
WinKeyword.exe
Patcher_2.4.exe
ff.exe
Minings.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.