Home / Spyware Help / FormBook Removal Guide

FormBook Removal Guide

by 0 Comments

Do you know what FormBook is?

FormBook appears to be a Trojan that any cyber criminal can purchase, customize, and distribute. It means the threat could be spread through various channels and there might be numerous slightly different versions of it. The bad news is this situation makes it difficult to remove the malware manually because separate versions might install in different locations, create more or fewer files, and so on. This is why we highly suggest eliminating it with a reputable antimalware tool as it would probably be the safest and easiest option. However, if you still wish to try to erase FormBook manually, you could take a look at the removal guide available below the main text, just keep it in mind, completing thee steps may not eliminate this malicious application. For users who would like to get to know this Trojan better first, we advise reading our full report.

The malicious application is designed to steal the victim’s private and sensitive data. To be more precise, FormBook has the ability of keylogging, or in other words, it can record anything you type and then send it to a remote server where the hacker behind the threat could access the stolen information. Besides this, the malware is also able to record the data from the clipboard; steal email, banking account’s, social media profiles’, and other passwords; download and execute new files; shut down the computer, and so on. Clearly, with such abilities the threat might cause a lot of trouble to the user, so if you suspect this malicious application could be on your system it would be best to get rid of it at once. The bad news is the Trojan is designed to work silently and without the user noticing anything, which means it might be difficult to realize it infected the computer.

According to our computer security specialists data belonging to FormBook could be hiding in folders such as %ProgramFiles%, %CommonProgramFiles% %USERPROFILE%, %APPDATA%, and %TEMP%. The Trojan can create subfolders in the mentioned directories too. As for the files, it may place among them; our researchers say they might have random titles or names of legitimate Windows data and even random extensions. Plus, it is possible it could inject legitimate Windows files with its components too, in which case it might target files called audiodg.exe, autofmt.exe, cmd.exe, cmmon32.exe, colorcpl.exe, control.exe, etc. What’s more, to be able to restart with the operating system, FormBook may create entries in locations like HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, and so on.

Lastly, our computer security specialists report the malware could be distributed through whatever channels the cyber criminal who purchases it chooses, for example, the Trojan might travel with fake software or updates, malicious Spam emails, harmful ads, and so on. If you have visited any harmful web pages or downloaded any potentially infected data and have noticed some suspicious behavior or questionable files on the computer we would recommend scanning the system with a reputable antimalware tool. In case it appears to be the system is infected with FormBook, the chosen tool should help you delete its malicious file and clean your computer. The removal guide available below will list steps you could complete to erase the Trojan manually, bus as we said earlier in this particular case it is highly unadvisable.

Erase FormBook

  1. Press Windows Key+R.
  2. Type Regedit and click OK.
  3. Find the following locations:
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  4. Search for suspicious value names belonging to the malicious application.
  5. Right-click such value names separately and press Delete.
  6. Close Registry Editor.
  7. Press Windows Key+E.
  8. Navigate to the following paths:
    %PROGRAMFILES%
    %COMMONPROGRAMFILES%
    %USERPROFILE%
    %APPDATA%
    %TEMP%
  9. Look for suspicious data that could belong to the malware.
  10. Right-click such files and press Delete.
  11. Close File Explorer.
  12. Empty Recycle bin.
  13. Restart the computer.

In non-techie terms:

FormBook is an extremely vicious threat that can steal various passwords, take screenshots, record what the user is typing, download and launch files, or even restart and shut down the computer on its own. This is why it is of vital importance to eliminate it as fast as possible. The problem is detecting or erasing it on your own could be a challenging task. Therefore, we recommend not to take any chances and acquire a reputable antimalware tool if you think such a malicious application might be hiding in your system. All you would need to do is install the tool and run a full system scan. During this, it should locate the malware and other possible threats. Then you should wait for the scanning to end and then press the deletion button to get rid of all identified infections at the same time. In case you would like to try the manual deletion, you should look at the removal guide available above, just do not forget there are no guarantees it will work.