IPStorm Removal Guide

Do you know what IPStorm is?

IPStorm, also known as Trojan.IPStorm, is a clandestine infection that connects infected machines to a giant botnet. It has been discovered by our research team that this malware is set by default to collect some basic information about the infected computers, which includes the version of Windows OS, the user’s name, and the user’s administrator status. Unfortunately, beyond that, this malware could be utilized in many different ways, and so it should be viewed as a ticking bomb. Ultimately, it is currently unclear what the purpose of this botnet Trojan is, but, without a doubt, it must be dismantled as quickly as possible. Continue reading this report to learn more about the infection, and check out the guide below is you are interested in removing IPStorm from Windows manually.

It was unveiled that IPStorm was written in Go, which is a programming language designed at Google. Unfortunately, like most good things in life, programming languages can be exploited by cyber criminals too. The name of the infection comes from the InterPlanetary File System (IPFS) that IPStorm uses to control the infected computers. This kind of activity is truly interesting. The infection employs the p2p network of IPFS to hide its own p2p traffic, which can make it invisible. As long as the malicious traffic is hidden, the infection can run without much disturbance. To further ensure that the infection stands strong, it is set to evade detection by antivirus tools by implementing sleep times, memory allocations, and randomized filenames. Unfortunately, if the infection is established successfully, and the victims do not know that they need to remove it, remote attackers can use it to execute any malicious PowerShell code.

It is true that IPStorm is pretty much unpredictable, and with the power to download and upload any file, the attackers behind this malware can be very powerful. Botnets are often used for DDoS (distributed denial of service) attacks, which are meant to disrupt normal traffic of targeted servers. However, they can be employed for mass theft of sensitive data, mass spam attacks, and distribution of malware. The more computers are connected to a botnet, the more powerful that botnet is. Ideally, we would know how IPStorm spreads, so that we could advise you on what to do or not to do, but, at this point, we still have no clue how this malware spreads. That means that you need to patch all security backdoors and build all available security mechanisms to protect your operating system against it.

Implementing reliable and effective anti-malware software is crucial in this situation. Although you might be able to delete IPStorm manually using our guide below, it is possible that other malicious threats already exist on your operating system. Furthermore, you need to think about the future of your system’s security. If you do not want to face new threats, you need to build strong protection, and reliable anti-malware software can take care of that automatically. Obviously, if you choose to clear your system manually, you need to make sure that you educate yourself on virtual security to ensure that your own actions do not invite malicious threats into your vulnerable operating system.

Remove IPStorm

  1. Launch Run by tapping keys Win+R on the keyboard at the same time.
  2. Enter regedit into the dialog box and click OK to launch Registry Editor.
  3. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  4. If you find a {random name} value whose value data points to the %LOCALAPPDATA%\packages\{random name}_{random name}\appdata\{random name}.exe file, right-click and Delete it.
  5. Launch Explorer by tapping keys Win+E on the keyboard at the same time.
  6. Move to %LOCALAPPDATA%\packages\{random}_{random}\appdata\.
  7. Right-click and Delete the malicious {random name}.exe file.
  8. Empty Recycle Bin and then immediately perform a full system scan using a legitimate malware scanner.

In non-techie terms:

IPStorm is a dangerous infection, and you need to protect your Windows operating system against it at all cost. If it manages to slither in and connect your system to a botnet, remote attackers could exploit it in many different ways. Your own system could be used to perform mass spam email attacks or DDoS attacks. Also, attackers could download additional malware files onto your computer. Without a doubt, if a malware scanner has detected the malicious Trojan, you need to remove it as quickly as possible. The guide above shows how to delete IPStorm manually, but our research team strongly recommends installing a legitimate anti-malware program that would find and remove all threats automatically. The most important thing is that this program would secure your operating system against malware attacks in the future.