Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel


SLICKSHOES is a vicious Trojan that can be used to infect a targeted system with other malicious applications. To be more precise, researchers noticed that it could be used to drop another Trojan known as Themida. It appears to have many functions that could help hackers perform various tasks. For instance, the threat could copy files available on the infected computer and transfer them to a remote server. This way the malware could gather and steal sensitive data. If you want to know more about the capability of these threats or how they could be spread, we invite you to read our full article. Also, at the end of the text, you can find our removal instructions that show how it could be possible to erase SLICKSHOES manually. Keep in mind that we cannot guarantee that our instructions will work and since it is an extremely dangerous malware, we recommend deleting it while using a reliable antimalware tool.

According to cybersecurity specialists SLICKSHOES might be one of the Trojans that is being used by the North Korean government. There is no information on how this new variant is spread or who could be targeted with it. Truth be told the malware could be spread in various ways. For example, its launcher could be sent to victims via spam emails or other kinds of messages. Such messages might be well written, and it may seem as if they are coming from reliable institutions, colleges, etc. Consequently, it is advisable not to open unexpectedly received files even if they seem to be coming from reliable senders. If you have even a slightest suspicion, is better to scan files before opening them with a reputable antimalware tool. Plus, companies that could be targeted by such Trojans are advised to educate their employees so that they could learn how to recognize malicious messages and files.

Moreover, threats like SLICKSHOES can also enter a system by exploiting its weaknesses, for example, weak passwords, outdated software, or unsecured Remote Desktop Protocol (RDP) connections. Therefore, guarding a system against such malicious applications is a difficult task. First of all, it is advisable to identify all system weaknesses and then remove all of them before hackers get a change to exploit them. Next, it is recommendable to disable printer sharing services and RDP connections. If such connections are needed, specialists recommend securing them by setting up a strong password and adding a second security layer like Two-Factor authentication if it is possible. Last but not least, it is advisable to use reputable antimalware software that could guard devices against various threats.

SLICKSHOES itself does not seem to have a lot of functionality. Apparently, its main task is to drop more malicious applications on a system and as said earlier, one of the threats dropped by it should be a Trojan called Themida. The malware ought to drop it in the following directory %WINDIR%\Web. According to cybersecurity specialists, Themida is a Remote Access Trojan (RAT), which means it can be used to gain remote access to a targeted device. Research revealed that once installed, this malicious application might allow hackers behind it conduct system surveys, upload or download files, execute various commands, and capture the device’s screen. Such functionality makes it possible to monitor infected computers, steal sensitive information, record user activity, and so on. The worst part is that sophisticated threats like SLICKSHOES and Themida are often able to avoid detection. Some of them are even capable of deleting themselves as soon as hackers reach their goal, for example, steal targeted sensitive data.

No doubt, the faster such threats are deleted the less time they will have to cause victims trouble. Thus, if they are detected, it is advisable to remove SLICKSHOES and Themida as soon as possible. The instructions located below show how to remove data from the earlier mentioned location where the Trojan could be storing its data. Unfortunately, we cannot know if this will be enough to remove the malicious application completely. Therefore, instead of deleting SLICKSHOES manually, we advise employing a reliable antimalware tool that could take care of it. The best part is that a reliable antimalware tool should detect Themida and other malicious applications that the Trojan could have dropped on a system too. After a full system scan, the chosen tool should let eliminate all identified threats by pressing its displayed removal button.

Restart your system in Safe Mode with Networking

Windows 8/Windows 10

  1. Tap Win+I for Windows 8 or open the Start menu for Windows 10.
  2. Click the Power button.
  3. Press and hold the Shift key and click Restart.
  4. Choose Troubleshoot and pick Advanced Options.
  5. Select Startup Settings and click Restart.
  6. Press the F5 key and restart the PC.

Windows XP/Windows Vista/Windows 7

  1. Go to Start, pick Shutdown options and click Restart.
  2. Press and hold the F8 key when the computer starts restarting.
  3. Select Safe Mode with Networking from Advanced Boot Options window.
  4. Click Enter and log on to the computer.


  1. Press Win+E.
  2. Check these directories:
  3. Search for the malware’s installer; it could be any recently downloaded or created suspicious file.
  4. Right-click the threat’s launcher and press Delete.
  5. Navigate to: %WINDIR%\Web
  6. Right-click a file called taskenc.exe and press Delete.
  7. Exit File Explorer.
  8. Exit Registry Editor.
  9. Empty Recycle Bin.
Download Spyware Removal Tool to Remove* SLICKSHOES
  • Quick & tested solution for SLICKSHOES removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.